Linksys OpenWrt wireguard connection fail after router rebot while no internet connection

alannts425 · May 7, 2023, 4:50am

Hey there,

I'm curious to know why each time the router reboot then the wireguard connection is fail and not restart automatically while there is no internet connection as well?

Any advice or help is much highly appreciated.

Thanks!

frollic · May 7, 2023, 4:53am

The device clock isn't in sync with reality?

alannts425 · May 7, 2023, 4:55am

What do you mean? Not really understand? How to make it?

slh · May 7, 2023, 4:55am

Cryptography depends on the valid time (at least reasonably close to it), but most classic routers don't have a battery backed RTC, which would keep the time over a reboot - they depend on the network (ntp) to acquire a sense of time.

There are ways to 'help' (as in setting the time to the last file mtime under /etc/), but without a battery backed RTC, that's the best you can get (in other words, you won't get to see this problem on x86_64).

frollic · May 7, 2023, 4:56am

Make sure the clock is running correctly before you attempt to start the tunnel.

alannts425 · May 7, 2023, 4:57am

Okay. I'll try it. Btw, thanks

alannts425 · May 7, 2023, 5:50am

Yes, its working after the router reboot or power on/off the plug.

Thanks so much for your kindness help

DeepAnger · May 7, 2023, 11:12am

While I now use a Mini PC as a router, I had a lot of trouble with my previous routers because of lost time.
I use Wireguard (as a client to a VPN provider) and PBR.

I had to somehow force time sync through rc.local

# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

ntpd -d -n -q -N -I wan -p 162.159.200.123 -p 129.250.35.251
sleep 6
ntpd -d -n -q -N -I wan -p 46.243.26.34 -p 40.119.148.38

exit 0

These are the IP address of a few NTP servers. And I had to use the IP because there could be no DNS available at that moment while the VPN is going be established.

For this to work, it was also necessary to add static route to theses addresses to avoid the (not started yet) VPN (in \etc\config\network).

config route
	option interface 'wan'
	option target '162.159.200.123/32'
	option gateway '192.168.1.1'

config route
	option interface 'wan'
	option target '129.250.35.251/32'
	option gateway '192.168.1.1'

config route
	option interface 'wan'
	option target '46.243.26.34/32'
	option gateway '192.168.1.1'

config route
	option interface 'wan'
	option target '46.243.26.34/32'
	option gateway '192.168.1.1'

alannts425 · May 8, 2023, 4:04am

Hi,

You mean in order to work command to the system:

ntpd -d -n -q -N -I wan -p 162.159.200.123 -p 129.250.35.251
sleep 6
ntpd -d -n -q -N -I wan -p 46.243.26.34 -p 40.119.148.38

exit 0

then config the network setting on the following:

config route
	option interface 'wan'
	option target '162.159.200.123/32'
	option gateway '192.168.1.1'

config route
	option interface 'wan'
	option target '129.250.35.251/32'
	option gateway '192.168.1.1'

config route
	option interface 'wan'
	option target '46.243.26.34/32'
	option gateway '192.168.1.1'

config route
	option interface 'wan'
	option target '46.243.26.34/32'
	option gateway '192.168.1.1'

Right?