WireGuard starts failing, anyone else with 3004.388.8_2?

[user_20240830]

Got WireGuard back online occasionally setting custom DNS from within VPN client itself. Bypassing ISP settings and even router settings resolved issue with connection could not be established. Does that mean that 'TLS hahdshake established' error concerns DNS only?

 

[ASadani]

For the last two weeks two different routers on 3004.388.8_2 have trouble with WireGuard and will stop working randomly, no idea why as different vpn settings too, turning it off solves issue as in internet works, but with WG sometimes it shows connected for vpn but nothing works, reboot doesn't always help either.

No issues in logs,

I'm on 3006.102.3 and my wireguard is stable, except I have another issue, on reboot, wireguard speeds are limited to 150 Mbps. On restart of wireguard I achieve 800+mbps speeds. But my wireguard does not disconnect. I've changed the timeout to 5 minutes as well. It may be your provider?

 

[Wisiwyg]

I'm having a similar experience. AX88U 388.8_4. Enabling Wireguard on the router then testing with IPLeak shows my ISP address at near full speed. I have not performed a factory reset, but that is next step. Note that OVPN shows the endpoint IP, but is much slower. Proton VPN, Router profile. Quantum Fiber, 940mb symetrical. I'll try the factory reset over the weekend.

 

[ZebMcKayhan]

I'm having a similar experience. AX88U 388.8_4. Enabling Wireguard on the router then testing with IPLeak shows my ISP address at near full speed. I have not performed a factory reset, but that is next step. Note that OVPN shows the endpoint IP, but is much slower. Proton VPN, Router profile. Quantum Fiber, 940mb symetrical. I'll try the factory reset over the weekend.

Wireguard requires you to add rules in vpndirector for each local ip that should use the tunnel or for which remote ip the tunnel should be used. If you don't add any rules the tunnel will not be used.

 

[Wisiwyg]

Wireguard requires you to add rules in vpndirector for each local ip that should use the tunnel or for which remote ip the tunnel should be used. If you don't add any rules the tunnel will not be used.

Thanks.. I missed that tidbit. Working as expected now. Note I'm sending my entire network through... 192.168.10.0/24

 

[ZebMcKayhan]

Thanks.. I missed that tidbit. Working as expected now. Note I'm sending my entire network through... 192.168.10.0/24

Putting entire lan on vpn is ok but for various reasons its a good idea to exclude router own lan iface. So I would recommend another rule for LocalIp: 192.168.10.1/32 to WAN.

Alternatively if you really want router lan iface over vpn a different rule could be instead RemoteIP: 192.168.10.0/24 to WAN.

 

[Wisiwyg]

Putting entire lan on vpn is ok but for various reasons its a good idea to exclude router own lan iface. So I would recommend another rule for LocalIp: 192.168.10.1/32 to WAN.
Alternatively if you really want router lan iface over vpn a different rule could be instead RemoteIP: 192.168.10.0/24 to WAN.

Thank you for listing options. Is there a tutorial I could study to get a better understanding of how the Merlin build-in Wireguard client functions and the various options that could be employed? TIA

 

[ZebMcKayhan]

Thank you for listing options. Is there a tutorial I could study to get a better understanding of how the Merlin build-in Wireguard client functions and the various options that could be employed? TIA

Sadly no... but router Wireguard implementation is basically same as Linux and wg-quick. The tricky part is how it ties into all other router functions. Most information you will find scattered here in various posts but nothing compiled into a tutorial or guide.

 

[ASadani]

Sadly no... but router Wireguard implementation is basically same as Linux and wg-quick. The tricky part is how it ties into all other router functions. Most information you will find scattered here in various posts but nothing compiled into a tutorial or guide.

So is the implementation different with Merlin vs. stock? Merlin's has a bug of slow wireguard speeds on reboot persistently. I wonder if its the same case with stock. I have not tried going back to stock as I believe that will be a long shot and a lot fo reconfiguration of the network just to test out this scenario. So basically on every router reboot, I have to manually go into wireguard stop it and restart it to achieve full speeds.