Randomly stuck on "connecting" to Flint 2 WireGuard server - need help diagnosing

Hi guys.

I have a Flint 2 Home VPN server that randomly isn't working anymore. I have been vpn'd in for the last 3 months but now I can't connect to it. I restarted two separate client routers that have it's profile, tried a new profile too. Rebooted the home server router too and still nothing. As a hail mary we factory reset the flint 2 and set it up the same way and still nothing.

I have redundancy set up with another Flint 2 elsewhere and that is working so I know it is not my client router's issue.

Hardware:

• Server: GL.iNet Flint 2
• Client: GL.iNet Beryl AX
• ISP: Spectrum (for Flint 2)

Setup:

• Flint 2 connected via ethernet to Spectrum router
• WireGuard server running on Flint 2: port 51825(I heard 51825 sometimes is buggy with spectrum, besides 51820 was not working either) IPv4 10.0.0.1/24
• DDNS is enabled on Flint 2

Problem:

• Beryl AX shows persistent yellow "connecting" status

Logs:

Wed May 21 22:12:27 2025 user.notice firewall: Reloading firewall due to ifdown of wgclient () Wed May 21 22:14:18 2025 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/ Wed May 21 22:14:18 2025 daemon.notice netifd: Interface 'wgclient' is now down Wed May 21 22:14:18 2025 daemon.notice netifd: Interface 'wgclient' is setting up now Wed May 21 22:14:19 2025 user.notice firewall: Reloading firewall due to ifdown of wgclient () Wed May 21 22:16:09 2025 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/ Wed May 21 22:16:10 2025 daemon.notice netifd: Interface 'wgclient' is now down Wed May 21 22:16:10 2025 daemon.notice netifd: Interface 'wgclient' is setting up now Wed May 21 22:16:10 2025 user.notice firewall: Reloading firewall due to ifdown of wgclient ()

Has anyone successfully set up GL.iNet router-to-router WireGuard through Spectrum? Any specific configuration tips or common pitfalls I should check?

Thanks for any guidance!

Use ``` on the lines before & after to post logs/code

like this

WTF are they doing to you guys over there?! Do you happen to know if Spectrum uses or recently switched to CG-NAT? Even if it's not CG-NAT I'd really reconsider WG given the ISP nonsense. Tailscale, AstroWarp, NetBird would take all that bollocks out of the equation for you.

(Be aware those SDNs aren't post-quantum cipher based should that matter to you but neither is WG without ensuring a PSK in its per-file conf)

Hi,

Please check if your modem/ router WAN IP is the public IP

That's a good point. Do you suspect the DDNS proc failed to update the endpoint?

@bananagod12
Once you get this all resolved, get this executed on your Beryl AX:

if [ ! "$(grep -m 1 '0 * * * * /usr/bin/wireguard_watchdog' /etc/crontabs/root)" = '0 * * * * /usr/bin/wireguard_watchdog     # hourly' ]; then
	printf '%s\n' '0 * * * * /usr/bin/wireguard_watchdog     # hourly' >> /etc/crontabs/root
fi
/etc/init.d/cron restart
[ "$(grep -m 1 'crontabs' /etc/sysupgrade.conf)" = '/etc/crontabs/ ] || printf '%s\n' '/etc/crontabs/' >> /etc/sysupgrade.conf

It'll check for & update your Beryl AX if your Flint v2's DDNS/IP updates on that remote endpoint/server.

I will check this today!

Oh nice! Let me see if I can still get WG to work, if not I can test out some of these solutions

Also I made a typo, I have the flint 2 connected to the spectrum MODEM itself, no spectrum router is involved in this setup

Yeah, IDK, man... if Spectrum is playing games with your ports as you describe you might be far better served with a SDN/tailnet & get off the ISP wires as much as possible. Fawk'em!

@bruce I just checked, they both match

Please following these guides to check again: