Wireguard slow to restart after sleep

Dear Comunity,

i've been running in this problem in the last 2 months. I have tried to change router, change provider, cables but still facing the same problem: until i'm surfing or downloading though wireguard everything works fine. But as soon as i disconnect the device (laptop or phone) from wireguard it goes to sleep and doesnt restart until i reconnect the device and open few webpages and wait few minutes.
Sounds like the keepalive doesnt keep it on (i tried all numbers from 0 to 25).

This is my configuration:
Xiaomi4 with my ISP (had an asus 88u with same issue before) with port forwarding 51820.
TPLink wdr4300 with snapshot last version with wideguard.

Let me know what i can share to sort it out please!

  • Are you ruining Wireguard on the Laptop/Phone, or on the OprnWrt router?
  • If not on the router, how is this related to OpenWrt?
  • Keepalive has to be run from the peer whose firewall isn't open
  • If a downstream router is running Wireguard, ensure that the upstream routers doesn't have a UDP port timeout shorter than the keep alive

Also, per the Community Guidelines, please refrain from signing your posts.

Hello,

Thanks for replay.

Wireguard is on the tplink with openwrt. Upstream I have a xiaomi with the isp provider on pppoe. I tried both with forwarding the 51820 upd and DMZ. Same results. As soon I stop using wireguard it goes on idle and it super slot to restart. No issue with handshake. 0.0.0.0/0 for allowed routes.

If you disconnected all remote peers, there is nothing to keep alive. You're describing normal behavior.

BTW, @Stefano380, welcome to the community and please refrain from signing your posts.

That make sense. But For example I have a voip connected and if wireguard is not alive it doesn’t work. Same if connect to the wifi with my phone to go under wireguard it’s too slow and need long time to go back on a decent speed to use it.

Then don't turn it off.

Wireguard is an instant-on technology. There should be little perceivable delay when connecting for most users. It's hard to understand what could be occurring with the "slowness" you describe.

  • Is the "slowness" on the phone or router?

I guess is slow from the router because once it goes silent it take time with whatever get connected (can be the phone, tv, laptop.. ) once it goes back on everything works fine until I stop using it again. That’s why my though went to the keepalive.

  • Can you describe slow???

If you turn off the connection, there is nothing to keep alive. In order for keep alive to work, keep those peers turned ON.

Slow I mean: connect my phone to the wifi and load a webpage. It take 30 second to open (if i’m Lucky and I don’t get error). To speed up I have to open 3/4 pages as the same time. Same story on a laptop. Both cable and wifi. VoIP .. once I get a call I can hear but they can’t. Need 3/4 call before talk properly. Tv: open and online service and it keep loading. Need to scroll 3/4 app and the it works.

Are you using Wireguard internally; if so why?
Perhaps you do have a config issue. Can you post the relevant sections of /etc/config/wireguard

I use the wifi from the tplink with wireguard because of my isp .. i’ll Forward you the log, thanks!

  • Your peer should not a defined port and IP
  • The keep alive should be configured on the device (Phone and Laptops)
  • If your peer is only a phone or laptop, the allowed IPs should not be 0.0.0.0/0
  • Only use 0.0.0.0/0 for allowed IPs on a VPN connection
  • Use something e.g. 10.1.0.14/32 for the displayed peer
  • You haven't allowed the WG firewall zone to forward anywhere
  • I only see one peer setting, you need a peer config for each device
1 Like

Thanks!
I though 0.0.0.0/0 was useful to have wireguard on whatever device need to go with vpn. In this way I can just connect on that wifi and use it. Don’t need to be always under vpn that why I have this dedicated second router for wireguard.

Perhaps I just don't understand your use case, or why you need a second router to do so.

If I understand correctly, your far-end is a VPN, or you're making a VPN server with the OpenWrt. In any case, you don't need a second router for that AP, unless you have a WiFi chip limitation only permitting one SSID.

Glad you got it working!

I have to try your setting once back from work. I have a separate router because the tplink has bad performance so I need my isp on a proper one and live the wireguard on a separate router. And following the mullvad guide is where I get the setting that I show You. I’ll let you know ... thanks

1 Like

Hi,

i'm still having trouble setting up. The guide that i can find around are showing setting similar to mine for for the client (i dont need a server since i'm using it purely for vpn correct??? ).

How should be my firewall setting?

thanks!