Model: GL.iNet GL-A1300
Architecture: ARMv7 Processor rev 5 (v7l)
Openwrt Version: 21.02.2 r16495-bf0c965af0
Kernel Version: 5.4.179
Firmware: 4.4.6
Firmware Type: release1

=========

As per the Subject line, I have my WG connection set up to my WG server at home.
Connecting my laptop (wired to LAN through the GL-A1300) the WG connections establishes within seconds of me enabling the VPN tunnel.
Speed and latency is as expected (twice as fast or more than that of OpenVPN).
Then for no reason the I lose the connection.

I look at the “Traffic Statistics” under the VPN Dashboard and they show zero and zero (all previous up and download numbers are gone.

WG-VPN_tunnel freeze1564×714 72.8 KB

During the up time (right after the connection) the Log shows:

Wed Nov 15 17:26:17 2023 daemon.notice netifd: ovpnclient (32749): Warning: Option ‘wgclient’.masq6 is unknown
Wed Nov 15 17:26:19 2023 daemon.notice netifd: Interface ‘wgclient’ is setting up now
Wed Nov 15 17:26:20 2023 daemon.notice netifd: Network device ‘wgclient’ link is up
Wed Nov 15 17:26:20 2023 daemon.notice netifd: Interface ‘wgclient’ is now up
Wed Nov 15 17:26:21 2023 user.notice mwan3[1492]: Execute ifup event on interface wgclient (wgclient)
Wed Nov 15 17:26:21 2023 user.notice mwan3[1492]: Starting tracker on interface wgclient (wgclient)
Wed Nov 15 17:26:25 2023 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)
Wed Nov 15 17:26:26 2023 user.notice wgclient-up: env value:T_J_V_ifname=string J_V_address_external=1 USER=root ifname=wgclient ACTION=KEYPAIR-CREATED N_J_V_address_external=address-external SHLVL=2 J_V_keep=1 HOME=/ HOTPLUG_TYPE=wireguard T_J_V_interface=string J_V_ifname=wgclient T_J_V_link_up=boolean LOGNAME=root DEVICENAME= T_J_V_action=int TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up address_external keep interface J_V_link_up=1 J_V_action=0 T_J_V_address_external=boolean N_J_V_link_up=link-up T_J_V_keep=boolean PWD=/ JSON_CUR=J_V CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_1559 group_4525 group_3844 group_7103 peer_8275 peer_8161 peer_4618 peer_7861 CONFIG_cfg030f15_ports=

Immediately after freezing there is one added line at the end which is:

Wed Nov 15 17:30:00 2023 daemon.notice netifd: Network device ‘wgclient’ link is down

Why did it go down???

My configuration file is EXACTLY the same format as the one on my Android Phone and iPad - yet they NEVER loose the connection.
That format is:

[Interface]
Address = 192.168.2.7/32
PrivateKey = redacted=
DNS = 192.168.2.1

[Peer]
AllowedIPs = 0.0.0.0/0
Endpoint = redacted
PersistentKeepalive = 25
PublicKey = redacted=
PresharedKey = redacted=

If I turn the connection Off and On again, it reconnects fine.
The time to disconnect is not consistent. It might be a minute or two, or up to about 20 minutes. But usually it is around 10 ish minutes.

I’ve done it without the preshared key as well - no difference.

the OpenVPN tunnel I’ve also created works without issue or dropping.

Suggestions?

Thanks

============

Update:
After turning the the tunnel off and on again the log says this:

