VPNs flap when SpitzAX connected via WWAN

kennethrc · June 7, 2023, 6:52am

I’m running the latest SpAX FW: “Version4.0 * Firmware Type: release10301 * Compile Time2023-05-12 18:01:40(UTC+08:00)”

When I have my SpAX connected to WWAN (tried it on both T-Mobile and AT&T) and turn on either a WG or OpenVPN connection using the VPN Dashboard, it stays connected for a few minutes, then breaks the connection (yellow dot) and tries again. This happens several times a minute, but doesn’t happen if I use Repeater or WAN (Ethernet) connections.

I think it’s because the WWAN keeps going up and down- is this due to switching cells, or bands, or …? I’ll notice sometimes if I watch the WWAN page it’ll spontaneously go to “Connecting”. Is there anything I can do?

doczenith1 · June 7, 2023, 1:31pm

This may or may not be related but with my SpitzAX (same fw) WireGuard works fine with my Visible (Verizon) sim but I have a similar experience as you are describing when I try to use WireGuard with my Tello (T-Mobile) sim. Therefore I have to turn the VPN off to use the Tello sim.

kennethrc · June 12, 2023, 6:42am

Thing is, it happens with my AT&T SIM.

I’ll see if there’s a newer build to try.

kennethrc · June 12, 2023, 7:04am

OK, just tried the Beta of 6/9 … @alzhao , what information can I give you to help solve this? It’s a pretty major bug. Here’s from the log (I ran it thru “sed” to make it more legible):

Mon Jun 12 02:03:23 2023 daemon.notice netifd: wgclient (9571): RTNETLINK answers: No such process
Mon Jun 12 02:03:24 2023 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)
Mon Jun 12 02:03:24 2023 daemon.notice netifd: Interface ‘wgclient’ is now down
Mon Jun 12 02:03:24 2023 daemon.notice netifd: Interface ‘wgclient’ is setting up now
Mon Jun 12 02:03:27 2023 daemon.notice netifd: Interface ‘wgclient’ is now up
Mon Jun 12 02:03:27 2023 daemon.notice netifd: Network device ‘wgclient’ link is up
Mon Jun 12 02:03:28 2023 user.notice wgclient-up: env value:T_J_A1_1=object T_J_V_ifname=string USER=root ifname=wgclient ACTION=KEYPAIR-CREATED SHLVL=2 J_V_keep=1 T_J_V_ipaddr=array HOME=/ T_J_T2_mask=string HOTPLUG_TYPE=wireguard T_J_V_interface=string J_A1_1=J_T2 J_V_ifname=wgclient T_J_V_link_up=boolean T_J_T2_ipaddr=string LOGNAME=root DEVICENAME= T_J_V_action=int K_J_A1= 1 J_V_ipaddr=J_A1 TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin J_T2_mask=24 CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up keep ipaddr interface J_V_link_up=1 J_T2_ipaddr=192.168.123.14 J_V_action=0 N_J_V_link_up=link-up PROTO_IPADDR=192.168.123.14/24// T_J_V_keep=boolean PWD=/ JSON_CUR=J_V K_J_T2= ipaddr mask CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_3598 group_2917 group_5884 group_1135 peer_2001 CONFIG_cfg030f15_ports=
Mon Jun 12 02:03:31 2023 user.notice mwan3[12215]: Execute ifup event on interface wgclient (wgclient)
Mon Jun 12 02:03:31 2023 user.notice mwan3[12215]: Starting tracker on interface wgclient (wgclient)
Mon Jun 12 02:03:33 2023 daemon.notice netifd: Interface ‘wgclient’ has lost the connection
Mon Jun 12 02:03:33 2023 daemon.notice netifd: Network device ‘wgclient’ link is down
Mon Jun 12 02:03:34 2023 daemon.notice netifd: wgclient (12796): RTNETLINK answers: No such process
Mon Jun 12 02:03:34 2023 daemon.notice netifd: Interface ‘wgclient’ is now down
Mon Jun 12 02:03:34 2023 daemon.notice netifd: Interface ‘wgclient’ is setting up now
Mon Jun 12 02:03:34 2023 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)
Mon Jun 12 02:03:38 2023 daemon.notice netifd: Interface ‘wgclient’ is now up
Mon Jun 12 02:03:38 2023 daemon.notice netifd: Network device ‘wgclient’ link is up
Mon Jun 12 02:03:38 2023 user.notice wgclient-up: env value:T_J_A1_1=object T_J_V_ifname=string USER=root ifname=wgclient ACTION=KEYPAIR-CREATED SHLVL=2 J_V_keep=1 T_J_V_ipaddr=array HOME=/ T_J_T2_mask=string HOTPLUG_TYPE=wireguard T_J_V_interface=string J_A1_1=J_T2 J_V_ifname=wgclient T_J_V_link_up=boolean T_J_T2_ipaddr=string LOGNAME=root DEVICENAME= T_J_V_action=int K_J_A1= 1 J_V_ipaddr=J_A1 TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin J_T2_mask=24 CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up keep ipaddr interface J_V_link_up=1 J_T2_ipaddr=192.168.123.14 J_V_action=0 N_J_V_link_up=link-up PROTO_IPADDR=192.168.123.14/24// T_J_V_keep=boolean PWD=/ JSON_CUR=J_V K_J_T2= ipaddr mask CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_3598 group_2917 group_5884 group_1135 peer_2001 CONFIG_cfg030f15_ports=
Mon Jun 12 02:03:42 2023 user.notice mwan3[15470]: Execute ifup event on interface wgclient (wgclient)
Mon Jun 12 02:03:42 2023 user.notice mwan3[15470]: Starting tracker on interface wgclient (wgclient)

