Wireguard disconnects and never reconnects

gartanuspi · January 20, 2024, 11:08am

I setup wireguard mullvad in the admin panel. Everyday twice the connection stops and my devices are off the internet. Mullvad allows 5 devices and only one is setup (router).
I download the openvpn mullvad config and this issue never happens but openvpn is slower. Why is wireguard disconnecting and not reconnecting? How to debug it?
I used wireguard_watchdog in cron tasks but it doesn’t do anything.
mine is a gl-mt1300 4.3.7

admon · January 20, 2024, 11:12am

By posting your log here

Make sure that the DNS resolver is working properly.

gartanuspi · January 20, 2024, 11:20am

OK! which log to post here?

bring.fringe18 · January 20, 2024, 11:23am

The wg watchdog script just resolves ddns to IP changes.

Do you have a persistent_keepalive value in your confs? 25 s is considered to be a good value to start from.

root@slateax:~# wg show
interface: wgclient
  public key: [redacted]=
  private key: (hidden)
  listening port: 46190
  fwmark: 0x80000

peer: [redacted]=
  endpoint: [redacted]:51820
  allowed ips: 0.0.0.0/0
  latest handshake: 53 seconds ago
  transfer: 7.91 GiB received, 1.21 GiB sent
  persistent keepalive: every 25 seconds

admon · January 20, 2024, 11:24am

System log should be fine - maybe just the lines that fits to the time where the wg connection drops.

bring.fringe18 · January 20, 2024, 11:26am

There’s going to be a lot of noise. A reboot & logread -e wireguard & one or two mins after booting might help the signal… especially if the wg watchdog sh is in play.

gartanuspi · January 20, 2024, 11:28am

This is the default config by glinet admin panel setup

[Interface]
Address = 
PrivateKey = 
DNS = 
MTU = 1380

[Peer]
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 
PersistentKeepalive = 25
PublicKey =

bring.fringe18 · January 20, 2024, 11:29am

Is that MTU approp. to Mullvad? @admon, what do you use there?

admon · January 20, 2024, 11:30am

I’m using all the default settings. Set up Mullvad using the integrated “config downloader” within the router and all works flawless. So I would assume the issue is somewhere else.

bring.fringe18 · January 20, 2024, 11:33am

Well something’s not building the wg conf. I don’t trust those blasted ‘helpers’; when the providers make unannounced changes to their end’s api, it all breaks down.

I do manual setup. @gartanuspi , if the ‘helper’ doesn’t setup Mullvad, grab a conf from them & upload it manually to the WG Client GUI.

admon · January 20, 2024, 11:36am

For me, this does not make sense.

Because if the helper would not be able to build the config - how should the connection work at all?
The helper does not rebuild it, if you don’t press the button for it.

So if the conn stops it can’t be related to the helper itself.

gartanuspi · January 20, 2024, 11:38am

I refreshed the config 2 day ago

bring.fringe18 · January 20, 2024, 11:39am

~~WG is a stateless protocol though; if there’s no traffic, there’s no packets… hence the need for keepalive directive.~~ I’m not even sure if we have a vaild wg conf in effect here.

@gartanuspi can you ssh into the device & post the output of

wg show
cat /etc/config/wireguard
logread -e wireguard

after a fresh reboot & trying to connect to Mullvad again… even if it fails?

gartanuspi · January 20, 2024, 11:56am

interface: wgclient
  public key: 
  private key: (hidden)
  listening port: 58161
  fwmark: 0x80000

peer: 
  endpoint: 
  allowed ips: 0.0.0.0/0, ::/0
  latest handshake: 1 minute, 22 seconds ago
  transfer: 120.97 KiB received, 58.88 KiB sent
  persistent keepalive: every 25 seconds

bring.fringe18 · January 20, 2024, 12:01pm

What do you have in /etc/config/wireguard for Mullvad? Does this GL helper set up WG endpoints differently than manual confs?

