Wireguard connection drops after a couple of seconds

hcooke · January 3, 2020, 11:09am

I have an Openwrt router set up as a wireguard server. It runs stably with Android and iOS apps/clients. I have a 300n-V2 with the latest firmware 3.025 which I have set up as a Wireguard client. It connects to the Openwrt wg server and I can see small amounts of data (few hundred bytes) up and down on the 300n and the wg server but the connection drops after a few seconds. I don’t know where to look to fix this . can anyone help?

limbot · January 3, 2020, 11:44am

@hcooke

3.100 has been released for the MT300n-V2. Maybe give that a go first and see if it rectifies your issue?

My Mango with 3.100 as a Wireguard client connects just fine to my B1300 (3.027) running Wireguard server.

hcooke · January 4, 2020, 12:11pm

Tried that without success, the tunnel stays up long enough for ~1MiB data transfer but then fails. I have a feeling that the keep alive packets are not getting through so the tunnel fails after ca 25sec. Could you show me a redacted version of your config?

alzhao · January 4, 2020, 4:41pm

Can you post the config of your server? Did you have pre-shared key?

hcooke · January 5, 2020, 9:13am

Hi there is no pre-shared key. . I’ve just noticed that there is no persistent keep alive for the Mango client.
Will fix this and get back if this was not the problem

    option public_key 'x5Qk5gMhIN+XLNmTZWnJMnk='
	list allowed_ips '10.200.200.2/32'
	option route_allowed_ips '1'
	option persistent_keepalive '25'
	option endpoint_port '51820'
	option description 'OnePlus'

config wireguard_wg0
	option public_key 'xpmzQglyze+aQ1wI2wuErPR5nnDwY='
	list allowed_ips '10.200.200.3/32'
	option route_allowed_ips '1'
	option endpoint_port '51820'
	option persistent_keepalive '25'
	option description 'iPad'

config wireguard_wg0
	option description 'Xaomi'
	option public_key 'xL4ykRftzO/VFlPoUtkv113Kx8='
	list allowed_ips '10.200.200.4/32'
	option route_allowed_ips '1'
	option persistent_keepalive '25'

config wireguard_wg0
	option description 'Mango'
	list allowed_ips '10.200.200.5/32'
	option route_allowed_ips '1'
	option public_key 'xLv4ofuZOR8HH+AAdrmE='

hcooke · January 5, 2020, 9:36am

Corrected but same dropping of connection. ? no handshake?
Here is the corrected server config
config interface ‘wg0’
option proto ‘wireguard’
option private_key ‘XXXXXXXXXgS7LlW1FDwrztqsPiFg=’
option listen_port ‘51820’
list addresses ‘10.200.200.1/24’

config wireguard_wg0
	option public_key 'XXXXXXXXXXXQk5gMhIN+XLNmTZWnJMnk='
	list allowed_ips '10.200.200.2/32'
	option route_allowed_ips '1'
	option persistent_keepalive '25'
	option endpoint_port '51820'
	option description 'OnePlus'

config wireguard_wg0
	option public_key 'XXXXXXXXXXXXXXXXXX+aQ1wI2wuErPR5nnDwY='
	list allowed_ips '10.200.200.3/32'
	option route_allowed_ips '1'
	option endpoint_port '51820'
	option persistent_keepalive '25'
	option description 'iPad'

config wireguard_wg0
	option description 'Xaomi'
	option public_key 'XXXXXXXXXXXXX6L4ykRftzO/VFlPoUtkv113Kx8='
	list allowed_ips '10.200.200.4/32'
	option route_allowed_ips '1'
	option persistent_keepalive '25'

config wireguard_wg0
	option description 'Mango'
	list allowed_ips '10.200.200.5/32'
	option route_allowed_ips '1'
	option public_key 'DnJSfdwuP4hmc/m0YdWZwoloLv4ofuZOR8HH+AAdrmE='
	option persistent_keepalive '25'