Wed Nov 15 18:00:32 2023 daemon.notice netifd: wgclient (15109): * Running script ‘/etc/firewall.vpn_server_policy.sh’
Wed Nov 15 18:00:32 2023 daemon.notice netifd: wgclient (15109): * Running script ‘/var/etc/gls2s.include’
Wed Nov 15 18:00:32 2023 daemon.notice netifd: wgclient (15109): ! Skipping due to path error: No such file or directory
Wed Nov 15 18:00:32 2023 daemon.notice netifd: wgclient (15109): * Running script ‘/usr/bin/gl_block.sh’
Wed Nov 15 18:00:32 2023 daemon.notice netifd: wgclient (15109): sh: 1: unknown operand
Wed Nov 15 18:00:32 2023 user.notice mwan3[15108]: Execute ifdown event on interface wgclient (unknown)
Wed Nov 15 18:00:33 2023 daemon.notice netifd: wgclient (15109): udhcpc: started, v1.33.2
Wed Nov 15 18:00:33 2023 daemon.notice netifd: wgclient (15109): udhcpc: sending discover
Wed Nov 15 18:00:33 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Wed Nov 15 18:00:36 2023 daemon.notice netifd: wgclient (15109): udhcpc: no lease, failing
Wed Nov 15 18:00:36 2023 daemon.notice netifd: Interface ‘wgclient’ is now down
Wed Nov 15 18:00:37 2023 daemon.notice netifd: Interface ‘wgclient’ is setting up now
Wed Nov 15 18:00:37 2023 user.notice mwan3[15945]: Execute ifdown event on interface wgclient (unknown)
Wed Nov 15 18:00:38 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Wed Nov 15 18:00:38 2023 daemon.notice netifd: Network device ‘wgclient’ link is up
Wed Nov 15 18:00:38 2023 daemon.notice netifd: Interface ‘wgclient’ is now up
Wed Nov 15 18:00:40 2023 user.notice mwan3[16875]: Execute ifup event on interface wgclient (wgclient)
Wed Nov 15 18:00:40 2023 user.notice mwan3[16875]: Starting tracker on interface wgclient (wgclient)
Wed Nov 15 18:00:43 2023 user.notice wgclient-up: env value:T_J_V_ifname=string J_V_address_external=1 USER=root ifname=wgclient ACTION=KEYPAIR-CREATED N_J_V_address_external=address-external SHLVL=2 J_V_keep=1 HOME=/ HOTPLUG_TYPE=wireguard T_J_V_interface=string J_V_ifname=wgclient T_J_V_link_up=boolean LOGNAME=root DEVICENAME= T_J_V_action=int TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up address_external keep interface J_V_link_up=1 J_V_action=0 T_J_V_address_external=boolean N_J_V_link_up=link-up T_J_V_keep=boolean PWD=/ JSON_CUR=J_V CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_1559 group_4525 group_3844 group_7103 peer_8275 peer_8161 peer_4618 peer_7861 CONFIG_cfg030f15_ports=
Wed Nov 15 18:00:44 2023 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)

Hi, do you enable IPv6? Could you please show me command output of:

wg

When issue happens.

IPv6 is not enabled.

Where do I issue the wg command?

Is there a console option somewhere I am unaware of?

System>Advanced Settings: the (http://192.168.8.1/cgi-bin/luci) link maybe?
Looks like there is a root login, but I am unaware of the default login requirements is if that is the case.

Apologies - I get it - you wanted me to ssh in (I wasn’t thinking there).

==========

Here is what I get
Basically, nothing when it freezes
It’s like the “persistent keepalive: every 25 seconds” line is not actually doing its job.

If I am connected, and not doing anything I see the “latest handshake” time continuing to clock upwards - until it hits about the 2 minute mark:

interface: wgclient
public key: redacted=
private key: (hidden)
listening port: redacted
fwmark: 0x80000

peer: redacted=
preshared key: (hidden)
endpoint: redacted:redacted
allowed ips: 0.0.0.0/0
latest handshake: 1 minute, 58 seconds ago
transfer: 33.87 MiB received, 699.80 KiB sent
persistent keepalive: every 25 seconds

When it crosses the 2 minute mark, the time either resets, or the connection breaks.
when it breaks, the output I get is:

root@GL-A1300:~# wg

When I turn it off and on again in the GUI interface, and refreshed the wg command every second as we crossed the 2 minute mark and this is what I saw:

root@GL-A1300:~# wg
interface: wgclient
public key: redacted=
private key: (hidden)
listening port: redacted
fwmark: 0x80000

peer: redacted=
preshared key: (hidden)
endpoint: redacted:redacted
allowed ips: 0.0.0.0/0
latest handshake: 1 minute, 59 seconds ago
transfer: 33.87 MiB received, 699.88 KiB sent
persistent keepalive: every 25 seconds
root@GL-A1300:~# wg
interface: wgclient
public key: redacted=
private key: (hidden)
listening port: redacted
fwmark: 0x80000

peer: redacted=
preshared key: (hidden)
endpoint: redacted:redacted
allowed ips: 0.0.0.0/0
latest handshake: 2 minutes ago
transfer: 33.87 MiB received, 700.04 KiB sent
persistent keepalive: every 25 seconds

Then the connection broke and I got nothing again:

root@GL-A1300:~# wg
root@GL-A1300:~# wg

The connection doesn’t always break at the 2 minute mark, but it seems that if the connection is going to break, it will be when the handshake time crosses that 2 minute threshold for some reason.

