Issue with Wireguard client and Dynamic DNS

Find yourself a copy of reresolve-dns from wireguard-tools and run it every handful of minutes in the Opal. It should fix your problems. Do not wait any longer.

@Barfoo, I believe iOS and persistent keepalive aren’t relevant for @riyas

Hi, do you know where I can find a version of reresolve-dns that works on openwrt? I did found one for Linux
Here
which returns
shopt not found
And I did not find a way to install shopt on openwrt

The original reresolve-dns is a bash script. I’ve no idea if you can fit bash in the Opal. If you cannot, try to use this openwrt/wireguard_watchdog at master · openwrt/openwrt · GitHub . @alzhao said it doesn’t work and I do remember having to tweak it for it to work in my Beryl, but that was a while ago.

It is anyway pretty straightforward if you know a bit of scripting: check all endpoints that in the configuration are not an IP address and periodically re-resolve them if the last handshake was too long ago (e.g. a minute or two).

Maybe I am a bit naive in thinking Gl-inet could provide a working version since they advertise their products working with Wireguard and ddns at the same time :innocent:
I cannot write it myself - but I confirm watchdog is not working on glinet, as I wrote in my first post on this thread - while it is reported working on other forums of openwrt.
So maybe the most elegant solution would be for glinet to build something that “makes it work” and ship it with the tools package - so we will be sure to survive upgrades, and work with “standard” Wireguard tools scripts, especially since the new functions of Wireguard that will ship with the next release…

Yeah, they already acknowledged it has some bugs in 3.x and 4.x will be much better. I was just trying to help you out :man_shrugging:

wireguard_watchdog should take relatively little to adapt (it is just because Gl-inet implemented Wireguard differently than OpenWRT), but unfortunately I do not have a 3.x version at the moment, so I cannot help you much more…

My experience (with 3.215) on a mango router is that wireguard_watchdog doesn’t work. The ubus command in it doesn’t return anything.

The router at that point (when the wireguard connection is down) is unable to even resolve DNS names - presumably since the DNS server at 127.0.0.1 expects to use the tunnel.

Not even manually running wg set wg0 peer ... with the current IP address of the other side works.

Powercycling, or aborting and reconnecting through the web interface works - could anybody share how to find out quickly what commands I need to run in a cronjob to achieve the same effect of abort+reconnecting?

I have not personally tested this, but you can try running the following in cron:

/etc/init.d/wireguard stop
sleep 5
/etc/init.d/wireguard start

Hi,

As I couldn’t wait firmware 4.x for Opal, I bought a new Slate AX with version 4.1. But unfortunately the issue is still there even with version 4.1. Do you have any update regarding this bug ?

Do you mean when ddns changes IP address, wiregaurd does not reconnect?

Yes, the issue was there with Opal in version 3.x. You told me that the version 4 is not impacted. So bought a new Slate AXT1800 in version 4.1.0. But if the ip address change at remote server, wireguard doesn’t work anymore. It’s in Abort status.

Yes. I remember.

I will check and come back.

Hi, could you show the screenshot with Abort status in version 4.1.0. also export log please. @riyas
I tested when the server domain change ip, after awhile of the following picture status, it will finally get connected.

1 Like

Finally, the workaround /usr/bin/wireguard_watchdog works with version 4.1.0. It wasn’t working in version 3.1.2.

So with version 4.1.0 it’s working. :slight_smile:

Oh, I don’t use wireguard_watchdog on axt1800 4.1.0 release, and it will reconnect successfully after the server update IP.

Unfortunately, it wasn’t working for me after waiting more than an hour. Had to disconnect and reconnect again. With wireguard_watchdog, it works straight away

3 Likes