And the Mango client confi g
config proxy
option main_server ‘XXXXXX’
option enable ‘0’

config peers 'wg_peer_6492'
	option name 'XXXXXXXX'
	option address '10.200.200.5/32'
	option private_key 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX='
	option dns '192.168.3.1'
	option end_point 'XXXXXXXXXXXX.duckdns.org:51820'
	option public_key '19StB1m9/apAWznWH2dIYLMgPZVjvRUDx1CHvrnCATA='
	option allowed_ips '0.0.0.0/0'
	option persistent_keepalive '25'
	option listen_port '51820'
	option mtu '1420'

At the server the connection looks like this

**Public Key:** DnJSfdwuP4hmc/m0YdWZwoloLv4ofuZOR8HH+AAdrmE=
**Endpoint:** xxx.205.241.88:51820
**Allowed IPs:**
• 10.200.200.5/32
**Persistent Keepalive:** 25s
**Latest Handshake:** Sun, 05 Jan 2020 09:28:47 GMT (5m ago)
**Data Received:** 404 B
**Data Transmitted:** 6 KiB

Any solution?

rp201rp · January 5, 2020, 10:23am

using your android client, export your working config to a .conf and cut and past settings in client connection on 300n. if it works then manually gerenerate new client keys and place in openwrt and substitute in 300n in /etc/config/wireguard. You can cheat and use same settings for server and clients from 1300. and oh yeah dont forget to disable your other client connections while testing.

hcooke · January 5, 2020, 12:14pm

That’s essentially how I set it up! It does connect so those settings are basically OK

rp201rp · January 6, 2020, 1:25am

my last try is in your openwrt router go to luci/network/interfaces and wg0 and make sure mtu is set for 1420

bOcy · January 6, 2020, 7:53am

i would check your config on the mango’s “wireguard client” again, a wrong “allowed ip/prefix” would let you connect to the wireguard server but unable to establish connection

hcooke · January 6, 2020, 4:11pm

Checked MTU and allowed IP. Still only the initial handshake. It takes minutes before the abort option becomes available.

bOcy · January 7, 2020, 2:55pm

10.200.200.1/24

Try your interface listed address 10.200.200.1/32

hcooke · January 8, 2020, 3:27pm

Not sure what you mean. I’ve changed the address in the interface section of the Mango client gui to 10.200.200.5/24 (was that what you intended?) which fits with the exported config from the android app but the connection still drops. If I change the wg0 openwrt interface to 10.200.200.1/32 the wg connection stays up but there is no internet.
Sorry for the confusion

ThH · January 8, 2020, 6:00pm

Looking at server config I thought the same like bOcy. option list_addresses should be 10.200.200.1/32 instead ‘10.200.200.1/24’ to my opinion.

If the connection stays up, are there more packets exchanged?
How do the redacted settings look in mango web interface?

bOcy · January 9, 2020, 7:17am

put everything with /32

except 0.0.0.0/0, this one remains

ThH · January 9, 2020, 11:30am

For what reason did you set the listen port? Tried without or by setting the same port as used on server (51820)?

If you have 10.200.200.1/32 set on server and the connection stays up, are are there packets sent and received by mango?

bOcy · January 9, 2020, 11:54am

Listen port on the mango is optional (random)

hcooke · January 9, 2020, 12:31pm

If I have 10.200.200.1/32 set on the server the connection stays up for ~5min, about 600 packets are sent over a period of 3min, there is no internet connection on Mango. The android peer connects but similarly has no internet connectivity. Again, the android and iOS peers work perfectly with the server set to 10.200.200.1/24.
I set up wireguard on openWRT according to this http://chrisbuchan.co.uk/uncategorized/wireguard-setup-openwrt/

rp201rp · January 9, 2020, 12:48pm

any chance that it’s not that it’s the only client disconnecting, but rather the only one thats not reconnecting after firewall rule,or event every so often causing disconnect?

hcooke · January 9, 2020, 1:51pm

I wondered if it was a firewall problem but I wouldn’t know where to start with that.