WireGuard disappears after each episode of wan disconnect

pQd · October 22, 2020, 5:01pm

My OpenWrt router acts as WireGuard client, connecting to a VPS reachable over the internet. I've noticed that each time there's WAN-acting wlan0 disconnection the wg0 interface is gone. wg0 no longer shows up in 'ip a'; 'wg show' does not return anything. 'ifup wg0' does not help. I can bring wg0 back to life either by running '/etc/init.d/network restart' or rebooting the router, but neither feels elegant.

How can I re-start the virtual wg0 interface?

I'm using OpenWrt 19.07.4 r11208-ce6496d796 on NETGEAR WNDR4300. Version of WireGuard:

kmod-wireguard - 4.14.195+1.0.20200611-1
luci-app-wireguard - git-20.287.57033-3d52019-1
luci-proto-wireguard - git-20.287.57033-3d52019-1
wireguard - 1.0.20200611-1
wireguard-tools - 1.0.20191226-1

Relevant part of the configuration:

config interface 'wg0'
        option proto 'wireguard'
        option private_key '......'
        list addresses '172.16.2.7/24'
        option mtu '1300'
        option auto '1'

config wireguard_wg0
        option persistent_keepalive '25'
        option endpoint_port '5172'
        option endpoint_host 'fqdn.of.my.wg.server.com'
        option public_key '......'
        option description 'mywg'
        list allowed_ips '172.16.2.0/24'
        option auto '1'

My wan is unusual - it's a wlan0 interface acting as WiFi station.

Thanks in advance for ideas how to tackle this!

vgaetera · October 22, 2020, 6:10pm

Try those options:

tunlink=wan for the VPN interface similar to other tunneling protocols.
type=bridge for the WAN interface.
Hotplug script for the VPN interface.

pQd · October 24, 2020, 3:59pm

thank you @vgaetera ; while initially it seemed that setting tunlink helped - it did not.

bridge does not seem to be appropriate in my case - i'm not bridging my [wireless] WAN anywhere, on that side WiFi card acts as s WiFi client.

ifup wg0 does not bring wireguard up, when issued from command line, so i dont think it would help.

sample log output of situation where wg0 went definitively down, together with WiFi-based WAN [ wifiwan ] and never came back, even after WiFi uplink was restored:

Sat Oct 24 14:11:58 2020 daemon.notice netifd: Interface 'wifiwan' is now up
Sat Oct 24 14:11:58 2020 daemon.info dnsmasq[1701]: reading /tmp/resolv.conf.auto
Sat Oct 24 14:11:58 2020 daemon.info dnsmasq[1701]: using local addresses only for domain test
Sat Oct 24 14:11:58 2020 daemon.info dnsmasq[1701]: using local addresses only for domain onion
Sat Oct 24 14:11:58 2020 daemon.info dnsmasq[1701]: using local addresses only for domain localhost
Sat Oct 24 14:11:58 2020 daemon.info dnsmasq[1701]: using local addresses only for domain local
Sat Oct 24 14:11:58 2020 daemon.info dnsmasq[1701]: using local addresses only for domain invalid
Sat Oct 24 14:11:58 2020 daemon.info dnsmasq[1701]: using local addresses only for domain bind
Sat Oct 24 14:11:58 2020 daemon.info dnsmasq[1701]: using local addresses only for domain lan
Sat Oct 24 14:11:58 2020 daemon.info dnsmasq[1701]: using nameserver 8.8.8.8#53
Sat Oct 24 14:11:58 2020 daemon.info dnsmasq[1701]: using nameserver 8.8.4.4#53
Sat Oct 24 14:11:59 2020 user.notice firewall: Reloading firewall due to ifup of wifiwan (wlan0)
Sat Oct 24 14:11:59 2020 daemon.notice netifd: wg0 (7343): Try again: `my.vpn.address:1234'. Trying again in 1.00 seconds...
Sat Oct 24 14:12:00 2020 daemon.notice netifd: Interface 'wg0' is now up
Sat Oct 24 14:12:00 2020 daemon.notice netifd: Network device 'wg0' link is up
Sat Oct 24 14:12:01 2020 user.notice firewall: Reloading firewall due to ifup of wg0 (wg0)
Sat Oct 24 14:41:59 2020 daemon.notice netifd: wifiwan (7400): udhcpc: sending renew to 10.2.0.1
Sat Oct 24 14:41:59 2020 daemon.notice netifd: wifiwan (7400): udhcpc: lease of 10.2.129.22 obtained, lease time 3600
Sat Oct 24 15:11:56 2020 daemon.notice wpa_supplicant[1639]: wlan0: RSN: PMKID mismatch - authentication server may have derived different MSK?!
Sat Oct 24 15:11:56 2020 kern.info kernel: [68623.870994] wlan0: deauthenticating from 92:5c:11:11:11:57 by local choice (Reason: 1=UNSPECIFIED)
Sat Oct 24 15:11:57 2020 daemon.notice netifd: Network device 'wlan0' link is down
Sat Oct 24 15:11:57 2020 daemon.notice netifd: Interface 'wifiwan' has link connectivity loss
Sat Oct 24 15:11:57 2020 daemon.notice wpa_supplicant[1639]: wlan0: CTRL-EVENT-DISCONNECTED bssid=92:5c:11:11:11:57 reason=1 locally_generated=1
Sat Oct 24 15:11:57 2020 daemon.notice netifd: wifiwan (7400): udhcpc: received SIGTERM
Sat Oct 24 15:11:57 2020 daemon.notice netifd: Interface 'wifiwan' is now down
Sat Oct 24 15:11:57 2020 daemon.notice netifd: Interface 'wg0' has lost the connection
Sat Oct 24 15:11:57 2020 daemon.warn dnsmasq[1701]: no servers found in /tmp/resolv.conf.auto, will retry
Sat Oct 24 15:11:57 2020 daemon.notice netifd: Interface 'wifiwan' is disabled
Sat Oct 24 15:11:57 2020 daemon.notice netifd: Interface 'wifiwan' is enabled
Sat Oct 24 15:11:57 2020 daemon.notice netifd: Network device 'wg0' link is down
Sat Oct 24 15:11:57 2020 daemon.notice netifd: Interface 'wg0' is now down
Sat Oct 24 15:11:57 2020 daemon.notice netifd: Interface 'wg0' is setting up now
Sat Oct 24 15:11:58 2020 daemon.notice netifd: Interface 'wg0' is now down

