I have recently set up my OpenWRT router with Wireguard following the recommended instructions on the wiki but been running into a weird issue where my router eventually loses access to the internet through the VPN. By rebooting the router I am able to re-establish a connection, but the connection will eventually fail again after a few hours and require a reboot.
Some other details:
- The connection time drop corresponds with the last valid handshake.
- I am able to ping the VPN server from the router.
Any help would be appreciated!
Does normal internet get interrupted when the WG tunnel goes down? Is there a pattern to the issue (specific time of day or duration since last reboot)? Can you still access the router itself when the connection goes down? Have you looked at the logs?
1 Like
Does normal internet get interrupted when the WG tunnel goes down?
Yes, I lose my internet connection when the WG tunnel goes down.
Is there a pattern to the issue (specific time of day or duration since last reboot)?
I haven't noticed any specific pattern.
Can you still access the router itself when the connection goes down?
Yep, through the gui and terminal.
Have you looked at the logs?
I have (at least the kernel and syslogs), but haven't noticed anything particularly out of the ordinary. If there's a way to see wireguard specific logs or something that would be super helpful as well.
I should have also asked if you have a VPN kill switch (i.e. firewall only allowing LAN > VPN traffic, not allowing LAN > WAN).
Other things that could be relevant -- have you tried ping tests from the router itself (such as an ssh session) to see if it can reach the internet?
There are three broad possible culprits I can think of, and you'll need to see if you can figure out where things are going wrong: WAN interface issue, local WG issue, VPN provider/endpoint issue.
This could be a DHCP (or PPPoE) issue from the ISP. If your DHCP lease (or PPPoE session) expires, it will drop the connection. It is possible that your reboot is bringing this back online. If you're using a DHCP based connection on the WAN, issue the following command to see what is happening with the lease. (I don't know how to check PPPoE as I have never personally used this connection type.)
logread | grep udhcpc
You could also try to restart your WAN interface. If that restores connectivity, it is a WAN thing, not a WG thing.
If those don't reveal anything useful, try restarting your WG interface. If it restores the connection, you are looking at either a local or remote WG issue. My guess is that it would be the remote peer (your VPN provider), but we can try to figure out anything else that might cause it on your end.