I’ve done this several times now. I have the wg VPN enabled, and doing nothing else other than ssh’ing into the router, I will refresh the wg command by hitting the up arrow and enter.
Either the handshake refreshes at the 2 minute mark and starts counting up from zero again, or the tunnel ‘acts’ like it gets shut down ( if I turn the wg switch off in the GUI and run the wg command I get the same output):

root@GL-A1300:~# wg
root@GL-A1300:~# wg

Does this help?

What is the server device?

Is your phone or iPad under the same network as A1300?
Could you try to connect a1300 wifi and use wireguard app to check if it’s network blocked somewhere?

It seems one of the two endpoints is having trouble getting the updated keys. IIRC ~ 2mins is the approx. time WG initiates new keys for perfect forward secrecy (PFS).

Thanks for the reply.
It is the Unifi Dream Machine Pro
I’m not sure how this could be relevant as my iOS and Android devices use exactly the same configuration format . . . and they never lose the connection

Yes, they were connected to the same hotel networks (when I was away this week - actually, it was a couple of different hotels in a couple of different countries).
the problem persisted . . . always around the 2 minute mark.

It’s like the PersistentKeepalive = 25 is not being respected by the GL-A1300.
Does this not mean it should send a packet every 25 seconds, and by extension restart the handshake countdown?

Well, as i said earlier, my Android & iOS devices show the time to the last handshake restarting every 5-6 seconds. So to me the situation seems to point back at the GL-A1300.

Come to think of it, I have the GL.iNet 1200 as well (I can’t remember the exact model numnber), connecting to same Dream Machine Pro using the same configuration file format - it has never lost the connection either.

It’s got to be something with the GL-A1300. No?

That’s my understanding.

If I were in your shoes, I’d pull the (Opal (GL-SFT1200)?) & set it as a WG Client to the Slate Plus acting as a WG Server as a 192.168.x.x/24 server… after resetting both devices back to stock on their most recent firmware, accordingly.

wg show & logread -e wg via SSH would be handy here. See below:

handshake always happens, it has nothing to do with PersistentKeepalive which is used for heartbeat purpose(let the middlebox not drop the wireguard UDP connection).
Could you export and send me the full log to email handongming@gl-inet
By the way, you can tweak the MTU to smaller one(go to page VPN dashboard - WireGuard Client Options), and change PersistentKeepalive smaller, eg, 15(edit the configuration file)

handshake always happens, it has nothing to do with PersistentKeepalive which is used for heartbeat purpose(let the middlebox not drop the wireguard UDP connection).

I guess I don’t understand when a handshake is supposed to happen; does it happen data is sent or does it happen at some other time as well (and what triggers it)?
AND
Apologies, I am not sure what was being asked of me with respect to the statement: “(let the middlebox not drop the wireguard UDP connection)”. Could you please clarify?

Could you export and send me the full log to email handongming@gl-inet

I could. Are you asking for something other than the log I posted in the original post at the top?
If so, how and where do you want me to get that from?

By the way, you can tweak the MTU to smaller one(go to page VPN dashboard - WireGuard Client Options), and change PersistentKeepalive smaller, eg, 15(edit the configuration file)

Ok. I did both. MTU 1320 and PersistentKeepalive to 15.
No change. Same problem.

@bring.fringe18
As requested:

==============

root@GL-A1300:~# wg show & logread -e
interface: wgclient
public key: [REDACTED]=
private key: (hidden)
listening port: [REDACTED]
fwmark: 0x80000

peer: [REDACTED]=
preshared key: (hidden)
endpoint: [REDACTED]
allowed ips: 0.0.0.0/0
latest handshake: 1 minute, 46 seconds ago
transfer: 166.28 KiB received, 94.59 KiB sent
persistent keepalive: every 15 seconds
logread: option requires an argument: e
Usage: logread [options]
Options:
-s Path to ubus socket
-l Got only the last ‘count’ messages
-e Filter messages with a regexp
-r Stream message to a server
-F Log file
-S Log size
-p PID file
-h Add hostname to the message
-P Prefix custom text to streamed messages
-z handle only messages with given facility (0-23), repeatable
-Z ignore messages with given facility (0-23), repeatable
-f Follow log messages
-u Use UDP as the protocol
-t Add an extra timestamp
-0 Use \0 instead of \n as trailer when using TCP

[1]+ Done wg show

@bring.fringe18

I think I’m missing something with the root@GL-A1300:~# wg show & logread -e command.

I’m not sure what it is.

So it looks like it’s connected (per transfer) but it doesn’t appear to be routing. Do you have a DNS entry defined in both the WG settings on the Server & Client? Eg:

[Interface]
Address = 10.0.0.2/24
PrivateKey = [REDACTED]
DNS = 9.9.9.9
MTU = 1320

Check the ‘…’ for WG Client & Profiles, (Cog wheel, IIRC) for the WG Server.

The wg will show all WireGuard related entries by filtering for that entry. You can also do others like firewall, wan, etc.

So it looks like it’s connected (per transfer) but it doesn’t appear to be routing. Do you have a DNS entry defined in both the WG settings on the Server & Client? Eg:

[Interface]
Address = 10.0.0.2/24
PrivateKey = [REDACTED]
DNS = 9.9.9.9
MTU = 1320

I do, on both the server and the client (as I do on all my devices) the exact format is as follows:

[Interface]
Address = 192.168.97.7/32
PrivateKey = [REDACTED]=
DNS = 1.1.1.1,8.8.8.8
MTU = 1320

[Peer]
AllowedIPs = 0.0.0.0/0
Endpoint = [REDACTED]
PersistentKeepalive = 15
PublicKey = [REDACTED]=
PresharedKey = [REDACTED]=

Check the ‘…’ for WG Client & Profiles, (Cog wheel, IIRC) for the WG Server.

The wg will show all WireGuard related entries by filtering for that entry. You can also do others like firewall, wan, etc.

Here is what I get:

root@GL-A1300:~# logread -e wg
Sat Nov 18 13:05:17 2023 daemon.notice netifd: Interface ‘wgclient’ is setting up now
Sat Nov 18 13:05:18 2023 daemon.notice netifd: Network device ‘wgclient’ link is up
Sat Nov 18 13:05:18 2023 daemon.notice netifd: Interface ‘wgclient’ is now up
Sat Nov 18 13:05:19 2023 user.notice mwan3[13951]: Execute ifup event on interface wgclient (wgclient)
Sat Nov 18 13:05:19 2023 user.notice mwan3[13951]: Starting tracker on interface wgclient (wgclient)
Sat Nov 18 13:05:22 2023 daemon.info dnsmasq[14674]: reading /tmp/resolv.conf.wg
Sat Nov 18 13:05:22 2023 user.notice wgclient-up: env value:T_J_V_ifname=string J_V_address_external=1 USER=root ifname=wgclient ACTION=KEYPAIR-CREATED N_J_V_address_external=address-external SHLVL=2 J_V_keep=1 HOME=/ HOTPLUG_TYPE=wireguard T_J_V_interface=string J_V_ifname=wgclient T_J_V_link_up=boolean LOGNAME=root DEVICENAME= T_J_V_action=int TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up address_external keep interface J_V_link_up=1 J_V_action=0 T_J_V_address_external=boolean N_J_V_link_up=link-up T_J_V_keep=boolean PWD=/ JSON_CUR=J_V CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_1559 group_4525 group_3844 group_7103 peer_8275 peer_8161 peer_4618 peer_7861 CONFIG_cfg030f15_ports=
root@GL-A1300:~#

And when the connection drops, these two entries appear:

Sat Nov 18 13:05:23 2023 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)
Sat Nov 18 13:10:00 2023 daemon.notice netifd: Network device ‘wgclient’ link is down
root@GL-A1300:~#

I’m not sure why DNS settings would have anything to do with the connection dropping though.

I asked about DNS as I forgot if you were using ddns or static IPs for your public facing WG Server. It was a shot in the dark.

Here’s what my Client device, a Certa (GL-AR750) running firmware 4.3.7-release4 log looks like:

Sat Nov 18 15:07:02 2023 daemon.notice netifd: Interface 'wgclient' is setting up now
Sat Nov 18 15:07:04 2023 daemon.notice netifd: Network device 'wgclient' link is up
Sat Nov 18 15:07:04 2023 daemon.notice netifd: Interface 'wgclient' is now up
Sat Nov 18 15:07:04 2023 user.notice wgclient-up: env value:T_J_V_ifname=string J_V_address_external=1 USER=root ifname=wgclient ACTION=KEYPAIR-CREATED N_J_V_address_external=address-external SHLVL=2 J_V_keep=1 HOME=/ HOTPLUG_TYPE=wireguard T_J_V_interface=string J_V_ifname=wgclient T_J_V_link_up=boolean LOGNAME=root DEVICENAME= T_J_V_action=int TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up address_external keep interface J_V_link_up=1 J_V_action=0 T_J_V_address_external=boolean N_J_V_link_up=link-up T_J_V_keep=boolean PWD=/ JSON_CUR=J_V CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_2650 group_5616 group_8583 group_6120 peer_2001 peer_2002 peer_3130 CONFIG_cfg030f15_ports=
Sat Nov 18 15:07:09 2023 user.notice mwan3[20278]: Execute ifup event on interface wgclient (wgclient)
Sat Nov 18 15:07:11 2023 user.notice mwan3[20278]: Starting tracker on interface wgclient (wgclient)
Sat Nov 18 15:07:16 2023 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)
Sat Nov 18 15:14:15 2023 daemon.notice netifd: Network device 'wgclient' link is down
Sat Nov 18 15:14:15 2023 daemon.notice netifd: Interface 'wgclient' is now down
Sat Nov 18 15:14:16 2023 user.notice mwan3[31076]: Execute ifdown event on interface wgclient (unknown)
Sat Nov 18 15:14:24 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Sat Nov 18 15:14:39 2023 daemon.notice netifd: Interface 'wgclient' is setting up now
Sat Nov 18 15:14:40 2023 daemon.notice netifd: Network device 'wgclient' link is up
Sat Nov 18 15:14:40 2023 daemon.notice netifd: Interface 'wgclient' is now up
Sat Nov 18 15:14:40 2023 user.notice wgclient-up: env value:T_J_V_ifname=string J_V_address_external=1 USER=root ifname=wgclient ACTION=KEYPAIR-CREATED N_J_V_address_external=address-external SHLVL=2 J_V_keep=1 HOME=/ HOTPLUG_TYPE=wireguard T_J_V_interface=string J_V_ifname=wgclient T_J_V_link_up=boolean LOGNAME=root DEVICENAME= T_J_V_action=int TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up address_external keep interface J_V_link_up=1 J_V_action=0 T_J_V_address_external=boolean N_J_V_link_up=link-up T_J_V_keep=boolean PWD=/ JSON_CUR=J_V CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_2650 group_5616 group_8583 group_6120 peer_2001 peer_2002 peer_3130 CONFIG_cfg030f15_ports=
Sat Nov 18 15:14:43 2023 user.notice mwan3[32079]: Execute ifup event on interface wgclient (wgclient)
Sat Nov 18 15:14:45 2023 user.notice mwan3[32079]: Starting tracker on interface wgclient (wgclient)
Sat Nov 18 15:14:52 2023 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)
Sat Nov 18 15:15:05 2023 daemon.notice netifd: Network device 'wgclient' link is down
Sat Nov 18 15:15:05 2023 daemon.notice netifd: Interface 'wgclient' is now down
Sat Nov 18 15:15:06 2023 user.notice mwan3[2058]: Execute ifdown event on interface wgclient (unknown)
Sat Nov 18 15:15:13 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Sat Nov 18 15:15:25 2023 daemon.notice netifd: Interface 'wgclient' is setting up now
Sat Nov 18 15:15:26 2023 daemon.notice netifd: Network device 'wgclient' link is up
Sat Nov 18 15:15:26 2023 daemon.notice netifd: Interface 'wgclient' is now up
Sat Nov 18 15:15:26 2023 user.notice wgclient-up: env value:T_J_V_ifname=string J_V_address_external=1 USER=root ifname=wgclient ACTION=KEYPAIR-CREATED N_J_V_address_external=address-external SHLVL=2 J_V_keep=1 HOME=/ HOTPLUG_TYPE=wireguard T_J_V_interface=string J_V_ifname=wgclient T_J_V_link_up=boolean LOGNAME=root DEVICENAME= T_J_V_action=int TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up address_external keep interface J_V_link_up=1 J_V_action=0 T_J_V_address_external=boolean N_J_V_link_up=link-up T_J_V_keep=boolean PWD=/ JSON_CUR=J_V CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_2650 group_5616 group_8583 group_6120 peer_2001 peer_2002 peer_3130 CONFIG_cfg030f15_ports=
