Wireguard not working after latest update

i updated to openwrt 21 today (from 19). I migrated my configuration carefully and everything except for wireguard seems to be working correctly.

I see this kernal log, so it seems to be running

[ 18.495910] wireguard: WireGuard 1.0.0 loaded. See www.wireguard.com for information.
[ 18.503837] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld Jason@zx2c4.com. All Rights Reserved.

I have these installed:

  • wireguard-tools
  • kmod-wireguard
  • luci-app-wireguard
  • luci-proto-wireguard

this was working prior to upgrade so i have it configured

config wireguard_wireguardVPN

config interface 'wireguard'
	option proto 'wireguard'
	option private_key Zzxzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz'
	list addresses ''
	option listen_port '51820'

config wireguard_wireguard
	option description 'iOS'
	option public_key 'Zzxzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz'
	list allowed_ips ''
	option route_allowed_ips '1'

config wireguard_wireguard
	option description 'Android'
	option public_key 'Zzxzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz'
	list allowed_ips ''
	option route_allowed_ips '1'

config wireguard_wireguard
	option description 'Surface'
	option public_key 'Zzxzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz'
	list allowed_ips ''
	option route_allowed_ips '1'

My main client (on my iphone) is already configured. When i click to enable it, there is no error but I dont get vpn icon at the top and connections to resources within my network time out (ie trying to hit my samba share across vpn).
also the wireguard tab doesnt show that it is connected either

How exactly did you do this? Did you keep settings during the upgrade process, or did you reset to defaults and then reconfigure from scratch? If you reconfigured, did you copy files over or copy/paste?

What device are you using?

Did you check your firewall to make sure you have the correct zone assignment and the port opened?

Did you check that your IP address on the WAN is the same as it was prior to the upgrade? In some cases, there were changes to the way that OpenWrt handles the MAC address presented at the WAN for certain devices, so your IP may have changed... and either way, if you're using a dynamic dns domain, you should make sure that it is resolving correctly.

If those questions don't lead you to a resolution, let's see your complete network and firewall files (redacting keys and such, of course).

Did you put your firewall rules back?

1 Like

i updated with force, and did not keep existing settings, such that after upgrade it was all defaults. I installed all the software i needed, and so my etc/config directory was at defaults (untouched).
then i compared each file with my backup and only migrated my additions (like those network configurations posted above)
Linksys WRT3200ACM - OpenWrt 21.02.3 r16554-1d4dea6d4f / LuCI openwrt-21.02 branch git-22.083.69138-0a0ce2a

as far as firewall rules i have added this

config rule
	option src '*'
	option target 'ACCEPT'
	option proto 'udp'
	option name 'Allow-Wireguard-Inbound'
	option dest_port '51820'

im not sure about zone assignment (what should i look for?)
i use ddns so ip shouldnt be an issue (it is resolving, just double checked)

ok im sorry guys
idk what happen but its working now
i didnt change anything since posting this
maybe i just needed to reboot (which i had done, i guess it needed it twice)

Yes, sometimes that is required. Especially if you changed the WG configuration, you need to bounce the WG interface.

1 Like

That often doesn't seem to be enough, but I've yet to work out why.

Yeah, the wireguard instructions from mullvad even point out that more than one reboot may be needed, I wasn't aware either until I saw that.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.