ER605 v2.0 reboots on wireguard VPN connect
ER605 v2.0 reboots on wireguard VPN connect
I'm using wireguard server on the ER605 and connecting multiple clients - windows laptops.
If it matters, on the same WAN interface I have a IPsec VPN configured as well.
I upgraded to latest firmware version available for V2.0 today - ER605(UN)_V2_2.2.6 Build 20240718 because randomly some VPNs would stop receiving traffic completly from the VPN. Using wireshark I see only keepalives coming in, and a whole lot going out, but no responses.
My wireguard clients are configured to tunnel all traffic.
On upgrade to firmware 2.2.6 the ER605 completely reboots when a wireguard client connects with the previously created wireguard server.
I suspected some kind of bug so I deleted the old wireguard server and created a new one.
How did it fail again:
- I added the first client, connected, all looked good, disconnected the client.
- Added the second client, connected, all looked good, disconnected the client.
- Added the third client, connected, router crashed.
I'm not sure if its a core-dump or something else, but its obviously not good.
I'm downgrading to 2.2.5 now to see if the issue exists in there too, however I doubt it, because from the release notes there's been wireguard fixes in 2.2.6 only.
Edit: happens with 2.2.5 too
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Clive_A I thought that the Peer allowed address should contain the subnets I want to reach via WireGuard. A regular WireGuard config works like that as far as i know.
Nevertheless, I changed it to the client IP address with /32 prefix and now it seems to work OK.
Thank you!
- Copy Link
- Report Inappropriate Content
I have the same problem. iPhone client when connecting crashes the router. No logs, no alerts. Just eventually ends up rebooting and getting re-adopted.
Will try specifying the iPhone IP address as a /32 (right now I have /24) and see if that mitigates the problem.
I believe there's a bug in the firmware, because it worked before.
EDIT: Replaced /24 with /32 in my iPhone peer entry and it fixed the problem. The other two entries I had already had /32
- Copy Link
- Report Inappropriate Content
Hi @k2xt
Thanks for posting in our business forum.
k2xt wrote
I have the same problem. iPhone client when connecting crashes the router. No logs, no alerts. Just eventually ends up rebooting and getting re-adopted.
Will try specifying the iPhone IP address as a /32 (right now I have /24) and see if that mitigates the problem.
I believe there's a bug in the firmware, because it worked before.
EDIT: Replaced /24 with /32 in my iPhone peer entry and it fixed the problem. The other two entries I had already had /32
In our configuration guide, we recommend you configure as /32. No guide indicates that you should set it for /24.
About the issue, we will start an investigation into this problem.
- Copy Link
- Report Inappropriate Content
@Clive_A, I get it and I know I missed the point when I configured the iPhone peer with /24. I posted in the forums to make it clear that this worked before. Not only worked, but it didn't crash the router when using this peer connection.
The point is that something did change in the firmware, and what was before a oversight on us (users) configuring a peer using anything other than /32 now crashes the router when in the past just worked. I would define this as a severe regression.
- Copy Link
- Report Inappropriate Content
Hi @k2xt
Thanks for posting in our business forum.
k2xt wrote
@Clive_A, I get it and I know I missed the point when I configured the iPhone peer with /24. I posted in the forums to make it clear that this worked before. Not only worked, but it didn't crash the router when using this peer connection.
The point is that something did change in the firmware, and what was before a oversight on us (users) configuring a peer using anything other than /32 now crashes the router when in the past just worked. I would define this as a severe regression.
Do you have the config so that we can reproduce what you have in our lab? Require screenshots of the config.
Is that ER605? Need the model and firmware version.
Please mosaic your sensitive information. Here is a list of information considered sensitive:
1. Public IP address on your WAN if your WAN is.
2. Real MAC address of your device.
3. Your personal information including address, domain name, and credentials.
For troubleshooting purposes, when a WAN IP is needed, please leave some values visible for identification.
- Copy Link
- Report Inappropriate Content
@Clive_A
This also happens for me after the upgrade. You guys should really try this your self and offer a fix as not reply on us to give you a config file. Reverting to old frimware aswell
- Copy Link
- Report Inappropriate Content
SHA2 wrote
@Clive_A
This also happens for me after the upgrade. You guys should really try this your self and offer a fix as not reply on us to give you a config file. Reverting to old frimware aswell
For your situation now, consider rolling back or waiting for others to work with us.
Asking for the config is to locate the reason and sync the information, if this bothers you, please do ignore what I have asked.
It is really common sense to have a conversation here without your chime in some simple human logic and basic SOP to confirm a problem and information exchange.
As for now, for the sake of other's help, we have a preliminary conclusion that this issue would only occur when you created at least two peers with the same subnet /24. So far it seems to be the case. Rest of the 3 new reports are not provided with the configs.
The reason has been located that this was an improper configuration and we did not design it to be doing this. Two peers with the same subnet is meaningless in our eye.
We will optimize this in the future firmware update.
A single peer with a subnet of all /24 is already enough for most people. If you need to place them in the same subnet, you should at least specify them as /32 which I have strongly recommended in the Configuration Guide.
A beta will be provided next month(estimated) and the official fix will be included in the firmware of adapting V5.15.X.
- Copy Link
- Report Inappropriate Content
Happy to hear you figured it out
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 807
Replies: 19
Voters 0
No one has voted for it yet.