I have a Mango in a remote location (location A) configured as a WireGuard server. It works fine and I can VPN to it (from location B half the way across the planet).
However, every now and then it goes haywire and tries to connect back to where I initiated the VPN call (location B) over UDP port 26373.
It tries multiple times over one minute. I can see the flows blocked by my Firewalla router (in location B). I know that it’s the Mango because I was at location A and turned it off and the pounding stopped. It also stops if I reboot it (remotely).
Anyone knows why this is happening? Why is it trying to go through my router where I initiated the VPN call (from my iPad) using the WireGuard iPadOS app?
Is this ‘pounding’ sent from the WG Server (Mango) occurring every 25 seconds?
Yes from the Mango WireGuard Server.
Not sure if it’s every 25 seconds, it varies (on the screenshot it shows different counts).
Okay, here’s the presumption I’m operating under: I think your Mango is somehow getting hung up on your WG Client device (herein referred to as client). It may be caching on the initial IP of the client.
(The thing is about WG is that there is no master/slave or server/client paradigm. It’s all peer to peer. I agree w/ GL it’s much easier to grasp the traditional server/client concept though.)
Can you SSH into your Mango? I’d like to take a look at some of the confs & other related commands. The GL GUI isn’t exactly the most specific when it comes to some WG details.
See References & Resources in the following thread:
That’s very interesting. I think you’re onto something here. But I’m confused by the UDP port it tries. When it happens next time I’ll check if the port changes or remains the same.
I’ve never tried to SSH into any of my GL routers (I have a Beryl AX too). I’d rather do it when I’m physically there in case I mess up something (don’t want to risk losing my current remote access if I screw up). But it’s going to be sometime before I go to the Mango location. I’ll update when I’m able to do so. In the meantime I can reboot remotely if it becomes too annoying
Thanks again for your thoughts and input.
You can try mango 4.3.6 firmware as a wireguard server. It won’t generate handshake initiation packets which may solve your issue.
My pleasure. Consider setting up GL’s free GoodCloud remote management service too; it’ll let you SSH in from a web based service: