Netgear R7000, r47381: Issues with Wireguard, upgrade build?

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
JMuller
DD-WRT Novice


Joined: 06 Jan 2022
Posts: 18

PostPosted: Thu Jan 06, 2022 10:15    Post subject: Netgear R7000, r47381: Issues with Wireguard, upgrade build? Reply with quote
Hi, I've been running dd wrt r47381 on my Netgear R7000 for a few months now. I setup a Wireguard tunnel to my VPN provider and I noticed that it stops working every few days/weeks and needs to be reset to work again. A simple restart of the tunnel or the router doesn't fix it, I need to go to my VPN provider's website to generate a new Wireguard configuration.

I'm not sure how to investigate the issue, I tried enabling the system logs, but nothing of interest showed up. I am now considering upgrading the dd wrt build to latest build r47976.

I have a few questions:
- Has anyone experienced similar issues with Wireguard and has a solution?
- Is it worth upgrading the build to try to fix this issue?
- I saw that every build release has its own thread and changelog, but is there a single thread somewhere that has all the changelogs together?
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu Jan 06, 2022 10:30    Post subject: Reply with quote
I think it is the provider which is at fault.

I have two VPN providers Keepsolid and Mullvad.
I have this same behaviour as you describe with Keepsolid.

There server seems to go down occasionally and the configuration lost or something.

Upgraded builds have a fail over, if one tunnel is down the next tunnel will be started.

WireGuard and OpenVPN have their own changelogs (see the build threads)

General changelog: https://svn.dd-wrt.com/

I have transferred this thread to the Advanced Networking forum as this is of interests to us all Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
JMuller
DD-WRT Novice


Joined: 06 Jan 2022
Posts: 18

PostPosted: Thu Jan 06, 2022 11:07    Post subject: Reply with quote
Thank you. I will try to contact the provider (Torguard) to see if there is anything they can do.

Shouldn't DD WRT's wireguard utility have the ability to automatically reconnect when the connection is lost? Just like Torguard's own VPN utility does (I haven't tested it myself, but I assume it does). Or is this the newly added failover functionality you mention? Did the failover fix your issues with Keepsolid's wireguard? In which case I would definitely upgrade.

Could it be that the kill switch kicks in and prevents any further attempts made to reconnect?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu Jan 06, 2022 11:27    Post subject: Reply with quote
WireGuard has the ability to reconnect that has nothing to do with DDWRT.

But WireGuard does not as the configuration does not appear to be valid any more

DDWRT is used to setup WireGuard but when it is running it is just WireGuard.

The Fail over is DDWRT specific it is running a watchdog to see if the connection is gone.

Don't be surprised if TorGuard (or any other VPN provider) will not admit any fault on their side.
Although TorGuard has a good reputation.

Truth is WireGuard is becoming hugely popular and often providers can not keep up.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
JMuller
DD-WRT Novice


Joined: 06 Jan 2022
Posts: 18

PostPosted: Thu Jan 06, 2022 12:11    Post subject: Reply with quote
Should I upgrade, which revision of DD WRT would you recommend? I was thinking of going with the most recent one but I know most recent isn't always best here.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu Jan 06, 2022 12:17    Post subject: Reply with quote
You should check the build threads if the build is good for your router.
47976 is just out Smile

See the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
JMuller
DD-WRT Novice


Joined: 06 Jan 2022
Posts: 18

PostPosted: Fri Jan 07, 2022 7:44    Post subject: Reply with quote
VPN disconnect happened again today. Last handshake was 8 hours ago, so at around midnight CET.

The only thing in the system log (with klogd enabled) is a failure to connect to NTP. So it definitely looks like more an issue on Torguard's side than DD-WRT's.

Edit: it magically started working again after 20 minutes, without me changing anything. I've opened a ticket with TorGuard and will update here later with their answer.

I've attached a log, here are the most interesting bits:
Quote:

// first NTP failure
Jan 7 00:10:06 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPACK(br0) 192.168.1.128 x:x:x:x:x:x x
Jan 7 00:22:42 DD-WRT daemon.debug ntpclient[17501]: Connecting to 2.pool.ntp.org [2001:49f0:d01f:1::2] ...
Jan 7 00:22:45 DD-WRT daemon.debug ntpclient[17501]: Timed out waiting for 2.pool.ntp.org [2001:49f0:d01f:1::2].
Jan 7 00:22:45 DD-WRT daemon.debug ntpclient[17501]: Connecting to y.y.y.y [y.y.y.y] ...
Jan 7 00:22:45 DD-WRT daemon.info ntpclient[17501]: Time set from y.y.y.y [y.y.y.y].
Jan 7 00:22:45 DD-WRT daemon.info process_monitor[8841]: cyclic NTP Update success (servers 2.pool.ntp.org y.y.y.y z.z.z.z)
Jan 7 01:22:50 DD-WRT daemon.err ntpclient[17818]: Failed resolving address to hostname 2.pool.ntp.org: Try again
Jan 7 01:22:50 DD-WRT daemon.err ntpclient[17818]: Failed resolving server 2.pool.ntp.org: Network is down
Jan 7 01:22:50 DD-WRT daemon.notice ntpclient[17818]: Network up, resolved address to hostname y.y.y.y
Jan 7 01:22:50 DD-WRT daemon.debug ntpclient[17818]: Connecting to y.y.y.y [y.y.y.y] ...
Jan 7 01:22:53 DD-WRT daemon.debug ntpclient[17818]: Timed out waiting for y.y.y.y [y.y.y.y].
Jan 7 01:22:53 DD-WRT daemon.debug ntpclient[17818]: Connecting to z.z.z.z [z.z.z.z] ...
Jan 7 01:22:56 DD-WRT daemon.debug ntpclient[17818]: Timed out waiting for z.z.z.z [z.z.z.z].
Jan 7 01:22:56 DD-WRT daemon.err process_monitor[8841]: cyclic NTP Update failed (servers 2.pool.ntp.org y.y.y.y z.z.z.z)

// some warnings
Jan 7 08:02:32 DD-WRT kern.warn kernel: COEX: downgraded chanspec 0x1808 to 0x1006: ctrl channel: 6 existing ext. channel
Jan 7 08:02:32 DD-WRT kern.warn kernel: COEX: downgraded chanspec 0x1803 to 0x1001: channel 6 used by exiting BSSs
Jan 7 08:17:40 DD-WRT kern.warn kernel: COEX: downgraded chanspec 0x1808 to 0x1006: ctrl channel: 6 existing ext. channel
Jan 7 08:17:40 DD-WRT kern.warn kernel: COEX: downgraded chanspec 0x1803 to 0x1001: channel 6 used by exiting BSSs
Jan 7 08:23:06 DD-WRT kern.warn kernel: COEX: downgraded chanspec 0x1808 to 0x1006: ctrl channel: 6 existing ext. channel
Jan 7 08:23:06 DD-WRT kern.warn kernel: COEX: downgraded chanspec 0x1803 to 0x1001: channel 6 used by exiting BSSs
Jan 7 08:23:10 DD-WRT kern.warn kernel: COEX: downgraded chanspec 0x1808 to 0x1006: channel 11 used by exiting BSSs
Jan 7 08:23:18 DD-WRT kern.warn kernel: COEX: downgraded chanspec 0x1808 to 0x1006: ctrl channel: 6 existing ext. channel
Jan 7 08:23:18 DD-WRT kern.warn kernel: COEX: downgraded chanspec 0x1803 to 0x1001: channel 6 used by exiting BSSs

// Network still down
Jan 7 08:24:08 DD-WRT daemon.err ntpclient[19744]: Failed resolving address to hostname 2.pool.ntp.org: Try again
Jan 7 08:24:08 DD-WRT daemon.err ntpclient[19744]: Failed resolving server 2.pool.ntp.org: Network is down
Jan 7 08:24:08 DD-WRT daemon.notice ntpclient[19744]: Network up, resolved address to hostname y.y.y.y
Jan 7 08:24:08 DD-WRT daemon.debug ntpclient[19744]: Connecting to y.y.y.y [y.y.y.y] ...
Jan 7 08:24:11 DD-WRT daemon.debug ntpclient[19744]: Timed out waiting for y.y.y.y [y.y.y.y].
Jan 7 08:24:11 DD-WRT daemon.debug ntpclient[19744]: Connecting to z.z.z.z [z.z.z.z] ...
Jan 7 08:24:14 DD-WRT daemon.debug ntpclient[19744]: Timed out waiting for z.z.z.z [z.z.z.z].
Jan 7 08:24:14 DD-WRT daemon.err process_monitor[8841]: cyclic NTP Update failed (servers 2.pool.ntp.org y.y.y.y z.z.z.z)

// I connect to the network
Jan 7 08:30:58 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPREQUEST(br0) 192.168.1.132 b:b:b:b:b:b
Jan 7 08:30:58 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPACK(br0) 192.168.1.132 b:b:b:b:b:b DESKTOP-XXXXXXX
Jan 7 08:31:59 DD-WRT daemon.info httpd[1864]: httpd : Authentication fail
Jan 7 08:31:59 DD-WRT daemon.err httpd[1864]: httpd : Request Error Code 401: Authorization required. Wrong username and/or password!
Jan 7 08:32:16 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPREQUEST(br0) 192.168.1.132 b:b:b:b:b:b
Jan 7 08:32:16 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPACK(br0) 192.168.1.132 b:b:b:b:b:b DESKTOP-XXXXXXX
Jan 7 08:32:25 DD-WRT daemon.warn dnsmasq[11068]: possible DNS-rebind attack detected: speedport.ip
Jan 7 08:32:49 DD-WRT daemon.warn dnsmasq[11068]: possible DNS-rebind attack detected: speedport.ip
Jan 7 08:33:10 DD-WRT daemon.warn dnsmasq[11068]: possible DNS-rebind attack detected: speedport.ip
Jan 7 08:34:05 DD-WRT daemon.warn dnsmasq[11068]: possible DNS-rebind attack detected: speedport.ip
Jan 7 08:34:15 DD-WRT daemon.warn dnsmasq[19828]: possible DNS-rebind attack detected: speedport.ip
Jan 7 08:36:19 DD-WRT daemon.warn dnsmasq[19903]: possible DNS-rebind attack detected: speedport.ip
Jan 7 08:38:58 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPINFORM(br0) 192.168.1.28 a:a:a:a:a:a
Jan 7 08:38:58 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPACK(br0) 192.168.1.28 a:a:a:a:a:a DESKTOP-XXXXXXX
Jan 7 08:39:00 DD-WRT user.warn igmpproxy[1520]: No interfaces found for source 169.x.x.x
Jan 7 08:39:00 DD-WRT user.warn igmpproxy[1520]: No interfaces found for source 169.x.x.x
Jan 7 08:39:00 DD-WRT user.warn igmpproxy[1520]: No interfaces found for source 169.x.x.x
Jan 7 08:39:00 DD-WRT user.warn igmpproxy[1520]: No interfaces found for source 169.x.x.x
Jan 7 08:39:00 DD-WRT user.warn igmpproxy[1520]: No interfaces found for source 169.x.x.x
Jan 7 08:39:00 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPINFORM(br0) 192.168.1.28 a:a:a:a:a:a
Jan 7 08:39:00 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPACK(br0) 192.168.1.28 a:a:a:a:a:a DESKTOP-XXXXXXX
Jan 7 08:39:01 DD-WRT user.warn igmpproxy[1520]: No interfaces found for source 169.x.x.x
Jan 7 08:39:01 DD-WRT user.warn igmpproxy[1520]: No interfaces found for source 169.x.x.x
Jan 7 08:39:01 DD-WRT user.warn igmpproxy[1520]: No interfaces found for source 169.x.x.x

// Network magically up again around this time
Jan 7 08:39:02 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPINFORM(br0) 192.168.1.28 a:a:a:a:a:a
Jan 7 08:39:02 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPACK(br0) 192.168.1.28 a:a:a:a:a:a DESKTOP-XXXXXXX
Jan 7 08:39:08 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPDISCOVER(br0) 192.168.1.28 a:a:a:a:a:a
Jan 7 08:39:08 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPOFFER(br0) 192.168.1.143 a:a:a:a:a:a
Jan 7 08:39:09 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPDISCOVER(br0) 192.168.1.28 a:a:a:a:a:a
Jan 7 08:39:09 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPOFFER(br0) 192.168.1.143 a:a:a:a:a:a
Jan 7 08:47:57 DD-WRT kern.warn kernel: COEX: downgraded chanspec 0x1808 to 0x1006: channel 11 used by exiting BSSs
Jan 7 08:54:13 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPREQUEST(br0) 192.168.1.132 b:b:b:b:b:b
Jan 7 08:54:13 DD-WRT daemon.info dnsmasq-dhcp[11068]: DHCPACK(br0) 192.168.1.132 b:b:b:b:b:b DESKTOP-XXXXXXX
JMuller
DD-WRT Novice


Joined: 06 Jan 2022
Posts: 18

PostPosted: Mon Jan 10, 2022 7:47    Post subject: Reply with quote
I received an answer from the provider. They recommended to use a slightly different endpoint in my Wireguard config instead of the static IP that was assigned to me (x.x.x.242 instead of x.x.x.243). They said "diff IP can sometimes use diff routing thus overcoming any routing related issue".

Either way, for now the problem hasn't reappeared. If it does I will contact them again and update the topic here, in case it can help others.

Thank you for all your help until now.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum