Wireguard connection to other network stops working

[anonymouslemming]

I've setup a Wireguard connection from my OPNSense 20.7.5-amd64 device to an external network. While this is working, it's great. However, every few days, it stops working.

I have set a Keepalive value of 25 in my Endpoint configuration.

Are there any logs I should be looking at to better understand the cause of these failures, and is there some tooling that could be used to force reconnects?

Thanks!

[chemlud]

https://www.wireguard.com/quickstart/#debug-info

debugging is not a thing with wireguard ;-)

There are no real logs, sometimes I see a message for wg0 in the syslogs, if the peer is not reachable (due to rebooting remote opnsense).

Remote IPs are only evaluated on start of wg interface, if IP changes you have to restart wg. Maybe someone comes up with a cron script for a ping via wg and restarting wg on fail...

[anonymouslemming]

You're right about debugging in wireguard - it's the one aspect of it that frustrates me.

Right - let me have a go at something in cron then. Are there any docs on the wireguard plugin implementation for OPNsense that would make it easy to understand how to do the restart? On my hosts, I just run wg-quick up <interface>

[chemlud]

I read somewhere what the GUI does on restarting wg, iirc wg-quick down wgX followed by wg-quick up wgX...

[jastrom]

Hi anonymouslemming :)

A few questions:
- Do you have control over both endpoints of the Wireguard setup? Are there any changes in the public IP of any of the endpoints?

- As mentioned, debugging wireguard is a bit trickier than 'traditional' VPN solutions. We're basically left with using wg and wg-quick from the command line. Are you seeing any output when you run  'wg' on the command line?

- When the tunnel stops working, can you still see the configuration of your Wireguard setup with the 'wg' command on both of your endpoints?