kennethrc · June 12, 2023, 7:16am

Yeah, this is pretty bad, guys. Let me know what I can do to help fix this (I need to use a VPN sometimes with my WAN connections 'cause otherwise they’ll throttle streaming media to only 480p).

alzhao · June 12, 2023, 7:48am

Can you pls set up a mtu 1428 and test again? @kennethrc

kennethrc · June 12, 2023, 8:08am

Still flaps, unfortunately:

Mon Jun 12 03:07:22 2023 daemon.notice netifd: Interface ‘wgclient’ has lost the connection
Mon Jun 12 03:07:22 2023 daemon.notice netifd: Network device ‘wgclient’ link is down
Mon Jun 12 03:07:22 2023 daemon.notice netifd: wgclient (10768): RTNETLINK answers: No such process
Mon Jun 12 03:07:22 2023 daemon.notice netifd: Interface ‘wgclient’ is now down
Mon Jun 12 03:07:22 2023 daemon.notice netifd: Interface ‘wgclient’ is setting up now
Mon Jun 12 03:07:24 2023 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)
Mon Jun 12 03:07:26 2023 daemon.notice netifd: Interface ‘wgclient’ is now up
Mon Jun 12 03:07:26 2023 daemon.notice netifd: Network device ‘wgclient’ link is up
Mon Jun 12 03:07:26 2023 user.notice wgclient-up: env value:T_J_A1_1=object T_J_V_ifname=string USER=root ifname=wgclient ACTION=KEYPAIR-CREATED SHLVL=2 J_V_keep=1 T_J_V_ipaddr=array HOME=/ T_J_T2_mask=string HOTPLUG_TYPE=wireguard T_J_V_interface=string J_A1_1=J_T2 J_V_ifname=wgclient T_J_V_link_up=boolean T_J_T2_ipaddr=string LOGNAME=root DEVICENAME= T_J_V_action=int K_J_A1= 1 J_V_ipaddr=J_A1 TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin J_T2_mask=24 CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up keep ipaddr interface J_V_link_up=1 J_T2_ipaddr=192.168.123.14 J_V_action=0 N_J_V_link_up=link-up PROTO_IPADDR=192.168.123.14/24// T_J_V_keep=boolean PWD=/ JSON_CUR=J_V K_J_T2= ipaddr mask CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_3598 group_2917 group_5884 group_1135 peer_2001 peer_2002 CONFIG_cfg030f15_ports=
Mon Jun 12 03:07:31 2023 user.notice mwan3[12919]: Execute ifup event on interface wgclient (wgclient)
Mon Jun 12 03:07:31 2023 user.notice mwan3[12919]: Starting tracker on interface wgclient (wgclient)
Mon Jun 12 03:07:32 2023 daemon.notice netifd: Interface ‘wgclient’ has lost the connection
Mon Jun 12 03:07:32 2023 daemon.notice netifd: Network device ‘wgclient’ link is down
Mon Jun 12 03:07:32 2023 daemon.notice netifd: wgclient (13475): RTNETLINK answers: No such process
Mon Jun 12 03:07:32 2023 daemon.notice netifd: Interface ‘wgclient’ is now down
Mon Jun 12 03:07:32 2023 daemon.notice netifd: Interface ‘wgclient’ is setting up now
Mon Jun 12 03:07:33 2023 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)
Mon Jun 12 03:07:36 2023 daemon.notice netifd: Interface ‘wgclient’ is now up
Mon Jun 12 03:07:36 2023 daemon.notice netifd: Network device ‘wgclient’ link is up
Mon Jun 12 03:07:36 2023 user.notice wgclient-up: env value:T_J_A1_1=object T_J_V_ifname=string USER=root ifname=wgclient ACTION=KEYPAIR-CREATED SHLVL=2 J_V_keep=1 T_J_V_ipaddr=array HOME=/ T_J_T2_mask=string HOTPLUG_TYPE=wireguard T_J_V_interface=string J_A1_1=J_T2 J_V_ifname=wgclient T_J_V_link_up=boolean T_J_T2_ipaddr=string LOGNAME=root DEVICENAME= T_J_V_action=int K_J_A1= 1 J_V_ipaddr=J_A1 TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin J_T2_mask=24 CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up keep ipaddr interface J_V_link_up=1 J_T2_ipaddr=192.168.123.14 J_V_action=0 N_J_V_link_up=link-up PROTO_IPADDR=192.168.123.14/24// T_J_V_keep=boolean PWD=/ JSON_CUR=J_V K_J_T2= ipaddr mask CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_3598 group_2917 group_5884 group_1135 peer_2001 peer_2002 CONFIG_cfg030f15_ports=