Sat Nov 18 15:15:29 2023 user.notice mwan3[3056]: Execute ifup event on interface wgclient (wgclient)
Sat Nov 18 15:15:31 2023 user.notice mwan3[3056]: Starting tracker on interface wgclient (wgclient)
Sat Nov 18 15:15:36 2023 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)
Sat Nov 18 15:18:16 2023 user.notice mwan3[5736]: Execute ifdown event on interface wgclient (unknown)
Sat Nov 18 15:18:16 2023 daemon.notice netifd: wgclient (5737): [!] Section safe_mode_lan (safe_mode_lan) is disabled, ignoring section
Sat Nov 18 15:18:16 2023 daemon.notice netifd: wgclient (5737): [!] Section safe_mode_guest (safe_mode_guest) is disabled, ignoring section
Sat Nov 18 15:18:16 2023 daemon.notice netifd: wgclient (5737): [!] Section safe_mode_mark (safe_mode_mark) is disabled, ignoring section
Sat Nov 18 15:18:16 2023 daemon.notice netifd: wgclient (5737): [!] Section safe_mode_mark_save (safe_mode_mark_save) option 'extra' is not supported by fw4
Sat Nov 18 15:18:16 2023 daemon.notice netifd: wgclient (5737): [!] Section safe_mode_mark_save (safe_mode_mark_save) is disabled, ignoring section
Sat Nov 18 15:18:16 2023 daemon.notice netifd: wgclient (5737): [!] Section safe_mode_mark_drop (safe_mode_mark_drop) is disabled, ignoring section
Sat Nov 18 15:18:16 2023 daemon.notice netifd: wgclient (5737): [!] Section nat6 option 'reload' is not supported by fw4
Sat Nov 18 15:18:16 2023 daemon.notice netifd: wgclient (5737): [!] Section gls2s option 'reload' is not supported by fw4
Sat Nov 18 15:18:16 2023 daemon.notice netifd: wgclient (5737): [!] Section gls2s specifies unreachable path '/var/etc/gls2s.include', ignoring section
Sat Nov 18 15:18:16 2023 daemon.notice netifd: wgclient (5737): [!] Section glblock option 'reload' is not supported by fw4
Sat Nov 18 15:18:16 2023 daemon.notice netifd: wgclient (5737): [!] Section vpn_server_policy option 'reload' is not supported by fw4
Sat Nov 18 15:18:16 2023 daemon.notice netifd: wgclient (5737): [!] Automatically including '/usr/share/nftables.d/chain-pre/mangle_output/01-process_mark.nft'
Sat Nov 18 15:18:16 2023 daemon.notice netifd: wgclient (5737): [!] Automatically including '/usr/share/nftables.d/chain-post/mangle_output/out_conn_mark_restore.nft'
Sat Nov 18 15:18:17 2023 daemon.notice netifd: Interface 'wgclient' is now down
Sat Nov 18 15:18:17 2023 daemon.notice netifd: Interface 'wgclient' is setting up now
Sat Nov 18 15:18:22 2023 daemon.notice netifd: Network device 'wgclient' link is up
Sat Nov 18 15:18:22 2023 daemon.notice netifd: Interface 'wgclient' is now up
Sat Nov 18 15:18:22 2023 user.notice wgclient-up: env value:T_J_V_ifname=string J_V_address_external=1 USER=root ifname=wgclient ACTION=KEYPAIR-CREATED N_J_V_address_external=address-external SHLVL=2 J_V_keep=1 HOME=/ HOTPLUG_TYPE=wireguard T_J_V_interface=string J_V_ifname=wgclient T_J_V_link_up=boolean LOGNAME=root DEVICENAME= T_J_V_action=int TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up address_external keep interface J_V_link_up=1 J_V_action=0 T_J_V_address_external=boolean N_J_V_link_up=link-up T_J_V_keep=boolean PWD=/ JSON_CUR=J_V CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_2650 group_5616 group_8583 group_6120 peer_2001 peer_2002 peer_3130 CONFIG_cfg030f15_ports=
Sat Nov 18 15:18:29 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Sat Nov 18 15:18:33 2023 user.notice mwan3[6959]: Execute ifup event on interface wgclient (wgclient)
Sat Nov 18 15:18:34 2023 user.notice mwan3[6959]: Starting tracker on interface wgclient (wgclient)
Sat Nov 18 15:18:39 2023 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)
Sat Nov 18 15:19:04 2023 user.notice mwan3[7932]: Execute ifdown event on interface wgclient (unknown)
Sat Nov 18 15:19:04 2023 daemon.notice netifd: wgclient (7933): [!] Section safe_mode_lan (safe_mode_lan) is disabled, ignoring section
Sat Nov 18 15:19:04 2023 daemon.notice netifd: wgclient (7933): [!] Section safe_mode_guest (safe_mode_guest) is disabled, ignoring section
