Hello there!
I use OPNsense as a router with client connection to an external VPN provider.
For various reasons, I experience short WAN connection drops at home, and my ISP struggle to fix that.
When these drops happen, all my devices loose connection to WAN (via VPN) even after the connection is back to normal state. After a bit of diagnosis, it seems that Wireguard struggle to reconnect after the connection drop, so I have to manually restart the wg service to restaure connection to all the devices.
Is there a way to force wireguard reconnecting to the distant vpn provider server? Or maybe to check if connection is still active every x seconds and force reconnection to VPN ?
Thank you for helping
There is a cronjob for that. You just have to enable and run it. It checks if the wireguard connection is stale (e.g. if the IP address has changed, because wireguard does not re-check DNS) and restarts the connection if neccessary.
Are you talking about this cron ?
I have it active but it does not work.
Do I set it up correctly with the right parameters (see screenshot) ?
Yes, as you configured it, it will be called every miniute, which is a bit much IMHO, but it should do.
However, it depends on how the VPN connection is being initiated. If your WAN IP drops and the other side does not re-initiate the connection, you are out of luck.
The cron job is for lost connections due to changes in IP of remote WG "partner" (there is stricly speaking no host/client, except for "dynamic" hosts, which rely on the connection to be established from the remote "server"). Therefore the "DNS" in the job name, as the IP of the "partner" will be resolved.
If the interruption is caused by something else I'm unsure the cron job will help...
Thank you for your input.
Unfortunately, I can confirm that this Cron job does not solve the issue...
Is there a way to create a custom cron / script to do that ?
Sincerly,
I have a similar issue:
I have 2 WAN connections (DSL and LTE). Wireguard peers are configured with 10 seconds keepalive. But if the DSL connection fails it doesn't reconnect. I have to restart the Wireguard services for the concerning connections manually.
Quote from: Blackrose on January 27, 2024, 07:12:39 AM
Thank you for your input.
Unfortunately, I can confirm that this Cron job does not solve the issue...
Is there a way to create a custom cron / script to do that ?
Sincerly,
Cron jobs can be created this way:
https://forum.opnsense.org/index.php?topic=10740.msg49334#msg49334
Sorry to bump an aging thread, but I have this exact same issue and this happens to be one of the top results on search engines. Any idea if there was a solution to this?
Solution to what, exactly?
If you refer to the unhandled situation I was referring to, then it goes without saying that there is nothing you can do on your side, apart from updating dynamic DNS. The other side must then start a new connection, i.e. that if it is an OpnSense, the cron job must be run there.
It all depends on who is initiating the connection. Ideally, you will try to do this from both ends, but e.g. with CG-NAT, this is sometimes impossible or at least you have to use IPv6.
Upon further inspection, my issue may be different - my specific issue is that after a recent WAN drop, WG does not reconnect and I see the following error in the log:
/usr/local/opnsense/scripts/Wireguard/wg-service-control.php: The command '/sbin/route add -'inet' '192.168.28.13' -interface 'wg1'' returned exit code '1', the output was 'add host 192.168.28.13: gateway wg1 fib 0: route already in table'
Disabling and Re-enabling the WireGuard Peer, Disabling and Re-enabling the WireGuard Interface, and Restarting the WireGuard Service all yield no results, and even a reboot doesn't solve the issue. I will update with a solution when I find one.
Update: upgrading from OpenSense 24.7 to 25.1 solved my issue, interesting