What's new

Configured WireGuard VPN Client, now router restarts every ~2 hours

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

sne3zy

Occasional Visitor
Asus GT-AX6000
Merlin 388.1

I configured my first wireguard VPN client on my router yesterday, and it shortly after started restarting every ~2 hours. It will take 1 min 40 sec to reboot, then runs fine until the next restart. I see absolutely nothing in the syslog, business as normal until it restarts. However, when restarting the system time always resets to the same timestamp until about 1 min 30 seconds after restart when NTP starts and the correct time is set.

I couldn't do a 'default' option on the wireguard clients like there is for the openvpn clients, and the config I had saved from before the change was lost (d'oh), so I did a factory reset, and even reflashed the 388.1 firmware with a confirmed download for good measure. After restoring my configuration except for the wireguard client to where it was before any trouble started, the router is still restarting every ~2 hours.

I have an openvpn server and several openvpn clients running before this with no issue. The wireguard client was to the same VPN provider (protonVPN) and I use their PC client regularly, which typically auto selects wireguard as the protocol.

Any ideas on what's going on?
 
I checked the Asus website for stock firmware and found that they had released a major update on 2023-01-03, 9006.102.3506. It is described as an early beta, but the changes are features which fix the bugs that I had installed Merlin to fix in the first place, so I flashed this new stock firmware. Currently at 11+ hours of uptime, with no restarts.

It would seem Merlin has a bug on the GT-AX6000 causing frequent restarts. I can't try to replicate the issue right now by flashing merlin 388.1 and configuring the wireguard client ahain, but I'll have more time this weekend.

9006 is a great improvement, it fixes so far my two main issues with the stock firmware by adding VLAN support and allowing guest networks to keep internet access while having intranet access blocked.
 
Asus GT-AX6000
Merlin 388.1

I configured my first wireguard VPN client on my router yesterday, and it shortly after started restarting every ~2 hours. It will take 1 min 40 sec to reboot, then runs fine until the next restart. I see absolutely nothing in the syslog, business as normal until it restarts. However, when restarting the system time always resets to the same timestamp until about 1 min 30 seconds after restart when NTP starts and the correct time is set.

I couldn't do a 'default' option on the wireguard clients like there is for the openvpn clients, and the config I had saved from before the change was lost (d'oh), so I did a factory reset, and even reflashed the 388.1 firmware with a confirmed download for good measure. After restoring my configuration except for the wireguard client to where it was before any trouble started, the router is still restarting every ~2 hours.

I have an openvpn server and several openvpn clients running before this with no issue. The wireguard client was to the same VPN provider (protonVPN) and I use their PC client regularly, which typically auto selects wireguard as the protocol.

Any ideas on what's going on?
Hello, Need some help in getting ProtonVPN wireguard working on Asus RT-AX86U Pro with Merlin 388.1. I uploaded the config file but it is just not working. It says connected but the IP address has not changed and the transfer is only 92B received and 180 B transfer.

Thanks
 
@Mikey3, did you setup VPN Director? If not, you need to set a rule in VPN director to direct traffic through the wireguard client you just configured. As a test, make a rule for your PC's IP address, then try checking your IP address again. That low transfer you are seeing is probably just the keep alive packets.

By the way, after flashing the new 9006 stock firmware I haven't had any router restarts for over a week. I prefer the Merlin interface, but having my router stay powered on for more than two hours is better ;)
 
@Mikey3, did you setup VPN Director? If not, you need to set a rule in VPN director to direct traffic through the wireguard client you just configured. As a test, make a rule for your PC's IP address, then try checking your IP address again. That low transfer you are seeing is probably just the keep alive packets.

By the way, after flashing the new 9006 stock firmware I haven't had any router restarts for over a week. I prefer the Merlin interface, but having my router stay powered on for more than two hours is better ;)
Thanks. Do you have to setup a rule for each device or just for the router>
 
I am having similar issues, although not using a VPN, but my GT AX6000 is experiencing occasional crashes, where it locks up and I can't access the internet, or even the router via web browser and I have to pull the plug on the router. No idea ands the logs don't tell me much unfortunately...
 
Depending on how many DHCP reservations you have, it doesn't take long to flash the new 9006 stock firmware and test it out. I'm sure you know how, but make a backup so you can get back to your current state quickly, then flash 9006 and set it up manually.

I went through and took screen shots of the config, and the only thing that took some time was my DHCP reservations (I make static IPs for all my regular devices).

Merlin the guy is awesome and people put a lot of work into something I used for free, so I am not complaining. It's possible there are issues with Asuswrt-Merlin on the GT-AX6000, though.
 
Thanks. Do you have to setup a rule for each device or just for the router>

I don't have it in front of me, but I think you can setup rules based on a specific IP for one host, a range, or a subnet to capture everything.

For example, if your home DHCP is set for 192.168.100.0 - 192.168.100.254 with subnet mask 255.255.255.0, you can specify 192.168.100.0/24 and everything will go through the client in the rule.

If you are also running a VPN server and the remote hosts are on a virtual IP range, you'll want to make sure you don't forget them and create rules for them, also. If the virtual address pool is 10.10.0.0/16, you can specify that and grab all of your potential VPN clients also, for a secure full tunnel VPN server setup.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top