New issue 'Client is starting please wait'

serversurfer · July 25, 2024, 3:45pm

Hi all, I'm having an issue with my client router today and was hoping to get some help.

Setup: I have a Brume 2 server set up at home and a Beryl AX travel router I use to connect to it via WireGuard. I set it up according to the instructions for creating a home VPN server and it's been working great the past three weeks. I set up port forwarding for the home server, and I set up the travel router as a repeater for the wifi network at my given location away from home.

Problem: Today, I noticed the internet was not working when using the travel router. Going into the settings, I see the message 'Client is starting, please wait...' but it does not resolve.

Logs:

Thu Jul 25 09:59:29 2024 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
Thu Jul 25 09:59:29 2024 daemon.notice netifd: Interface 'wgclient' is now down
Thu Jul 25 09:59:29 2024 daemon.notice netifd: Interface 'wgclient' is setting up now
Thu Jul 25 09:59:29 2024 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Thu Jul 25 10:01:14 2024 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
Thu Jul 25 10:01:15 2024 daemon.notice netifd: Interface 'wgclient' is now down
Thu Jul 25 10:01:15 2024 daemon.notice netifd: Interface 'wgclient' is setting up now
Thu Jul 25 10:01:15 2024 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Thu Jul 25 10:03:00 2024 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
Thu Jul 25 10:03:00 2024 daemon.notice netifd: Interface 'wgclient' is now down
Thu Jul 25 10:03:00 2024 daemon.notice netifd: Interface 'wgclient' is setting up now
Thu Jul 25 10:03:00 2024 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Thu Jul 25 10:04:46 2024 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
Thu Jul 25 10:04:46 2024 daemon.notice netifd: Interface 'wgclient' is now down
Thu Jul 25 10:04:46 2024 daemon.notice netifd: Interface 'wgclient' is setting up now
Thu Jul 25 10:04:46 2024 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Thu Jul 25 10:06:32 2024 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
Thu Jul 25 10:06:32 2024 daemon.notice netifd: Interface 'wgclient' is now down
Thu Jul 25 10:06:32 2024 daemon.notice netifd: Interface 'wgclient' is setting up now
Thu Jul 25 10:06:32 2024 user.notice firewall: Reloading firewall due to ifdown of wgclient ()

If anyone can assist, I'd be very appreciative. Thank you for your time.

admon · July 25, 2024, 3:48pm

Troubleshooting WireGuard is mostly impossible because it's a protocol without much place for debugging. So it either works or it does not.

Check How to troubleshoot WireGuard for some common tips.

serversurfer · July 25, 2024, 4:20pm

Thanks for your response. Are you saying the issue is the WireGuard itself? I'm not really sure what that would mean.

The server and client were working perfectly for a few weeks until today so something must have changed, although I didn't adjust any settings. When I was setting up the server, I tested it using the WireGuard app on my phone. That worked initially, for maybe about a week, but then stopped working. So for some period, the tunnel was working with my travel router but not using the WireGuard app on my phone.

The only things I can think of are possible issues with port forwarding or DDNS but I was careful to set those up in a manner that seemed correct.

admon · July 25, 2024, 4:32pm

Pretty sure the issue is either

DDNS wrong (not updated)
Port forwarding not working (maybe blocked by ISP)
WireGuard server disabled (maybe router died?)

serversurfer · July 26, 2024, 1:22am

I managed to fix the issue for now. Here's what happened:

Setup: Brume 2 server connected via ethernet to my home ISP router.
Issue: VPN stopped working for both my travel router (Beryl) and phone clients.
Cause identified: Brume 2's local IP changed from X to Y, breaking the port forwarding rule on my original home ISP router.
Fix applied: Updated port forwarding settings on home ISP router to match Brume 2's new IP.
Additional action: Enabled DDNS when creating new client config files.

Questions:

Will creating config files with DDNS enabled prevent future issues if the Brume 2's local IP changes again?
Are there additional steps I should take to ensure stable connectivity?

I'm primarily concerned with preventing the port forwarding rule from breaking again due to IP changes.

admon · July 26, 2024, 3:10am

No.

You need to make sure that the local IP does not change. Either by setting a DHCP reservation on the upper router or by setting a static IP.