Wireguard goes stale

Started by FredFresh, July 12, 2025, 02:05:07 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 12, 2025, 02:05:07 PM
I have three vpn (connected to three different proton servers), used with a fail-over setting.
The very strange thing is that sometime the one actively used goes stale. It is not possible to restore the conection until I force somehow th change of the wan port.
Just restarting the services is not effective.
With the mobile phone I am constanly connected to the first vpn, and it never goes down permanently (maximum 10-20 seconds to restore the connection).

Is there a different method to fully re-initiate the wireguard connection?
Thanks
August 08, 2025, 12:50:10 PM #1
Hi, anyone had the same experience and was avle to solve it? Thanks
August 08, 2025, 01:11:54 PM #2
Did you try searching for "wireguard" and "stale" first?

There is a cron job that can detect these conditions and restart the connection. Wireguard does not do this by itself, especially with dynamic endpoint IPs.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
August 08, 2025, 01:17:03 PM #3 Last Edit: August 08, 2025, 03:34:32 PM by FredFresh
Yes I tried.

The point is that, changing the ip on the wan port trigger the restoring of the connection (that is a good thing)
Instead, once it is stale and keeping the ip address on the wan port, even f manually I try to restart the wireguard service, it does nothing or from stale it goes offline.

I already tried to use wireguard dns restart but it had no effect. Or maybe you are referring to something different?
August 10, 2025, 05:03:38 PM #4
The cuase seems related to the WAN gateway that has the lowest priority (in order to route everything through VPNs).
During some test, I switched the WAN priotiry to the highest and the offline VPNs returned online.

Now I am trying to figure out what routing I should create in order to solve this.
I already have a static route for:
- each endpoint, in order to make it go through the WAN gateway;
each monitori IP, in order to make it go through its related VPN gateway.

I tried to monitor/log the connections to the monitoring IPs and endpoint IPs but I was not able to log anything.

I am no expert but:
- I assume the the handhskaes and monitoring pings are done at 127.0.0.1;
- these are going out through the interface addresses and then through the related gateway.

Trying log everything going through the gateways I have seen ZERO connections to monitor IPs and to endpoint IPs. The only way to see something is to perform a ping.

Any suggestion?

Print
Go Up Pages1
User actions