Sat Nov 18 15:19:05 2023 daemon.notice netifd: wgclient (7933): [!] Section safe_mode_mark (safe_mode_mark) is disabled, ignoring section
Sat Nov 18 15:19:05 2023 daemon.notice netifd: wgclient (7933): [!] Section safe_mode_mark_save (safe_mode_mark_save) option 'extra' is not supported by fw4
Sat Nov 18 15:19:05 2023 daemon.notice netifd: wgclient (7933): [!] Section safe_mode_mark_save (safe_mode_mark_save) is disabled, ignoring section
Sat Nov 18 15:19:05 2023 daemon.notice netifd: wgclient (7933): [!] Section safe_mode_mark_drop (safe_mode_mark_drop) is disabled, ignoring section
Sat Nov 18 15:19:05 2023 daemon.notice netifd: wgclient (7933): [!] Section nat6 option 'reload' is not supported by fw4
Sat Nov 18 15:19:05 2023 daemon.notice netifd: wgclient (7933): [!] Section gls2s option 'reload' is not supported by fw4
Sat Nov 18 15:19:05 2023 daemon.notice netifd: wgclient (7933): [!] Section gls2s specifies unreachable path '/var/etc/gls2s.include', ignoring section
Sat Nov 18 15:19:05 2023 daemon.notice netifd: wgclient (7933): [!] Section glblock option 'reload' is not supported by fw4
Sat Nov 18 15:19:05 2023 daemon.notice netifd: wgclient (7933): [!] Section vpn_server_policy option 'reload' is not supported by fw4
Sat Nov 18 15:19:05 2023 daemon.notice netifd: wgclient (7933): [!] Automatically including '/usr/share/nftables.d/chain-pre/mangle_output/01-process_mark.nft'
Sat Nov 18 15:19:05 2023 daemon.notice netifd: wgclient (7933): [!] Automatically including '/usr/share/nftables.d/chain-post/mangle_output/out_conn_mark_restore.nft'
Sat Nov 18 15:19:06 2023 daemon.notice netifd: Interface 'wgclient' is now down
Sat Nov 18 15:19:06 2023 daemon.notice netifd: Interface 'wgclient' is setting up now
Sat Nov 18 15:19:10 2023 daemon.notice netifd: Network device 'wgclient' link is up
Sat Nov 18 15:19:10 2023 daemon.notice netifd: Interface 'wgclient' is now up
Sat Nov 18 15:19:10 2023 user.notice wgclient-up: env value:T_J_V_ifname=string J_V_address_external=1 USER=root ifname=wgclient ACTION=KEYPAIR-CREATED N_J_V_address_external=address-external SHLVL=2 J_V_keep=1 HOME=/ HOTPLUG_TYPE=wireguard T_J_V_interface=string J_V_ifname=wgclient T_J_V_link_up=boolean LOGNAME=root DEVICENAME= T_J_V_action=int TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up address_external keep interface J_V_link_up=1 J_V_action=0 T_J_V_address_external=boolean N_J_V_link_up=link-up T_J_V_keep=boolean PWD=/ JSON_CUR=J_V CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_2650 group_5616 group_8583 group_6120 peer_2001 peer_2002 peer_3130 CONFIG_cfg030f15_ports=
Sat Nov 18 15:19:18 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Sat Nov 18 15:19:22 2023 user.notice mwan3[9208]: Execute ifup event on interface wgclient (wgclient)
Sat Nov 18 15:19:22 2023 user.notice mwan3[9208]: Starting tracker on interface wgclient (wgclient)
Sat Nov 18 15:19:28 2023 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)
Sat Nov 18 15:20:11 2023 daemon.notice netifd: Network device 'wgclient' link is down
Sat Nov 18 15:20:11 2023 daemon.notice netifd: Interface 'wgclient' is now down
Sat Nov 18 15:20:12 2023 user.notice mwan3[10551]: Execute ifdown event on interface wgclient (unknown)
Sat Nov 18 15:20:20 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Sat Nov 18 15:20:21 2023 daemon.notice netifd: Interface 'wgclient' is setting up now
Sat Nov 18 15:20:24 2023 daemon.notice netifd: Network device 'wgclient' link is up
Sat Nov 18 15:20:24 2023 daemon.notice netifd: Interface 'wgclient' is now up
Sat Nov 18 15:20:24 2023 user.notice wgclient-up: env value:T_J_V_ifname=string J_V_address_external=1 USER=root ifname=wgclient ACTION=KEYPAIR-CREATED N_J_V_address_external=address-external SHLVL=2 J_V_keep=1 HOME=/ HOTPLUG_TYPE=wireguard T_J_V_interface=string J_V_ifname=wgclient T_J_V_link_up=boolean LOGNAME=root DEVICENAME= T_J_V_action=int TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up address_external keep interface J_V_link_up=1 J_V_action=0 T_J_V_address_external=boolean N_J_V_link_up=link-up T_J_V_keep=boolean PWD=/ JSON_CUR=J_V CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_2650 group_5616 group_8583 group_6120 peer_2001 peer_2002 peer_3130 CONFIG_cfg030f15_ports=