# ^ - it's down and no longer comes back

Sat Oct 24 15:11:58 2020 daemon.notice wpa_supplicant[1639]: wlan0: SME: Trying to authenticate with 36:2c:11:11:11:11  (SSID='ssid-of-wifi' freq=2462 MHz)
Sat Oct 24 15:11:58 2020 kern.info kernel: [68625.470916] wlan0: authenticate with 36:2c:11:11:11:11 
Sat Oct 24 15:11:58 2020 kern.info kernel: [68625.493413] wlan0: send auth to 36:2c:11:11:11:11  (try 1/3)
Sat Oct 24 15:11:58 2020 kern.info kernel: [68625.592170] wlan0: send auth to 36:2c:11:11:11:11  (try 2/3)
Sat Oct 24 15:11:58 2020 kern.info kernel: [68625.627692] wlan0: send auth to 36:2c:11:11:11:11  (try 3/3)
Sat Oct 24 15:11:58 2020 kern.info kernel: [68625.684958] wlan0: authentication with 36:2c:11:11:11:11  timed out
Sat Oct 24 15:11:59 2020 daemon.notice wpa_supplicant[1639]: wlan0: SME: Trying to authenticate with 92:5c:11:11:11:57 (SSID='ssid-of-wifi' freq=2437 MHz)
Sat Oct 24 15:11:59 2020 kern.info kernel: [68626.861245] wlan0: authenticate with 92:5c:11:11:11:57
Sat Oct 24 15:11:59 2020 kern.info kernel: [68626.883589] wlan0: send auth to 92:5c:11:11:11:57 (try 1/3)
Sat Oct 24 15:11:59 2020 daemon.notice wpa_supplicant[1639]: wlan0: Trying to associate with 92:5c:11:11:11:57 (SSID='ssid-of-wifi' freq=2437 MHz)
Sat Oct 24 15:11:59 2020 kern.info kernel: [68626.891232] wlan0: authenticated
Sat Oct 24 15:11:59 2020 kern.info kernel: [68626.895448] wlan0: associating with AP with corrupt probe response
Sat Oct 24 15:11:59 2020 kern.info kernel: [68626.902115] wlan0: associate with 92:5c:11:11:11:57 (try 1/3)
Sat Oct 24 15:11:59 2020 daemon.notice wpa_supplicant[1639]: wlan0: Associated with 92:5c:11:11:11:57
Sat Oct 24 15:11:59 2020 daemon.notice netifd: Network device 'wlan0' link is up
Sat Oct 24 15:11:59 2020 daemon.notice netifd: Interface 'wifiwan' has link connectivity