Hi,
i have a setup to route all traffic from the interface extvpn through the interface mullvad. I need to do ifup wan once a day (24h forced reconnect by ISP).
For the past few years this setup worked flawlessly, but since a few weeks the interface mullvad is not coming up after every third of fourth ifup wan. Carrier is shown as absent, restart of mullvad is not helping, so far only ifup wan fixes the issue.
Happens for 24.10 and 25.12 versions. I have the feeling, that i am running in some race condition, but have no idea how to fix this.
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdb0:92f3:4e73::/48'
option dhcp_default_duid 'XXX'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan.10'
option proto 'static'
option ipaddr '10.153.200.1'
option netmask '255.255.255.0'
option ip6assign '64'
config interface 'wan'
option device 'wan.7'
option proto 'pppoe'
option username 'XXX'
option password 'XXX'
option ipv6 '1'
option peerdns '0'
list dns '9.9.9.9'
list dns '149.112.112.112'
config interface 'wan6'
option device '@wan'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option peerdns '0'
list dns '2620:fe::fe'
list dns '2620:fe::9'
config interface 'modem'
option device 'wan'
option proto 'static'
option ipaddr '192.168.1.2'
option netmask '255.255.255.0'
config interface 'guest'
option device 'br-lan.30'
option proto 'static'
option ipaddr '10.153.202.1'
option netmask '255.255.255.0'
option ip6assign '64'
config interface 'vpn'
option proto 'wireguard'
option private_key 'XXX'
list addresses '10.153.201.1/24'
option listen_port '51820'
config wireguard_vpn
option description 'iPhone'
option public_key 'XXX'
list allowed_ips '10.153.201.10/32'
config wireguard_vpn
option description 'iPad'
option public_key 'XXX'
list allowed_ips '10.153.201.11/32'
config wireguard_vpn
option description 'MacBook'
option public_key 'XXX'
list allowed_ips '10.153.201.12/32'
config wireguard_vpn
option description 'TravelRouter'
option public_key 'XXX'
list allowed_ips '10.153.201.13/32'
config interface 'extvpn'
option device 'br-lan.20'
option proto 'static'
option ipaddr '10.153.203.1'
option netmask '255.255.255.0'
config interface 'mullvad'
option proto 'wireguard'
option private_key 'XXX'
list addresses 'XXX/32'
config wireguard_mullvad
option description 'nl-ams-wg-004'
option public_key 'XXX'
option endpoint_host '193.32.249.69'
option endpoint_port '51820'
list allowed_ips '0.0.0.0/0'
config rule
option in 'extvpn'
option lookup '100'
config route
option interface 'mullvad'
option target '0.0.0.0/0'
option table '100'
config route
option interface 'lan'
option target '10.153.200.0/24'
option table '100'
config route
option interface 'vpn'
option target '10.153.201.0/24'
option table '100'
config bridge-vlan
option device 'br-lan'
option vlan '10'
list ports 'lan3:u*'
list ports 'lan4:u*'
config bridge-vlan
option device 'br-lan'
option vlan '20'
list ports 'lan1:u*'
list ports 'lan4:t'
config bridge-vlan
option device 'br-lan'
option vlan '30'
list ports 'lan2:u*'
config interface 'iot'
option proto 'static'
option device 'br-lan.40'
option ipaddr '10.153.204.1'
option netmask '255.255.255.0'
/etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option syn_flood '1'
config zone
option name 'lan'
list network 'lan'
list network 'vpn'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
list network 'modem'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src '*'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config zone
option name 'guest'
list network 'guest'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config rule
option name 'Allow-DHCP-DNS-guest'
option src 'guest'
option target 'ACCEPT'
option dest_port '53 67 547'
config forwarding
option src 'guest'
option dest 'wan'
config rule
option name 'Allow-DHCP-extvpn'
option src 'extvpn'
option dest_port '67'
list proto 'udp'
option target 'ACCEPT'
config zone
option name 'extvpn'
list network 'extvpn'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'mullvad'
list network 'mullvad'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
config forwarding
option src 'extvpn'
option dest 'mullvad'
config forwarding
option src 'lan'
option dest 'extvpn'
config redirect
option name 'Intercept-DNS-lan'
option src 'lan'
option src_dport '53'
option family 'any'
option target 'DNAT'
config redirect
option name 'Intercept-DNS-guest'
option src 'guest'
option src_dport '53'
option family 'any'
option target 'DNAT'
config redirect
option name 'Intercept-NTP-lan'
list proto 'udp'
option src 'lan'
option src_dport '123'
option family 'any'
option target 'DNAT'
config redirect
option name 'Intercept-NTP-guest'
list proto 'udp'
option src 'guest'
option src_dport '123'
option family 'any'
option target 'DNAT'
config rule
option name 'Allow-Wireguard-wan'
list proto 'udp'
option src 'wan'
option dest_port '51820'
option target 'ACCEPT'
config redirect
option name 'Redirect-Wireguard-wan'
list proto 'udp'
option src 'wan'
option src_dport '123'
option dest_port '51820'
option family 'any'
option target 'DNAT'
config zone
option name 'iot'
list network 'iot'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config forwarding
option src 'iot'
option dest 'wan'
config rule
option name 'Allow-DHCP-DNS-iot'
option src 'iot'
option target 'ACCEPT'
option dest_port '53 67'
config forwarding
option src 'lan'
option dest 'iot'
config redirect
option name 'Intercept-DNS-iot'
option src 'iot'
option src_dport '53'
option family 'any'
option target 'DNAT'
config redirect
option name 'Intercept-NTP-iot'
list proto 'udp'
option src 'iot'
option src_dport '123'
option family 'any'
option target 'DNAT'