I'm running a wireguard vpn (cloudflare warp) on bt home hub 5a and all seems to behave well except whenever I get a new wan address (~ once every 24h) where the tunnel is established, ipv6 requests work but the ipv4 ones don't.
Most of the times restarting the wireguard interface a couple of times solves the problem but sometimes it doesn't. Any idea what causes this? and how to solve it?
Keep in mind that wan is ipv4 only and ipv6 is provided by the vpn.
I tried different MTU values on both wan and vpn to no avail, the one I'm using currently give me the most stable speeds.
I test connectivity by pinging ipv4 ips (8.8.8.8) vs ipv6 (2001:4860:4860::8888), so that rules out DNS issues.
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'dd5d:1dd2:2300::/48'
option packet_steering '1'
config atm-bridge 'atm'
option encaps 'llc'
option payload 'bridged'
option nameprefix 'dsl'
option vci '38'
option vpi '0'
config dsl 'dsl'
option ds_snr_offset '0'
option annex 'a2p'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config device
option name 'lan1'
option macaddr '34:8a:ae:d6:6d:e2'
config device
option name 'lan2'
option macaddr '34:8a:ae:d6:6d:e2'
config device
option name 'lan3'
option macaddr '34:8a:ae:d6:6d:e2'
config device
option name 'lan4'
option macaddr '34:8a:ae:d6:6d:e2'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'dsl0'
option macaddr '34:8a:ae:d6:6d:e3'
config interface 'wan'
option device 'dsl0'
option proto 'pppoe'
option username '*'
option password '*'
option peerdns '0'
option ipv6 '0'
option keepalive '60 5'
option mtu '1452'
config interface 'warp'
option proto 'wireguard'
option private_key '*'
list addresses '2606:4700:110:8acd:78a2:1220:6989:5304/128'
list addresses '172.16.0.2/32'
option peerdns '0'
option mtu '1392'
config wireguard_warp
option description 'cloudflare_warp'
option public_key 'bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo='
list allowed_ips '::/0'
list allowed_ips '0.0.0.0/0'
option route_allowed_ips '1'
option endpoint_host 'engage.cloudflareclient.com'
option endpoint_port '2408'
option persistent_keepalive '25'
config route
option interface 'wan'
option target '0.0.0.0/0'
option table 'novpn'
config rule
option in 'loopback'
option lookup 'novpn'
option uidrange '123-123'
config rule
option in 'loopback'
option lookup 'novpn'
option uidrange '999-999'
config rule
option in 'lan'
option dest '80.249.64.0/20'
option lookup 'novpn'
config rule
option in 'lan'
option src '192.168.1.254/32'
option lookup 'novpn'
/etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option flow_offloading '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'warp'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'warp'
option masq6 '1'
config forwarding
option src 'lan'
option dest 'warp'
config rule
option name 'novpn-AT'
list proto 'tcp'
option src 'lan'
option dest 'wan'
list dest_ip '80.249.64.0/20'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'novpn-qBitTorrent'
option family 'ipv4'
option src 'lan'
list src_ip '192.168.1.254/32'
option dest 'wan'
option target 'ACCEPT'
list proto 'all
ip route show table all
default dev pppoe-wan table novpn scope link
default dev warp scope link
41.108.96.1 dev pppoe-wan scope link src 41.108.106.110
162.159.192.1 via 41.108.96.1 dev pppoe-wan
192.168.1.0/24 dev br-lan scope link src 192.168.1.1
local 41.108.106.110 dev pppoe-wan table local scope host src 41.108.106.110
broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
local 127.0.0.1 dev lo table local scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
local 172.16.0.2 dev warp table local scope host src 172.16.0.2
broadcast 192.168.1.0 dev br-lan table local scope link src 192.168.1.1
local 192.168.1.1 dev br-lan table local scope host src 192.168.1.1
broadcast 192.168.1.255 dev br-lan table local scope link src 192.168.1.1
2606:4700:110:8acd:78a2:1220:6989:5304 dev warp metric 256
dd5d:1dd2:2300::/64 dev br-lan metric 1024
unreachable dd5d:1dd2:2300::/48 dev lo metric 2147483647
fe80::/64 dev eth0 metric 256
fe80::/64 dev wlan1 metric 256
fe80::/64 dev br-lan metric 256
fe80::/64 dev wlan0 metric 256
fe80::/64 dev dsl0 metric 256
default dev warp metric 1024
local ::1 dev lo table local metric 0
local 2606:4700:110:8acd:78a2:1220:6989:5304 dev warp table local metric 0
anycast dd5d:1dd2:2300:: dev br-lan table local metric 0
local dd5d:1dd2:2300::1 dev br-lan table local metric 0
anycast fe80:: dev eth0 table local metric 0
anycast fe80:: dev wlan1 table local metric 0
anycast fe80:: dev br-lan table local metric 0
anycast fe80:: dev wlan0 table local metric 0
anycast fe80:: dev dsl0 table local metric 0
local fe80::368a:aeff:fed6:6de2 dev br-lan table local metric 0
local fe80::368a:aeff:fed6:6de3 dev dsl0 table local metric 0
local fe80::368a:aeff:fed6:6de4 dev wlan1 table local metric 0
local fe80::368a:aeff:fed6:6de5 dev wlan0 table local metric 0
local fe80::5811:83ff:fead:9352 dev eth0 table local metric 0
multicast ff00::/8 dev eth0 table local metric 256
multicast ff00::/8 dev br-lan table local metric 256
multicast ff00::/8 dev wlan1 table local metric 256
multicast ff00::/8 dev wlan0 table local metric 256
multicast ff00::/8 dev dsl0 table local metric 256
multicast ff00::/8 dev warp table local metric 256