Gateway Monitoring Failure after Restart

BrianBG · Mar 21, 2025, 9:45 PM

Hello Everyone,
I have an interesting problem and was hoping people here could help me. I am running 2.7.2 and it has been working fairly flawlessly. I have 4 Wireguard Tunnels for over two years with functioning interfaces, tunnels, etc. For over a year I have been using an external monitor IP for each gateway, like 1.1.1.1.

Lately, upon reboot, all of my Wireguard gateways are down with 100% packet loss. The tunnels are up and working according to Wireguard status.

However, If I go in to each of the gateways, delete the Monitor IPs, save, apply changes, then immediately go back in and add back the monitor IPs, then they work. This only seems to be a problem on reboot, and only recently. Any idea what the problem is or what I can do? While it sounds a little whiney, I want my router to be able to reboot without me always having to go in and manually reset the monitor ips. Thanks in advance.

stephenw10 · Mar 21, 2025, 11:15 PM

Do the WG tunnels have unique gateway IPs? Do you see any errors at boot?

lcbbcl · Mar 22, 2025, 8:40 AM

@BrianBG I had the same problem. I don't know if it a bug but if i set as gw the wg interface ip and i don't use to external monitor. Also on the wg inferface CIDR is /32 is working.

BrianBG · Mar 22, 2025, 9:50 PM

@lcbbcl Thanks for this answer, but then it is pinging itself and sometimes the tunnel can be “up” but not permitting traffic. I like the external IP and it works well. You are right though, I will have to go this route if I can’t solve it.

stephenw10 · Mar 22, 2025, 9:54 PM

Hmm, I had assumed he meant the remote WG interface IP? If not then, yeah there's no point monitoring the local IP. You might as well just disable monitoring in that case.

BrianBG · Mar 22, 2025, 10:02 PM

@stephenw10 Where do I see Wireguard logs? I don’t see them under System Logs.

lcbbcl · Mar 22, 2025, 10:04 PM

@stephenw10 Well i use wg this way because for rare circumstances i need to use wg tunel inside a tailscale tunel. And if i don't remove external monitoring for wg i will have a routing loop. Also for tailscale outbound is not a good idea to bind tailscale ip to localhost

stephenw10 · Mar 22, 2025, 11:18 PM

Wireguard produces almost no logs which makes troubleshooting....interesting! So there are no WG specific logs. You can only see the interfaces connection in the system logs or check the states for passing traffic etc.