I have a problem with Wireguard client and Dynamic IP change.
I will try to explain clearly:
I have a Wireguard server in India (Installed on a raspberry Pi for several months without any problem)
I use a GL.inet opal as wireguard client in France.
In India, I have a dynamic IP address. It changes every day around 23:30 (CEST). For DDNS, I use Duckdns. It works very well. My wireguard configuration uses the DDNS address.
But I noticed that every day at 23:30 (when the IP address changes), my Opal loses the connection. It is may be normal. But it can’t connect again. It stays in “Abort” status. If I try with the same wireguard configuration with my PC and phone, I can connect and I see that my machine can get the new IP address. But Opal can’t do that. I tried to reconnect several times but it doesn’t go further than “Abort”. I restarted my Opal but still the same problem. I even left it for 10 hours thinking that it will manage to reconnect but without success.
Finally I found a workaround but it’s very annoying. I have to delete the profile and recopy the same Wireguard client profile. And then it manages to connect right away until the next IP address change. Doing this every day is not really a solution. I need to know why Opal can’t connect to my DDNS address if I don’t delete and recopy the profile.
Please tell me if there is another easier workaround.
I just found this option under VPN policies : “Use VPN for all processes on the router.” Maybe the issue is because of this option. So I just enabled VPN policies and disabled only this option: Use VPN for all process on the router. Other than that, I left eveything as it is.
Let’s see. I will check tomorrow night (when the IP will change) if the issue is solved or not.
It shouldn’t be, but for me it looks like a DNS caching issue.
As it is much harder to analyze it on a phone, I would at first prefere to stay on the PC.
Just perform a host [your ddns]. There should be a IP showing up.
lupus@zoe:~$ host opal01.mydomain.net
opal01.mydomain.net is an alias for hostname.somedyndns.net.
hostname.somydyndns.net has address xxx.xxx.xxx.xxx
(In my case I’ve got a CNAME between my domain and different DDNS. So I can switch to opal02.mydomain.net, if connection to dyndns opal01 is not working. Just a little hint for your topic, too)
Than, after 23:30h, do this again … Is the IP is changing?
If not: Clear your DNS cache (ipconfig /flushdns)
If yes: I have no idea right now. Maybe change DNS to a much more often updating server?
Actually the issue is not with my DDNS service. The new ip is updated very quickly. I am able to check it by connecting to the same wireguard server from my PC.
After disabling this service “Use VPN for all processes on the router”, the issue is still there. VPN goes from Connected to Abort Status. But this time I just don’t need to delete and recopy the profile. I just need click on Abort and Connect: It works. But I don’t understand why it’s not auto connecting to the server.
Did you try to configure the Wireguard client configuration with luci?
Under Advanced you can configure many more things…
gl.net Management is great and really easy… .but when you are stuck in a problem its worht to take a look under the hood and configure the wireguard client directly…
Maybe this will solve your problem… sounds to me like an update failure in that binary part of gl-software with mwan …
I think I wrote too fast last time. Today, I couldn’t connect by clicking on Abort and Connect. I had too delete and recopy the same profile again. Then it works
@jerkball, I didn’t. I’ll try. I don’t know about OpenWrt. But I bought gl.inet for it’s user friendly and easy configuration method. Hope that gl.inet will solve this issue.
I’ve contacted Gl.inet support. According to them, it’s a bug and they’ll contact the R&D team for a fix.
For information, I’ve tried with OpenVPN Client. Openvpn is able to notice the IP change and reconnect automatically after 2 or 3 minutes. So the issue is only with Wireguard.
Go to LuCI → System → Startup and make sure that “cron” Initscript is Enabled. If not, then Enable and Start it.
Go to LuCI → System → Scheduled Tasks, then enter and save the line - * * * * * /usr/bin/wireguard_watchdog
Go back to LuCI → System → Startup and Restart cron, or just reboot the router
Here is the header comments in the script:
# SPDX-License-Identifier: GPL-2.0
#
# Copyright (C) 2018 Aleksandr V. Piskunov <aleksandr.v.piskunov@gmail.com>.
# Copyright (C) 2015-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
#
# This watchdog script tries to re-resolve hostnames for inactive WireGuard peers.
# Use it for peers with a frequently changing dynamic IP.
# persistent_keepalive must be set, recommended value is 25 seconds.
#
# Run this script from cron every minute:
# echo '* * * * * /usr/bin/wireguard_watchdog' >> /etc/crontabs/root
Hopefully, this issue with be resolved quickly. For your information, watchdog script also is not really helpful for me. As I told before, sometimes (every 2nd or 3rd reconnections), my opal is stuck with Abort status. Even if I click on Abort and connect again, it won’t go further.
So tried the watchdog method suggested by @wcs2228, unfortunately, it was stuck in Abort status. I had to remove and recopy the same profile again.
Do you have any ETA for Firmware 4.x beta ? Apart from this issue, I really like your product. I already bought 4 devices for my family
Since the DNS changes regularly at 23:30, another option is to shut down the router a few minutes before and to start up the router a few minutes afterwards. This can be done with an inexpensive smart plug (e.g., I have a few TP-Link HS103 for $10-$15 each).
WireGuard should reconnect automatically on reboot and hopefully pick up the new DDNS IP address.
Yes, you are correct. It can be a solution. But in India, they have a regular power failure during the day. They have a power backup system but the modem will lose the connection for 30 seconds. And after 30 seconds, the IP address is changed.
Unfortunately, the best solution for me would be the fix promised by the R&D team. They told me that the ETA is around 10 days. So I am waiting
Watchdog seems to not work with latest stable. An iOS peer with persistent keepalive config fails to connect. Running the code in CLI gives: root@GL-AX1800:~# /usr/bin/wireguard_watchdog jsonfilter: unrecognized option: a
Not even a full /etc/init.d/network restart
works.
I have to power off and on the router, then stop and start the Wireguard server from the glinet UI (not LUCI).
I am behind NAT with DDNS and no issues besides this one.
