My setup is a PULI on LTE, then behind it a Asus router running wireguard vpn.
The issue I had and after reading is a common issue with wireguard. Im wondering if the GL units are programmed to solve this issue or if they have it also.
So when wireguard is up and running, and the WAN drops out and reconnects but ends up with a different public IP, the wireguard wont reconnect. Itll stay turned on as a feature in the GUI, but the tunnel will be broken. Only way to fix this is to disable and re enable wireguard to it starts over with the new IP.
Ive read some people make scripts that watch for this to occur, and some people use DDNS and put that address in the wireguard profile (not sure if this fully solves it or not).
I was watching my log on the Puli and I disconnected and reconnected the LTE and it seems like the log showed it shutting down wireguard and turning it back on. I never lost service anyways.
With the asus if the lte shuts down and provides a new IP then the wireguard tunnel stays on but broken and I have no internet to the house.
Anyone know if the GL units are programed to solve this? I would assume so since they are multi wan with multi SIM and the IP could be anything coming in.
Yes, you need to use DDNS, given your IP changes constantly, along with some monitoring. A quick googling revealed this, so why not give it a try?
One better solution if your ISP supports it is to offer the lease time of your IP. Then disable the udhcpc process. My ISP supports it so I was able to ask for an IP for leased for the whole month!
The default configured udhcpc on GL can be found be executing: # ps | grep udhcpc
Once you find the command rerun it with adding your desired lease time in the options: udhcpc -p /var/run/udhcpc-rmnet_mhi0.pid -s /lib/netifd/dhcp.script -f -t 0 -i rmnet_mhi0 -x hostname:modem -x lease:86400 -C -R -O 121
Seems really silly to have to babysit a service. What if your not home and the internet goes down because of this? The router should sense it and restart the wireguard,
What about this Wireguard tool? What I don’t know is if the gl-inet Wireguard service uses the vanilla Wireguard config file in /etc/wireguard, or if it’s somewhere else. EDIT: looks like /etc/config/wireguard is where the configuration is maintained, perhaps used in combination with dynamic dns servive on the server.
IMO Wireguard is smaller and faster, while openvpn is more robust, with cache credentials and keep alive and options to reconnect when ip addresses change built in.
One might keep an openvpn server in addition to wireguard as a second way to connect to a remote server should anything go wrong.
IMO in terms of reliability Wireguard < OpenVPN < IPSec. If I need a tunnel up and running unattended I use IPSec.