I have three vpn (connected to three different proton servers), used with a fail-over setting.
The very strange thing is that sometime the one actively used goes stale. It is not possible to restore the conection until I force somehow th change of the wan port.
Just restarting the services is not effective.
With the mobile phone I am constanly connected to the first vpn, and it never goes down permanently (maximum 10-20 seconds to restore the connection).
Is there a different method to fully re-initiate the wireguard connection?
Thanks
Hi, anyone had the same experience and was avle to solve it? Thanks
Did you try searching for "wireguard" and "stale" first?
There is a cron job that can detect these conditions and restart the connection. Wireguard does not do this by itself, especially with dynamic endpoint IPs.
Yes I tried.
The point is that, changing the ip on the wan port trigger the restoring of the connection (that is a good thing)
Instead, once it is stale and keeping the ip address on the wan port, even f manually I try to restart the wireguard service, it does nothing or from stale it goes offline.
I already tried to use wireguard dns restart but it had no effect. Or maybe you are referring to something different?
The cuase seems related to the WAN gateway that has the lowest priority (in order to route everything through VPNs).
During some test, I switched the WAN priotiry to the highest and the offline VPNs returned online.
Now I am trying to figure out what routing I should create in order to solve this.
I already have a static route for:
- each endpoint, in order to make it go through the WAN gateway;
each monitori IP, in order to make it go through its related VPN gateway.
I tried to monitor/log the connections to the monitoring IPs and endpoint IPs but I was not able to log anything.
I am no expert but:
- I assume the the handhskaes and monitoring pings are done at 127.0.0.1;
- these are going out through the interface addresses and then through the related gateway.
Trying log everything going through the gateways I have seen ZERO connections to monitor IPs and to endpoint IPs. The only way to see something is to perform a ping.
Any suggestion?