I can’t get a VPN split tunnel (either Wireguard or OpenVPN) to maintain a steady connection over 4G. When I set the modem to send all traffic through the VPN, there is a stable connection. When I set the modem to let all traffic bypass the VPN (but still have the VPN active), there is a stable connection. When I set the modem to send only the “guest” network traffic over VPN, the 4G connection will frequently restart.
I have tried setting up the VPN split tunnel using the stock GL software (firmware 3.104) with this method. I have also tried setting it up using LUCI with this method.
Additionally, I have tried disabling MWAN3 because I thought maybe the ping was being routed through the VPN and was causing MWAN3 to restart the modem interface. I’ve also tried manually overriding the DNS settings (via the GL menu) with cloudflare DNS servers.
The only other setting I have changed on the firmware is adding the following rule to the firewall: iptables -t mangle -I POSTROUTING -o wwan0 -j TTL --ttl-set 64
I’ve tried the setup without the firewall rule and have experienced similar results though. The whole point of this setup is to be able to have two WiFi networks, one that routes directly to the internet, and the other that routes through a VPN (in order to bypass video throttling restrictions). This way, non-streaming devices such as game-consoles and computers can connect to the non-VPN network and video streaming devices such as smart-TVs can connect to the VPN network.
This is an urgent matter as I need to be able to ship out 50 X750 units with this sort of configuration to customers within the next week.
If anybody can help me with this, please let me know. I can accommodate live troubleshooting (regardless of timezone).
Update: I just downloaded firmware 3.105 and I’m having the same issue. This is a section of the system log. It seems to repeat itself every few minutes.
Thu Oct 15 23:34:18 2020 daemon.notice netifd: modem_1_1_2 (13636): Stopping network modem_1_1_2
Thu Oct 15 23:34:19 2020 daemon.notice netifd: modem_1_1_2_4 (4827): udhcpc: received SIGTERM
Thu Oct 15 23:34:19 2020 daemon.notice netifd: Interface 'modem_1_1_2_4' is now down
Thu Oct 15 23:34:19 2020 daemon.notice netifd: Network alias '' link is down
Thu Oct 15 23:34:19 2020 daemon.notice netifd: Interface 'modem_1_1_2_4' has link connectivity loss
Thu Oct 15 23:34:19 2020 daemon.notice netifd: Interface 'modem_1_1_2_4' is disabled
Thu Oct 15 23:34:19 2020 daemon.notice netifd: modem_1_1_2 (13636): "No effect"
Thu Oct 15 23:34:19 2020 daemon.notice netifd: modem_1_1_2 (13636): Command failed: Permission denied
Thu Oct 15 23:34:19 2020 daemon.notice netifd: Interface 'modem_1_1_2' is now down
Thu Oct 15 23:34:19 2020 daemon.err gl_monitor[4919]: killall: uqmi: no process killed
Thu Oct 15 23:34:19 2020 daemon.notice netifd: Interface 'modem_1_1_2' is setting up now
Thu Oct 15 23:34:19 2020 user.notice root: modem_1_1_2 real ip miss
Thu Oct 15 23:34:21 2020 daemon.notice netifd: modem_1_1_2 (13727): cat: can't open '/tmp/modem.1-1.2/signal': No such file or directory
Thu Oct 15 23:34:21 2020 daemon.notice netifd: modem_1_1_2 (13727): "No effect"
Thu Oct 15 23:34:22 2020 daemon.notice netifd: modem_1_1_2 (13727): Waiting for network registration
Thu Oct 15 23:34:22 2020 daemon.notice netifd: modem_1_1_2 (13727): Starting network modem_1_1_2
Thu Oct 15 23:34:22 2020 daemon.notice netifd: modem_1_1_2 (13727): Setting up wwan0
Thu Oct 15 23:34:22 2020 daemon.notice netifd: Interface 'modem_1_1_2' is now up
Thu Oct 15 23:34:22 2020 daemon.notice netifd: Network device 'wwan0' link is up
Thu Oct 15 23:34:22 2020 daemon.notice netifd: Network alias 'wwan0' link is up
Thu Oct 15 23:34:22 2020 daemon.notice netifd: Interface 'modem_1_1_2_4' is enabled
Thu Oct 15 23:34:22 2020 daemon.notice netifd: Interface 'modem_1_1_2_4' has link connectivity
Thu Oct 15 23:34:22 2020 daemon.notice netifd: Interface 'modem_1_1_2_4' is setting up now
Thu Oct 15 23:34:23 2020 daemon.notice netifd: modem_1_1_2_4 (14057): udhcpc: started, v1.28.3
Thu Oct 15 23:34:23 2020 daemon.notice netifd: modem_1_1_2_4 (14057): udhcpc: sending discover
Thu Oct 15 23:34:23 2020 daemon.notice netifd: modem_1_1_2_4 (14057): udhcpc: sending select for 100.70.104.119
Thu Oct 15 23:34:23 2020 daemon.notice netifd: modem_1_1_2_4 (14057): udhcpc: lease of 100.70.104.119 obtained, lease time 7200
Thu Oct 15 23:34:23 2020 daemon.notice netifd: Interface 'modem_1_1_2_4' is now up
Thu Oct 15 23:34:32 2020 user.notice firewall: Reloading firewall due to ifup of modem_1_1_2 (wwan0)
Thu Oct 15 23:37:29 2020 daemon.notice netifd: modem_1_1_2 (20078): Stopping network modem_1_1_2
Also, if I don’t intervene, the Wireguard connection usually won’t reconnect after the modem interface goes down, even after the modem interface comes back up. Restarting the modem or aborting the wireguard connection manually and starting it again both re-establish the connection without problem.
Why do you think this problem is occurring? Like I mentioned, if I route all traffic through the VPN, the 4G connection is stable. If I initiated the VPN and let all LAN originating traffic bypass it, the connection is also stable. The connection is only unstable when I try to send some LAN originating traffic through the VPN and let some bypass it. I’ve tested this on multiple X750 modems with multiple firmware versions. I’ve also tested it using 3rd party OpenVPN servers, as well as my own privately hosted Wireguard and OpenVPN servers.
Could there be something that is not matching up in the packets sent through the VPN and the packets bypassing the VPN that the cellular carrier is noticing?