Posted: Thu Jan 06, 2022 10:15 Post subject: Netgear R7000, r47381: Issues with Wireguard, upgrade build?
Hi, I've been running dd wrt r47381 on my Netgear R7000 for a few months now. I setup a Wireguard tunnel to my VPN provider and I noticed that it stops working every few days/weeks and needs to be reset to work again. A simple restart of the tunnel or the router doesn't fix it, I need to go to my VPN provider's website to generate a new Wireguard configuration.
I'm not sure how to investigate the issue, I tried enabling the system logs, but nothing of interest showed up. I am now considering upgrading the dd wrt build to latest build r47976.
I have a few questions:
- Has anyone experienced similar issues with Wireguard and has a solution?
- Is it worth upgrading the build to try to fix this issue?
- I saw that every build release has its own thread and changelog, but is there a single thread somewhere that has all the changelogs together?
Thank you. I will try to contact the provider (Torguard) to see if there is anything they can do.
Shouldn't DD WRT's wireguard utility have the ability to automatically reconnect when the connection is lost? Just like Torguard's own VPN utility does (I haven't tested it myself, but I assume it does). Or is this the newly added failover functionality you mention? Did the failover fix your issues with Keepsolid's wireguard? In which case I would definitely upgrade.
Could it be that the kill switch kicks in and prevents any further attempts made to reconnect?
Should I upgrade, which revision of DD WRT would you recommend? I was thinking of going with the most recent one but I know most recent isn't always best here.
VPN disconnect happened again today. Last handshake was 8 hours ago, so at around midnight CET.
The only thing in the system log (with klogd enabled) is a failure to connect to NTP. So it definitely looks like more an issue on Torguard's side than DD-WRT's.
Edit: it magically started working again after 20 minutes, without me changing anything. I've opened a ticket with TorGuard and will update here later with their answer.
I've attached a log, here are the most interesting bits:
Quote:
// first NTP failure
Jan 7 00:10:06 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPACK(br0) 192.168.1.128 x:x:x:x:x:x x
Jan 7 00:22:42 DD-WRT daemon.debug ntpclient[17501]: Connecting to 2.pool.ntp.org [2001:49f0:d01f:1::2] ...
Jan 7 00:22:45 DD-WRT daemon.debug ntpclient[17501]: Timed out waiting for 2.pool.ntp.org [2001:49f0:d01f:1::2].
Jan 7 00:22:45 DD-WRT daemon.debug ntpclient[17501]: Connecting to y.y.y.y [y.y.y.y] ...
Jan 7 00:22:45 DD-WRT daemon.info ntpclient[17501]: Time set from y.y.y.y [y.y.y.y].
Jan 7 00:22:45 DD-WRT daemon.info process_monitor[8841]: cyclic NTP Update success (servers 2.pool.ntp.org y.y.y.y z.z.z.z)
Jan 7 01:22:50 DD-WRT daemon.err ntpclient[17818]: Failed resolving address to hostname 2.pool.ntp.org: Try again
Jan 7 01:22:50 DD-WRT daemon.err ntpclient[17818]: Failed resolving server 2.pool.ntp.org: Network is down
Jan 7 01:22:50 DD-WRT daemon.notice ntpclient[17818]: Network up, resolved address to hostname y.y.y.y
Jan 7 01:22:50 DD-WRT daemon.debug ntpclient[17818]: Connecting to y.y.y.y [y.y.y.y] ...
Jan 7 01:22:53 DD-WRT daemon.debug ntpclient[17818]: Timed out waiting for y.y.y.y [y.y.y.y].
Jan 7 01:22:53 DD-WRT daemon.debug ntpclient[17818]: Connecting to z.z.z.z [z.z.z.z] ...
Jan 7 01:22:56 DD-WRT daemon.debug ntpclient[17818]: Timed out waiting for z.z.z.z [z.z.z.z].
Jan 7 01:22:56 DD-WRT daemon.err process_monitor[8841]: cyclic NTP Update failed (servers 2.pool.ntp.org y.y.y.y z.z.z.z)
// some warnings
Jan 7 08:02:32 DD-WRT kern.warn kernel: COEX: downgraded chanspec 0x1808 to 0x1006: ctrl channel: 6 existing ext. channel
Jan 7 08:02:32 DD-WRT kern.warn kernel: COEX: downgraded chanspec 0x1803 to 0x1001: channel 6 used by exiting BSSs
Jan 7 08:17:40 DD-WRT kern.warn kernel: COEX: downgraded chanspec 0x1808 to 0x1006: ctrl channel: 6 existing ext. channel
Jan 7 08:17:40 DD-WRT kern.warn kernel: COEX: downgraded chanspec 0x1803 to 0x1001: channel 6 used by exiting BSSs
Jan 7 08:23:06 DD-WRT kern.warn kernel: COEX: downgraded chanspec 0x1808 to 0x1006: ctrl channel: 6 existing ext. channel
Jan 7 08:23:06 DD-WRT kern.warn kernel: COEX: downgraded chanspec 0x1803 to 0x1001: channel 6 used by exiting BSSs
Jan 7 08:23:10 DD-WRT kern.warn kernel: COEX: downgraded chanspec 0x1808 to 0x1006: channel 11 used by exiting BSSs
Jan 7 08:23:18 DD-WRT kern.warn kernel: COEX: downgraded chanspec 0x1808 to 0x1006: ctrl channel: 6 existing ext. channel
Jan 7 08:23:18 DD-WRT kern.warn kernel: COEX: downgraded chanspec 0x1803 to 0x1001: channel 6 used by exiting BSSs
// Network still down
Jan 7 08:24:08 DD-WRT daemon.err ntpclient[19744]: Failed resolving address to hostname 2.pool.ntp.org: Try again
Jan 7 08:24:08 DD-WRT daemon.err ntpclient[19744]: Failed resolving server 2.pool.ntp.org: Network is down
Jan 7 08:24:08 DD-WRT daemon.notice ntpclient[19744]: Network up, resolved address to hostname y.y.y.y
Jan 7 08:24:08 DD-WRT daemon.debug ntpclient[19744]: Connecting to y.y.y.y [y.y.y.y] ...
Jan 7 08:24:11 DD-WRT daemon.debug ntpclient[19744]: Timed out waiting for y.y.y.y [y.y.y.y].
Jan 7 08:24:11 DD-WRT daemon.debug ntpclient[19744]: Connecting to z.z.z.z [z.z.z.z] ...
Jan 7 08:24:14 DD-WRT daemon.debug ntpclient[19744]: Timed out waiting for z.z.z.z [z.z.z.z].
Jan 7 08:24:14 DD-WRT daemon.err process_monitor[8841]: cyclic NTP Update failed (servers 2.pool.ntp.org y.y.y.y z.z.z.z)
// I connect to the network
Jan 7 08:30:58 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPREQUEST(br0) 192.168.1.132 b:b:b:b:b:b
Jan 7 08:30:58 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPACK(br0) 192.168.1.132 b:b:b:b:b:b DESKTOP-XXXXXXX
Jan 7 08:31:59 DD-WRT daemon.info httpd[1864]: httpd : Authentication fail
Jan 7 08:31:59 DD-WRT daemon.err httpd[1864]: httpd : Request Error Code 401: Authorization required. Wrong username and/or password!
Jan 7 08:32:16 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPREQUEST(br0) 192.168.1.132 b:b:b:b:b:b
Jan 7 08:32:16 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPACK(br0) 192.168.1.132 b:b:b:b:b:b DESKTOP-XXXXXXX
Jan 7 08:32:25 DD-WRT daemon.warn dnsmasq[11068]: possible DNS-rebind attack detected: speedport.ip
Jan 7 08:32:49 DD-WRT daemon.warn dnsmasq[11068]: possible DNS-rebind attack detected: speedport.ip
Jan 7 08:33:10 DD-WRT daemon.warn dnsmasq[11068]: possible DNS-rebind attack detected: speedport.ip
Jan 7 08:34:05 DD-WRT daemon.warn dnsmasq[11068]: possible DNS-rebind attack detected: speedport.ip
Jan 7 08:34:15 DD-WRT daemon.warn dnsmasq[19828]: possible DNS-rebind attack detected: speedport.ip
Jan 7 08:36:19 DD-WRT daemon.warn dnsmasq[19903]: possible DNS-rebind attack detected: speedport.ip
Jan 7 08:38:58 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPINFORM(br0) 192.168.1.28 a:a:a:a:a:a
Jan 7 08:38:58 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPACK(br0) 192.168.1.28 a:a:a:a:a:a DESKTOP-XXXXXXX
Jan 7 08:39:00 DD-WRT user.warn igmpproxy[1520]: No interfaces found for source 169.x.x.x
Jan 7 08:39:00 DD-WRT user.warn igmpproxy[1520]: No interfaces found for source 169.x.x.x
Jan 7 08:39:00 DD-WRT user.warn igmpproxy[1520]: No interfaces found for source 169.x.x.x
Jan 7 08:39:00 DD-WRT user.warn igmpproxy[1520]: No interfaces found for source 169.x.x.x
Jan 7 08:39:00 DD-WRT user.warn igmpproxy[1520]: No interfaces found for source 169.x.x.x
Jan 7 08:39:00 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPINFORM(br0) 192.168.1.28 a:a:a:a:a:a
Jan 7 08:39:00 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPACK(br0) 192.168.1.28 a:a:a:a:a:a DESKTOP-XXXXXXX
Jan 7 08:39:01 DD-WRT user.warn igmpproxy[1520]: No interfaces found for source 169.x.x.x
Jan 7 08:39:01 DD-WRT user.warn igmpproxy[1520]: No interfaces found for source 169.x.x.x
Jan 7 08:39:01 DD-WRT user.warn igmpproxy[1520]: No interfaces found for source 169.x.x.x
// Network magically up again around this time
Jan 7 08:39:02 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPINFORM(br0) 192.168.1.28 a:a:a:a:a:a
Jan 7 08:39:02 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPACK(br0) 192.168.1.28 a:a:a:a:a:a DESKTOP-XXXXXXX
Jan 7 08:39:08 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPDISCOVER(br0) 192.168.1.28 a:a:a:a:a:a
Jan 7 08:39:08 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPOFFER(br0) 192.168.1.143 a:a:a:a:a:a
Jan 7 08:39:09 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPDISCOVER(br0) 192.168.1.28 a:a:a:a:a:a
Jan 7 08:39:09 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPOFFER(br0) 192.168.1.143 a:a:a:a:a:a
Jan 7 08:47:57 DD-WRT kern.warn kernel: COEX: downgraded chanspec 0x1808 to 0x1006: channel 11 used by exiting BSSs
Jan 7 08:54:13 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPREQUEST(br0) 192.168.1.132 b:b:b:b:b:b
Jan 7 08:54:13 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPACK(br0) 192.168.1.132 b:b:b:b:b:b DESKTOP-XXXXXXX
I received an answer from the provider. They recommended to use a slightly different endpoint in my Wireguard config instead of the static IP that was assigned to me (x.x.x.242 instead of x.x.x.243). They said "diff IP can sometimes use diff routing thus overcoming any routing related issue".
Either way, for now the problem hasn't reappeared. If it does I will contact them again and update the topic here, in case it can help others.