alzhao · June 12, 2023, 8:21am

mtu must be the case. Maybe the mtu is not applied?

kennethrc · June 12, 2023, 8:41am

Nah, it’s there:

          inet addr:192.168.123.14  P-t-P:192.168.123.14  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP  MTU:1428  Metric:1
          RX packets:95 errors:0 dropped:0 overruns:0 frame:0
          TX packets:90 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:43752 (42.7 KiB)  TX bytes:22580 (22.0 KiB)```

kennethrc · June 12, 2023, 8:42am

What would cause the tracker to think it’s down? I have Multi-WAN enabled for load balancing, but I’m pretty sure I turned that off, too, trying to figure out the cause here.

alzhao · June 12, 2023, 9:06am

Can you try change the mtu lower?

What is the vpn service you are using? I use mullvad and seems it is fine.

kennethrc · June 12, 2023, 9:09am

I’m using my own VPN for both WG and OpenVPN. They work perfectly on every other GLI device I own, and even on this one on any mode except cellular. I guess I can try manually adding a Mullvad connection to WG and try them, but I can’t see how it would make a difference.

What should I lower the MTU to?

kennethrc · June 12, 2023, 9:12am

OK, I went all the way down to 1320. All setting a lower MTU does is delay how long it begins to flap, and you have to send traffic to make it stop.

… so I’m thinking “NOT MTU”.

alzhao · June 12, 2023, 9:25am

Can you try changing the listening port in wireguard settings?

kennethrc · June 12, 2023, 9:33am

Before I do that (which will mess up MANY other configs I have out there), what’s the rationale? I DO get some data transfer before the connection starts to flap.

          inet addr:192.168.123.14  P-t-P:192.168.123.14  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP  MTU:1352  Metric:1
          RX packets:20 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:5608 (5.4 KiB)  TX bytes:920 (920.0 B)```

alzhao · June 12, 2023, 9:38am

The MTU? Carrier usually has lower mtu settings, e.g. 1428. So when the vpn use a higher mtu number, data does not go through.

kennethrc · June 12, 2023, 9:42am

I understand, but I went all the way down to 1320, no difference, it just delayed the time it took to begin flapping.

What is the criteria used to determine if the “wgclient” interface is down?

hansome · June 12, 2023, 11:18am

Hi, Could we start a remote desk session? Please PM me. If you have two NICs, one for internet and one to access SpitzAX, that would be great.