ProtonVPN config crashing Wireguard client

I am using both Mullvad and ProtonVPN on my routers (MT2500, AXT1800 and MT3000) running 4.2.3 release 5.
Recently I have noticed that my ProtonVPN configs were basically crashing the wireguard client, it’s easily done by just running a Speedtest using the app that will then freeze, and the wireguard client will crash and also affect the LAN client. Only way is to reselect another config (while accessing remotely the router via the WAN). Sometimes just have to restart it
The issue is NOT happening with Mullvad configs whatever traffic, speedtest etc…
Not sure if it has to do with the FW upgrades or changes at Proton etc…

Hereunder my VPN log from Glinet GUI:
Sat Aug 5 17:30:48 2023 daemon.notice netifd: Interface ‘wgclient’ has lost the connection
Sat Aug 5 17:30:48 2023 user.notice mwan3[16878]: Execute ifdown event on interface wgclient (unknown)
Sat Aug 5 17:30:49 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Sat Aug 5 17:30:51 2023 daemon.notice netifd: Network device ‘wgclient’ link is down
Sat Aug 5 17:30:51 2023 daemon.notice netifd: wgclient (17403): sh: 1: unknown operand
Sat Aug 5 17:30:51 2023 daemon.notice netifd: Interface ‘wgclient’ is now down
Sat Aug 5 17:30:51 2023 daemon.notice netifd: Interface ‘wgclient’ is setting up now
Sat Aug 5 17:30:51 2023 user.notice mwan3[17582]: Execute ifdown event on interface wgclient (unknown)
Sat Aug 5 17:30:52 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Sat Aug 5 17:32:34 2023 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=2 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
Sat Aug 5 17:32:37 2023 daemon.notice netifd: wgclient (22833): RTNETLINK answers: No such process
Sat Aug 5 17:32:38 2023 daemon.notice netifd: Interface ‘wgclient’ is now down
Sat Aug 5 17:32:38 2023 daemon.notice netifd: Interface ‘wgclient’ is setting up now
Sat Aug 5 17:32:38 2023 user.notice mwan3[22869]: Execute ifdown event on interface wgclient (unknown)
Sat Aug 5 17:32:39 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()

Hereunder my system log from LUCI:

Sat Aug 5 17:30:51 2023 user.notice mwan3[17582]: Execute ifdown event on interface wgclient (unknown)
Sat Aug 5 17:30:52 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Sat Aug 5 17:30:53 2023 user.notice route_policy: default_policy=1 domain_list=iplocation.com primevideo.com aiv-cdn.net amazonvideo.com atv-ext.amazon.com atv-ext-eu.amazon.com atv-ext-fe.amazon.com atv-ps.amazon.com atv-ps-eu.amazon.com atv-ps-eu.amazon.co.uk atv-ps-fe.amazon.co.jp atv-ps-fe.amazon.com pv-cdn.net flxvpn.net netflix.ca netflix.com netflix.com.au netflixdnstest10.com netflixdnstest1.com netflixdnstest2.com netflixdnstest3.com netflixdnstest4.com netflixdnstest5.com netflixdnstest6.com netflixdnstest7.com netflixdnstest8.com netflixdnstest9.com netflixinvestor.com netflix.net netflixstudios.com netflixtechblog.com nflxext.com nflximg.com nflximg.net nflxso.net nflxvideo.net cdn.nflxvideo.net dns_via=
Sat Aug 5 17:32:34 2023 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=2 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
Sat Aug 5 17:32:37 2023 daemon.notice netifd: wgclient (22833): RTNETLINK answers: No such process
Sat Aug 5 17:32:38 2023 daemon.notice netifd: Interface ‘wgclient’ is now down
Sat Aug 5 17:32:38 2023 daemon.notice netifd: Interface ‘wgclient’ is setting up now
Sat Aug 5 17:32:38 2023 user.notice mwan3[22869]: Execute ifdown event on interface wgclient (unknown)
Sat Aug 5 17:32:39 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Sat Aug 5 17:32:40 2023 user.notice route_policy: default_policy=1 domain_list=iplocation.com primevideo.com aiv-cdn.net amazonvideo.com atv-ext.amazon.com atv-ext-eu.amazon.com atv-ext-fe.amazon.com atv-ps.amazon.com atv-ps-eu.amazon.com atv-ps-eu.amazon.co.uk atv-ps-fe.amazon.co.jp atv-ps-fe.amazon.com pv-cdn.net flxvpn.net netflix.ca netflix.com netflix.com.au netflixdnstest10.com netflixdnstest1.com netflixdnstest2.com netflixdnstest3.com netflixdnstest4.com netflixdnstest5.com netflixdnstest6.com netflixdnstest7.com netflixdnstest8.com netflixdnstest9.com netflixinvestor.com netflix.net netflixstudios.com netflixtechblog.com nflxext.com nflximg.com nflximg.net nflxso.net nflxvideo.net cdn.nflxvideo.net dns_via=
Sat Aug 5 17:34:21 2023 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=2 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
Sat Aug 5 17:34:24 2023 daemon.notice netifd: wgclient (27977): RTNETLINK answers: No such process
Sat Aug 5 17:34:24 2023 daemon.notice netifd: Interface ‘wgclient’ is now down
Sat Aug 5 17:34:24 2023 daemon.notice netifd: Interface ‘wgclient’ is setting up now
Sat Aug 5 17:34:25 2023 user.notice mwan3[28009]: Execute ifdown event on interface wgclient (unknown)
Sat Aug 5 17:34:25 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Sat Aug 5 17:34:26 2023 user.notice route_policy: default_policy=1 domain_list=iplocation.com primevideo.com aiv-cdn.net amazonvideo.com atv-ext.amazon.com atv-ext-eu.amazon.com atv-ext-fe.amazon.com atv-ps.amazon.com atv-ps-eu.amazon.com atv-ps-eu.amazon.co.uk atv-ps-fe.amazon.co.jp atv-ps-fe.amazon.com pv-cdn.net flxvpn.net netflix.ca netflix.com netflix.com.au netflixdnstest10.com netflixdnstest1.com netflixdnstest2.com netflixdnstest3.com netflixdnstest4.com netflixdnstest5.com netflixdnstest6.com netflixdnstest7.com netflixdnstest8.com netflixdnstest9.com netflixinvestor.com netflix.net netflixstudios.com netflixtechblog.com nflxext.com nflximg.com nflximg.net nflxso.net nflxvideo.net cdn.nflxvideo.net dns_via=