Sat Nov 18 15:20:31 2023 user.notice mwan3[11502]: Execute ifup event on interface wgclient (wgclient)
Sat Nov 18 15:20:31 2023 user.notice mwan3[11502]: Starting tracker on interface wgclient (wgclient)
Sat Nov 18 15:20:36 2023 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)
Sat Nov 18 15:25:05 2023 daemon.notice netifd: Network device 'wgclient' link is down
Sat Nov 18 15:25:05 2023 daemon.notice netifd: Interface 'wgclient' is now down
Sat Nov 18 15:25:06 2023 user.notice mwan3[17300]: Execute ifdown event on interface wgclient (unknown)
Sat Nov 18 15:25:13 2023 daemon.notice netifd: Interface 'wgclient' is setting up now
Sat Nov 18 15:25:14 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Sat Nov 18 15:25:15 2023 daemon.notice netifd: Network device 'wgclient' link is up
Sat Nov 18 15:25:15 2023 daemon.notice netifd: Interface 'wgclient' is now up
Sat Nov 18 15:25:15 2023 user.notice wgclient-up: env value:T_J_V_ifname=string J_V_address_external=1 USER=root ifname=wgclient ACTION=KEYPAIR-CREATED N_J_V_address_external=address-external SHLVL=2 J_V_keep=1 HOME=/ HOTPLUG_TYPE=wireguard T_J_V_interface=string J_V_ifname=wgclient T_J_V_link_up=boolean LOGNAME=root DEVICENAME= T_J_V_action=int TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up address_external keep interface J_V_link_up=1 J_V_action=0 T_J_V_address_external=boolean N_J_V_link_up=link-up T_J_V_keep=boolean PWD=/ JSON_CUR=J_V CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_2650 group_5616 group_8583 group_6120 peer_2001 peer_2002 peer_3130 CONFIG_cfg030f15_ports=
Sat Nov 18 15:25:24 2023 user.notice mwan3[18346]: Execute ifup event on interface wgclient (wgclient)
Sat Nov 18 15:25:25 2023 user.notice mwan3[18346]: Starting tracker on interface wgclient (wgclient)
Sat Nov 18 15:25:30 2023 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)
Sat Nov 18 15:26:10 2023 daemon.notice netifd: Network device 'wgclient' link is down
Sat Nov 18 15:26:10 2023 daemon.notice netifd: Interface 'wgclient' is now down
Sat Nov 18 15:26:11 2023 user.notice mwan3[19849]: Execute ifdown event on interface wgclient (unknown)
Sat Nov 18 15:26:18 2023 daemon.notice netifd: Interface 'wgclient' is setting up now
Sat Nov 18 15:26:20 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Sat Nov 18 15:26:20 2023 daemon.notice netifd: Network device 'wgclient' link is up
Sat Nov 18 15:26:20 2023 daemon.notice netifd: Interface 'wgclient' is now up
Sat Nov 18 15:26:20 2023 user.notice wgclient-up: env value:T_J_V_ifname=string J_V_address_external=1 USER=root ifname=wgclient ACTION=KEYPAIR-CREATED N_J_V_address_external=address-external SHLVL=2 J_V_keep=1 HOME=/ HOTPLUG_TYPE=wireguard T_J_V_interface=string J_V_ifname=wgclient T_J_V_link_up=boolean LOGNAME=root DEVICENAME= T_J_V_action=int TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up address_external keep interface J_V_link_up=1 J_V_action=0 T_J_V_address_external=boolean N_J_V_link_up=link-up T_J_V_keep=boolean PWD=/ JSON_CUR=J_V CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_2650 group_5616 group_8583 group_6120 peer_2001 peer_2002 peer_3130 CONFIG_cfg030f15_ports=
Sat Nov 18 15:26:30 2023 user.notice mwan3[21054]: Execute ifup event on interface wgclient (wgclient)
**Sat Nov 18 15:26:31 2023 user.notice mwan3[21054]: Starting tracker on interface wgclient (wgclient)**
**Sat Nov 18 15:26:36 2023 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)**

[Emphasis mine]

I’m starting to wonder if you’re not experiencing a case of mwan3’s connectivity tracking ‘downing’ your wgclient as it tries to set everything up. Try increasing the timeouts for it via GL GUI → Network → Multi-WAN → [Cog].

logread -e mwan3

May I check remotely, please PM me.

I’ve bumped the Track Interval from: 5 seconds to 10 seconds.
I’ve bumped the Change to Failure Condition from: Ping failures 3 times to 5 times.

If that fails again, I’ll bump it again to see if that helps.