I have a router running Openwrt 19.07.6
Apply these workarounds:
- https://openwrt.org/docs/guide-user/services/vpn/wireguard/extras#dynamic_connection
- https://openwrt.org/docs/guide-user/services/vpn/wireguard/extras#dynamic_address
If the problem persists, then also apply this and reboot:
Thanks, will give that a go and see what happens. The problem usually happens every 5-7 days therefore I won't know immediately if it helps but will monitor over the week.
The issue still seems to be happening after applying the workarounds. The VPN connection is not dropping but I lose connection on the device that is connected to the router via ethernet cable. This seems to happen about every 5-7 days or so. If I delete the VPN interface in network and set it up again then I'm ok for another 5-7 days.
This issue is doing my head in and I tried searching the forum and can't seem to find a solution. Can you advise?
Thanks.
When the issue happens, collect the diagnostics from both server and client and post it to pastebin.com redacting the private parts:
ubus call system board; uci show network; uci show firewall; crontab -l; \
wg show; ip address show; ip route show table all; ip rule show; iptables-save
I have removed the private keys and ip addresses for VPN.
Thanks.
uci -q delete network.VPNUnlimited.listen_port
uci -q delete network.@wireguard_VPNUnlimited[0].allowed_ips
uci add_list network.@wireguard_VPNUnlimited[0].allowed_ips="0.0.0.0/0"
uci commit network
/etc/init.d/network restart
sleep 10
/etc/init.d/vpn-policy-routing restart
I have tried the above and it's still not working. I don't think the allowed ips was the issue as it still was dropping connection to wired device when set to 0.0.0.0/0.
It is very strange that it's effecting wired connections and not when using wireless. It intially works for almost a week then drops for no reason like it don't like anything plugged into the router.
- Remove the listen port from the WG interface.
- Try restarting the VPN-PBR service.
I have removed listen port and restarted VPN PBR and it did not make any difference. I was thinking is there a way to add device via MAC address in VPN And PBR instead of ip and would this work?
It is more reliable to set up static DHCP leases:
https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#static_leases
I have the same problem as topic-starter. As soon as my internet-provider drops the connection due to account arrears or ISP-router reboots, it is not possible to connect to VPN. Restarting of WG-interface, rebooting openwrt-router, etc result to nothing.
So I try to apply mentioned advises. But
Initially I set up my router according to this manual.
Silmilar topics:
WireGuard only TX no RX traffic
Wireguard interface not working properly after reboot
Wireguard connection not being restored
Increasing metric on the WAN interface should be enough.
I applied dynamic_connection, dynamic_address, race_conditions tweaks, but unfortunately it didn`t help. Please, take a look on the settings.
pastebin
What is the reason for adding that static route and using the custom routing table?
In order to bypass wireguard-VPN for some sites. Found the solution here.
I must admit, that everything works fine with these options, until internet connection, provided by ISP router, drops down. Or power failure. Then it is impossible to connect to VPN-server without creating new interface etc.
Better use this:
uci -q delete network.@route[0]
for IPV in 4 6
do
uci set network.lan.ip${IPV}table="1"
uci set network.wan${IPV%4}.ip${IPV}table="2"
uci -q delete network.lan_wan${IPV%4}
uci set network.lan_wan${IPV%4}="rule${IPV%4}"
uci set network.lan_wan${IPV%4}.in="lan"
uci set network.lan_wan${IPV%4}.mark="1"
uci set network.lan_wan${IPV%4}.lookup="2"
uci set network.lan_wan${IPV%4}.priority="30000"
done
uci commit network
/etc/init.d/network restart
If the issue persists, also enable this:
https://openwrt.org/docs/guide-user/advanced/hotplug_extras
mkdir -p /etc/hotplug.d/online
cat << "EOF" > /etc/hotplug.d/online/00-vpn-reconnect
if [ "${INTERFACE}" != "VPNUnlimited" ]
then ifup VPNUnlimited
fi
EOF
Should I delete any existing options, when apply this?
It already includes the necessary command to resolve conflicts.
Just make it match the traffic mark in the firewall rule.
Finally, I reset openwrt-router to defaults, reinstalled wireguard according to this manual, applied dynamic_address and race_conditions. I will continue testing.