WIREGUARD Fails when wan ip change.

wisepds

Good morning.
I have a PFSENSE router (Proxmox MV) and under it I have another PFSENSE router only for Wireguard (As lan virtual machine). On the main router I have WAN FAILOVER with 2 WANs and DDNS with NO-IP.

When the IP of the primary WAN changes or goes down and switches to the secondary wan (Thanks to the FAILOVER) the DDNS are updated on both, the pfsense router and the wireguard pfsense server (The other pfsense MV with Wireguard).

When this happens Wireguard stops working even if the ddns have been updated on both and are pointing to the correct IP and only starts working again when I restart the Wireguard MV.
There is no failure anywhere and apparently everything is ok in the dashboard, but the clients do not connect to wireguard. No red alert or services down.

I read somewhere that Wireguard picks up the gateway IP only once at startup or something like that and that's why until I reboot it doesn't work again. I don't remember well, but I read something. I'm not sure about this...

Could I create a command inside CRON that updates that?

If the IP is not changed by falover mechanism or reset by ISP (once a month), everything works perfectly.

Why does this happen and how do I fix it?
Thank you.

PFSENSE + 24.03 Version (Both)

Bob.Dig

@wisepds said in WIREGUARD Fails when wan ip change.:

I have a PFSENSE router (Proxmox MV) and under it I have another PFSENSE router only for Wireguard (As lan virtual machine).

First question, why do you have a pfSense behind another pfSense?

Second, it is a known problem with wg-clients, what wg-client are you using?

wisepds

@Bob-Dig I have wireguard in another pfsense because it is a VM that has to move between several different servers with different cards but all with the same port open to the same internal ip so that VM with wireguard with this configuration can move without problem.
That is the reason

wisepds

@Bob-Dig What is the known problem? My wireguard works perfect for me and if the ip does not change it would work perfect infinitely.

Bob.Dig

@wisepds Could you explain your wg-connection some more, which is the client, which is the server? Your setup is still not clear to me.

wisepds

@Bob-Dig The idea is that I have two Proxmox nodes with two PFSENSE that are not the same VM (Different LANS, different CPUS, etc..) but I need a common Wireguard virtual machine for both. If one node fails that VM moves to the second PFSENSE and all the wireguard clients keep running. It is a form of service backup. This is a backup form... only one PFSENSE ROUTER is running, other is offline.
(Ips and ports are only representative).

wisepds

@wisepds nobody helps???

wisepds

@wisepds nope...

wisepds

@wisepds 11 days and where is the comunity?.. i know a lot of people lost conectivity when wan ip change and your DDNS ip change.
Can anybody tell me what must i do?
Is there a script for pfsense that fix this.. i don't know... for example via script + Cron every 30 seconds?

Please Help!