This is what the ProtonVPN config looks like (I have replaced the private key with XXXXXXX…)
[Interface]
# Key for FR74
# Bouncing = 1
# NetShield = 0
# Moderate NAT = off
# NAT-PMP (Port Forwarding) = off
# VPN Accelerator = off
PrivateKey = XXXXXXXXXXXXXXXXX
Address = 10.2.0.2/32
DNS = 10.2.0.1

[Peer]
# FR#74
PublicKey = QkRTXcTgRJGTjSFe/Qaa8l6hi7NbITvGFRSdhUpMvSw=
AllowedIPs = 0.0.0.0/0
Endpoint = 185.246.211.72:51820

ProtonVPN, free tier, NL:

cat /etc/config/wireguard

config peers 'peer_2030'
        option group_id '5070'
        option address_v4 '10.2.0.2/32'
        option end_point '190.2.132.189:51820'
        option private_key '[redacted]='
        option public_key '[redacted]='
        option presharedkey_enable '0'
        option allowed_ips '0.0.0.0/0'
        option dns '10.2.0.1'
        option persistent_keepalive '25'
        option local_access '0'
        option masq '1'
        option mtu '1420'
        option ipv6_enable '0'
        option name 'NL-FREE-123003'

Thanks, I have checked and I do have the same parameters and it stalls
No issue with Mullvad.

Hi

I have ProtonVpn configured on my Beryl AX and it’s working fine with 4.2.3. I’m connected to a paid-tier server (if that’s what are they’re called).

Tested a while ago. Connected, did a speed test and browsed for about 15 minutes, did another speed test and it was more or less the same.

Here’s my configuration file:

[Interface]
Address = 10.2.0.2/32
PrivateKey = [redacted]
DNS = 10.2.0.1
MTU = 1420

[Peer]
AllowedIPs = 0.0.0.0/0
Endpoint = 185.159.157.14:51820
PersistentKeepalive = 25
PublicKey =[redacted]

Can you please try use protovpn conf in wireguard APP on your phone? It may be the server that limit you do speedtest for some reason.

I have replicated the issue with the native ProtonVPN app on MacOS and logged a ticket with ProtonVPN and provided their own app logs. They are busy troubleshooting this very strange issue.
I tried with different MTU lower values with no luck

I have finally identified the problem: ISP is performing now some UDP filtering. changing ISP solved the problem