gartanuspi · January 20, 2024, 12:03pm

config proxy 'global'
	option global_proxy '1'

config providers 'AzireVPN'
	option auth_type '1'
	option procedure '0'
	option group_id '4861'

config providers 'Mullvad'
	option auth_type '2'
	option procedure '1'
	option group_id '7828'

config providers 'FromApp'
	option auth_type '1'
	option procedure '0'
	option group_id '7147'

config groups 'group_4861'
	option group_name 'AzireVPN'
	option group_type '1'
	option auth_type '1'
	option procedure '0'

config groups 'group_7828'
	option group_name 'Mullvad'
	option group_type '1'
	option auth_type '2'
	option procedure '1'
	option username '0000'
	option address _address
	option public_key key
	option private_key pkey

config groups 'group_7147'
	option group_name 'FromApp'
	option group_type '3'
	option auth_type '1'
	option procedure '0'

config peers peer_01
	option group_id '7828'
	option name _name
	option location _location
	option address_v4 v4
	option address_v6 v6
	option private_key pkey
	option dns '193.138.219.228'
	option end_point end_point
	option public_key key
	option allowed_ips '0.0.0.0/0,::/0'
	option persistent_keepalive '25'
	option mtu '1380'
	option local_access '0'
	option masq '1'

config peers peer_02
	option group_id '7828'
	option name _name
	option location _location
	option address_v4 v4
	option address_v6 v6
	option private_key pkey
	option dns '193.138.219.228'
	option end_point end_point
	option public_key key
	option allowed_ips '0.0.0.0/0,::/0'
	option persistent_keepalive '25'
	option mtu '1380'
	option local_access '0'
	option masq '1'

config peers peer_03
	option group_id '7828'
	option name _name
	option location _location
	option address_v4 v4
	option address_v6 v6
	option private_key pkey
	option dns '193.138.219.228'
	option end_point end_point
	option public_key key
	option allowed_ips '0.0.0.0/0,::/0'
	option persistent_keepalive '25'
	option mtu '1380'
	option local_access '0'
	option masq '1'

config peers peer_04
	option group_id '7828'
	option name _name
	option location _location
	option address_v4 v4
	option address_v6 v6
	option private_key pkey
	option dns '193.138.219.228'
	option end_point end_point
	option public_key key
	option allowed_ips '0.0.0.0/0,::/0'
	option persistent_keepalive '25'
	option mtu '1380'
	option local_access '0'
	option masq '1'

config peers peer_05
	option group_id '7828'
	option name _name
	option location _location
	option address_v4 v4
	option address_v6 v6
	option private_key pkey
	option dns '193.138.219.228'
	option end_point end_point
	option public_key key
	option allowed_ips '0.0.0.0/0,::/0'
	option persistent_keepalive '25'
	option mtu '1380'
	option local_access '0'
	option masq '1'

config peers peer_06
	option group_id '7828'
	option name _name
	option location _location
	option address_v4 v4
	option address_v6 v6
	option private_key pkey
	option dns '193.138.219.228'
	option end_point end_point
	option public_key key
	option allowed_ips '0.0.0.0/0,::/0'
	option persistent_keepalive '25'
	option mtu '1380'
	option local_access '0'
	option masq '1'

config peers peer_07
	option group_id '7828'
	option name _name
	option location _location
	option address_v4 v4
	option address_v6 v6
	option private_key pkey
	option dns '193.138.219.228'
	option end_point end_point
	option public_key key
	option allowed_ips '0.0.0.0/0,::/0'
	option persistent_keepalive '25'
	option mtu '1380'
	option local_access '0'
	option masq '1'

config peers peer_08
	option group_id '7828'
	option name _name
	option location _location
	option address_v4 v4
	option address_v6 v6
	option private_key pkey
	option dns '193.138.219.228'
	option end_point end_point
	option public_key key
	option allowed_ips '0.0.0.0/0,::/0'
	option persistent_keepalive '25'
	option mtu '1380'
	option local_access '0'
	option masq '1'

config peers peer_09
	option group_id '7828'
	option name _name
	option location _location
	option address_v4 v4
	option address_v6 v6
	option private_key pkey
	option dns '193.138.219.228'
	option end_point end_point
	option public_key key
	option allowed_ips '0.0.0.0/0,::/0'
	option persistent_keepalive '25'
	option mtu '1380'
	option local_access '0'
	option masq '1'

