Issue with Wireguard client and Dynamic DNS


I have a problem with Wireguard client and Dynamic IP change.

I will try to explain clearly:

I have a Wireguard server in India (Installed on a raspberry Pi for several months without any problem)

I use a GL.inet opal as wireguard client in France.

In India, I have a dynamic IP address. It changes every day around 23:30 (CEST). For DDNS, I use Duckdns. It works very well. My wireguard configuration uses the DDNS address.

But I noticed that every day at 23:30 (when the IP address changes), my Opal loses the connection. It is may be normal. But it can’t connect again. It stays in “Abort” status. If I try with the same wireguard configuration with my PC and phone, I can connect and I see that my machine can get the new IP address. But Opal can’t do that. I tried to reconnect several times but it doesn’t go further than “Abort”. I restarted my Opal but still the same problem. I even left it for 10 hours thinking that it will manage to reconnect but without success.

Finally I found a workaround but it’s very annoying. I have to delete the profile and recopy the same Wireguard client profile. And then it manages to connect right away until the next IP address change. Doing this every day is not really a solution. I need to know why Opal can’t connect to my DDNS address if I don’t delete and recopy the profile.

Please tell me if there is another easier workaround.

Thanks in advance

I just found this option under VPN policies : “Use VPN for all processes on the router.” Maybe the issue is because of this option. So I just enabled VPN policies and disabled only this option: Use VPN for all process on the router. Other than that, I left eveything as it is.

Let’s see. I will check tomorrow night (when the IP will change) if the issue is solved or not.

It shouldn’t be, but for me it looks like a DNS caching issue.
As it is much harder to analyze it on a phone, I would at first prefere to stay on the PC.

Just perform a host [your ddns]. There should be a IP showing up.

lupus@zoe:~$ host is an alias for has address

(In my case I’ve got a CNAME between my domain and different DDNS. So I can switch to, if connection to dyndns opal01 is not working. Just a little hint for your topic, too)

Than, after 23:30h, do this again … Is the IP is changing?

  • If not: Clear your DNS cache (ipconfig /flushdns)
  • If yes: I have no idea right now. Maybe change DNS to a much more often updating server?

Just a start.

Actually the issue is not with my DDNS service. The new ip is updated very quickly. I am able to check it by connecting to the same wireguard server from my PC.

After disabling this service “Use VPN for all processes on the router”, the issue is still there. VPN goes from Connected to Abort Status. But this time I just don’t need to delete and recopy the profile. I just need click on Abort and Connect: It works. But I don’t understand why it’s not auto connecting to the server.

Did you try to configure the Wireguard client configuration with luci?

Under Advanced you can configure many more things… Management is great and really easy… .but when you are stuck in a problem its worht to take a look under the hood and configure the wireguard client directly…

Maybe this will solve your problem… sounds to me like an update failure in that binary part of gl-software with mwan …

I think I wrote too fast last time. Today, I couldn’t connect by clicking on Abort and Connect. I had too delete and recopy the same profile again. Then it works

@jerkball, I didn’t. I’ll try. I don’t know about OpenWrt. But I bought gl.inet for it’s user friendly and easy configuration method. Hope that gl.inet will solve this issue.

But you are right. I’ll try the luci method.

It’s definetly the mix out of user friendlyness and being able to advance things up…

That makes these devices really great :slight_smile:

Tried Luci. Configured wireguard by following this tutorial: OpenWRT - Configure Wireguard Client - YouTube

Wireguard is connected:

Persistent Keepalive: 25s
Latest Handshake: Mon, 13 Jun 2022 19:21:20 GMT (1m ago)
Data Received: 1 MiB
Data Transmitted: 725 KiB

Even mentions my VPN IP address. So the connection is working.

But unfortunately my PC connected to Opal via ethernet cable or Wifi is not routed through VPN. I am new to openwrt. I don’t know what’s wrong.

Did you set allowed_ips to ?

That routes every packet through the wireguard tunnel…

Yes, allowed_ips setting is and I am routing all my traffic through vpn. I don’t understand why my traffic is not going through vpn.

I’ve contacted Gl.inet support. According to them, it’s a bug and they’ll contact the R&D team for a fix.

For information, I’ve tried with OpenVPN Client. Openvpn is able to notice the IP change and reconnect automatically after 2 or 3 minutes. So the issue is only with Wireguard.

Until GL.iNet can provide a permanent fix, you can run the /usr/bin/wireguard_watchdog script every minute in cron:

I do not work for and I do not have formal association with GL.iNet

Hi @wcs2228 I would love to try this solution. In order to run this script, I think I have to run it via SSH. Correct ?

From SSH, I don’t know which command I need to execute to run this script. Do you have any idea ? Thanks.

You can set up cron to run the script in LuCI:

  1. Go to LuCI → System → Startup and make sure that “cron” Initscript is Enabled. If not, then Enable and Start it.

  2. Go to LuCI → System → Scheduled Tasks, then enter and save the line -
    * * * * * /usr/bin/wireguard_watchdog

  3. Go back to LuCI → System → Startup and Restart cron, or just reboot the router

Here is the header comments in the script:

# SPDX-License-Identifier: GPL-2.0
# Copyright (C) 2018 Aleksandr V. Piskunov <>.
# Copyright (C) 2015-2018 Jason A. Donenfeld <>. All Rights Reserved.
# This watchdog script tries to re-resolve hostnames for inactive WireGuard peers.
# Use it for peers with a frequently changing dynamic IP.
# persistent_keepalive must be set, recommended value is 25 seconds.
# Run this script from cron every minute:
# echo '* * * * * /usr/bin/wireguard_watchdog' >> /etc/crontabs/root

@wcs2228 thank you very much. I just configured it. I’ll wait for next ip change to check whether it works or not. Thanks again

In the current firmware 3.x, Wireguard does not work with ddns change.

The router can actually deal with ddns change, but unfortunately Wireguard itself does not.

This should be resolved in firmware 4.x because the way we manage Wireguard is changed. Now you can use some watchdog scripts to monitor and reconect.

Hopefully, this issue with be resolved quickly. For your information, watchdog script also is not really helpful for me. As I told before, sometimes (every 2nd or 3rd reconnections), my opal is stuck with Abort status. Even if I click on Abort and connect again, it won’t go further.

So tried the watchdog method suggested by @wcs2228, unfortunately, it was stuck in Abort status. I had to remove and recopy the same profile again.

Do you have any ETA for Firmware 4.x beta ? Apart from this issue, I really like your product. I already bought 4 devices for my family :slight_smile:


Since the DNS changes regularly at 23:30, another option is to shut down the router a few minutes before and to start up the router a few minutes afterwards. This can be done with an inexpensive smart plug (e.g., I have a few TP-Link HS103 for $10-$15 each).

WireGuard should reconnect automatically on reboot and hopefully pick up the new DDNS IP address.

Yes, you are correct. It can be a solution. But in India, they have a regular power failure during the day. They have a power backup system but the modem will lose the connection for 30 seconds. And after 30 seconds, the IP address is changed.

Unfortunately, the best solution for me would be the fix promised by the R&D team. They told me that the ETA is around 10 days. So I am waiting :slight_smile:

Thanks again for your help.

Watchdog seems to not work with latest stable. An iOS peer with persistent keepalive config fails to connect. Running the code in CLI gives:
root@GL-AX1800:~# /usr/bin/wireguard_watchdog jsonfilter: unrecognized option: a

Not even a full
/etc/init.d/network restart
I have to power off and on the router, then stop and start the Wireguard server from the glinet UI (not LUCI).
I am behind NAT with DDNS and no issues besides this one.