Wireguard restart: no connection

ciccio.reborn · December 25, 2019, 10:45am

Hi,

I have a problem with wireguard connection: every time I reboot router (or restart the interface), wireguard doesn't comes up.

I started from scratch: I installed openwrt 19rc2 and setup initial config (no wireguard): all works very good.

Then I installed wireguard packages (wireguard: 0.0.20190702-1) and created/configured wireguard interface, wg01 (for my need I use wireguard connection as wireguard client with a VPN provider):

config interface 'wg01'
option proto 'wireguard'
option private_key 'my_private_key'
option listen_port '55444'
list addresses 'my_ip_address_from_my_provider/32'
option delegate '0'
option auto '0'

config wireguard_wg01
option public_key 'public_key_of_server_vpn_provider'
option description '......'
option persistent_keepalive '25'
option endpoint_port '51820'
list allowed_ips '0.0.0.0/0'
option endpoint_host 'vpn_provider_server_address'

N.B: at this moment, I don't set any routing for this interface and also wg01 interface is not started at router's boot

After reboot, I restart wg01 interface but

ping -I wg01 8.8.8.8

not works (no replies).

So, after reading about the problem with timesynch/low entropy and wireguard, I

disabled sysntpd
installed and configured ntpd
verified ntpd synch with ntpq -pn command

Finally, I also installed rngd and configured with

config rngd
option enabled '1'
option device '/dev/hwrng'

and I also installed haveged package.

Then, I checked my entropy:
cat /proc/sys/kernel/random/entropy_avail
3085

After all this, I restarted wg01 interface:sometimes wireguard comes up (after some minutes), sometimes no (even after 30 minutes).

Finally, if I reboot my router, wireguard doesn't works never (until I manually stop it, and restart it manually many times).

I do not know what else to do: can you help me?

Thanks in advance

mikma · December 25, 2019, 10:53am

What happens if you set auto to '1', to bring up the interface on boot? (Or remove the option since '1' is default for all proto except 'none'.)

ciccio.reborn · December 25, 2019, 6:27pm

I tried without option auto '1' but the result is the same

lleachii · December 27, 2019, 3:10pm

Remove port 55444 from the OpenWrt side.

Not sure what these are, remove them.

ciccio.reborn · January 6, 2020, 8:50pm

Hi,

I tried as suggested without any result: do you have any other idea?

In this moment, I restarted my router and, with the same working configuration, nothing works.

I am really desperate.

lleachii · January 6, 2020, 10:12pm

What tests or observations are you making to determine that the WG didn't come up?
Do you have access to the config on the server?

How do you ping 8.8.8.8 if you never made a route?
What do you mean by "not started"
Are you adding routes before you test?
To confirm - make sure you use two routes instead of 0.0.0.0/0:
- 0.0.0.0/1
- 128.0.0.0/1

Are you sure that you're just not failing to add routes to the Internet?

You are aware that the WG won't come "up" until you try to pass traffic, correct?

ciccio.reborn · January 7, 2020, 3:53pm

I use a VPN Provider (mullvad and/or ivpn) as wireguard server, so I haven't access to server's config.

I don't made a route on wireguard config because I use mwan3 (or vpr) to dynamic routing, based on source/destination address and/or port and so on.

When I boot my router, wireguard interface comes up but no traffic flows through it: to test it, I use normally a client, configured on mwan3 (based on IP source address) to use only wireguard interface.

With wireguard interface started, I ping 8.8.8.8 from this specific client: normally, after some hours (normally from 1 to 4 hours), ping replies.

For example, yesterday I:

booted at 20:00:37
wan and wireguard interfaces comes up at 20:00:42
checked time synch (via ntpd, synch ok) and entropy value (3305)
at 20:02:00, started ping 8.8.8.8 from client-wireguard-only, no ping replies until 23:19:53
at 20:02:00, started ping 8.8.8.8 from any other client (only wan interface), reply ok

stangri · January 7, 2020, 4:42pm

Could it be the endpoint issue and not an issue with your config?

ciccio.reborn · January 7, 2020, 6:51pm

Yes, if it happens every now and then but it happens to me at every reboot.

Can it depend on the fact that openwrt is on a virtual machine (ESXi 6.7)?

ciccio.reborn · January 15, 2020, 5:21pm

Hi,

I made some progress but it's very very odd.

I find that, with wireguard interface started (at roouter's boot or also manually), I get no internet connection but if, during this phase, I change firewall settings on my ISP's router (Vodafone Station), from on-to-off or from off-to-on, the connection is immediately established.

Same behaviour if I add or remove on the same router any port on port-forwarding page: maybe I'm going crazy.

Do you have any idea why this behaviour?

Thanks