config peers peer_10
	option group_id '7828'
	option name _name
	option location _location
	option address_v4 v4
	option address_v6 v6
	option private_key pkey
	option dns '193.138.219.228'
	option end_point end_point
	option public_key key
	option allowed_ips '0.0.0.0/0,::/0'
	option persistent_keepalive '25'
	option mtu '1380'
	option local_access '0'
	option masq '1'

config peers peer_11
	option group_id '7828'
	option name _name
	option location _location
	option address_v4 v4
	option address_v6 v6
	option private_key pkey
	option dns '193.138.219.228'
	option end_point end_point
	option public_key key
	option allowed_ips '0.0.0.0/0,::/0'
	option persistent_keepalive '25'
	option mtu '1380'
	option local_access '0'
	option masq '1'

config peers peer_12
	option group_id '7828'
	option name _name
	option location _location
	option address_v4 v4
	option address_v6 v6
	option private_key pkey
	option dns '193.138.219.228'
	option end_point end_point
	option public_key key
	option allowed_ips '0.0.0.0/0,::/0'
	option persistent_keepalive '25'
	option mtu '1380'
	option local_access '0'
	option masq '1'

config peers peer_13
	option group_id '7828'
	option name _name
	option location _location
	option address_v4 v4
	option address_v6 v6
	option private_key pkey
	option dns '193.138.219.228'
	option end_point end_point
	option public_key key
	option allowed_ips '0.0.0.0/0,::/0'
	option persistent_keepalive '25'
	option mtu '1380'
	option local_access '0'
	option masq '1'

config peers peer_14
	option group_id '7828'
	option name _name
	option location _location
	option address_v4 v4
	option address_v6 v6
	option private_key pkey
	option dns '193.138.219.228'
	option end_point end_point
	option public_key key
	option allowed_ips '0.0.0.0/0,::/0'
	option persistent_keepalive '25'
	option mtu '1380'
	option local_access '0'
	option masq '1'

config peers peer_15
	option group_id '7828'
	option name _name
	option location _location
	option address_v4 v4
	option address_v6 v6
	option private_key pkey
	option dns '193.138.219.228'
	option end_point end_point
	option public_key key
	option allowed_ips '0.0.0.0/0,::/0'
	option persistent_keepalive '25'
	option mtu '1380'
	option local_access '0'
	option masq '1'

gartanuspi · January 20, 2024, 12:05pm

Sat Jan 20 11:53:10 2024 kern.info kernel: [   15.210587] wireguard: WireGuard 1.0.20220627 loaded. See www.wireguard.com for information.
Sat Jan 20 11:53:10 2024 kern.info kernel: [   15.219133] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
Sat Jan 20 11:54:41 2024 user.notice wgclient-up: env value:T_J_V_ifname=string J_V_address_external=1 USER=root ifname=wgclient ACTION=KEYPAIR-CREATED N_J_V_address_external=address-external SHLVL=2 J_V_keep=1 HOME=/ HOTPLUG_TYPE=wireguard T_J_V_interface=string J_V_ifname=wgclient T_J_V_link_up=boolean LOGNAME=root DEVICENAME= T_J_V_action=int TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up address_external keep interface J_V_link_up=1 J_V_action=0 T_J_V_address_external=boolean N_J_V_link_up=link-up T_J_V_keep=boolean PWD=/ JSON_CUR=J_V CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_4861 group_7828 group_7147 peer_01 peer_02 peer_03 peer_04 peer_05 peer_06 peer_07 peer_08 peer_09 peer_10 peer_11 peer_12 peer_13 peer_14 peer_15 CONFIG_cfg030f15_ports=

bring.fringe18 · January 20, 2024, 12:09pm

Sorry; I should have mentioned: it can take the better part of a minute for the router to build the WG tunnel. Pls repost logread -e wireguard in, oh, say, 2 minutes.

gartanuspi · January 20, 2024, 12:12pm

what does tunnell mean? I’m already using that connection, this is me from the router with wireguard, to post this message. log is the same now

bring.fringe18 · January 20, 2024, 12:14pm

The connection via WireGuard from the GL device → Mullvad is an encrypted data tunnel.

Does IP Leak show the expected Mullvad server location?