RMS disconnects every time I delete the WG interface settings on my RUTX11

Hello!

Every time I delete the Wireguard settings (interface) on my RUTX11, it disconnects from RMS (and comes back after ca. 2 minutes). Is this normal, because RMS uses somehow WG, or is this maybe a bug?

Hello,

Are you still experiencing this issue?

If yes, please make sure you have installed the latest RutOS 7.12.3 firmware on your RUTX11 (it can be downloaded here: RUTX11 Firmware Downloads).

Once your device is on the latest firmware, please test if the issue still occurs. If it does, please provide more details on how you are deleting the WireGuard configuration. Are you deleting it via WebUI?

Best regards,

Hallo @Marija

Yes, this happened with firmware version RUTX_R_00.07.12.3, when I deleted the WG interface via the GUI. When I deleted a WG peer via the GUI, the RMS connection did not seem to be affected.

I realised it when being connected from my PC (different subnet) to my RUTX11 via RMS. As soon as I deleted a WG interface (even if not used for anything) via WebGUI, the connection got broken and came back again only after approx. 1 minute.

Meanwhile, I have had a working WG connection between my RUTX11 and my home Fritzbox 7590 AX. Thus, I could connect my PC directly (via Wifi) with my RUTX11 despite they are on different subnets (RUTX11: 192.168.11.0; Fritzbox/PC: 192.168.178.0) without changing my PC’s local IP, and I did not need RMS for this.

Then I tried to reproduce the problem. I.e., I created a 2nd WG interface on my RUTX11 (no peers; IP addresses: 10.5.0.1/24), enabled it, and then tried to delete it again. The RMS connection remained active.

However, the process to delete the 2nd WG interface via the RUTX11’s WebGUI was not successful. First, there was the message “Deleting configuration - The process could take a while”, which - after approx. 2 minutes - was followed by a message that the process (of deleting the 2nd WG interface) failed, and I was putback to the login page.

From there, now I cannot login anymore, as the connection from my PC via Fritzbox to the RUTX11 cannot be established anymore (timeout).

In RMS, the device (RUTX11) is still shown in green, and I can connect via RMS. When I check the WebGUI (via RMS) for the WG settings, I see that the 2nd WG interface was obviously not deleted.

At this stage, I still cannot login to my RUTX11 directly (only via RMS), and I do not know why. It worked directly (see above) until I created a 2nd WG interface (enabled it, but there were no peers).

I.e., I had a working WG setup (and was quite happy about it), but when setting up a 2nd WG interface and trying to delete it again, it seems to corrupt the whole WG setup. The only way to login now is via RMS, so I am back to square zero.

WG and I won’t get best friends, it seems.

Sorry if this all sounds confusing and is maybe not really helpful for debugging. I am just am average user.

About 5 minutes later, the direct connection between PC (via Fritzbox) and Wifi to my RUTX11 still does not work, so the WG setup (which also - to my understanding - took care for handling different subnets) no longer functions, with the same 1st WG interface (not touched at all by me) as at the beginning when everything was ok.

I would like to show you the output of some CLI commands (if this helps), but I do not have access from my PC, so ssh is no option. Via RMS, I potentially could use the CLI from its WebGUI, but it tells me “To access CLI you need to add certificate authority file to your browser”, so this is no option either, sorry. I had tried to do something about a certificate (I use the Firefox browser), but failed/did not understand how to do it.

PS:

Out of curiosity, I just deleted the 2nd WG interface via WebGUI and RMS (not connected otherwise with m RUTX11) - and again, the RMS connection was broken! The device’s status in RMS reads “Offline”. IMHO, this seems to confirm that deleting WG interfaces disconnects RMS connections - at least in my case.

After approx. 1 minute, the status is back to “Online”, and I can again login to my RUTX11 via RMS. Checking the WG settings, the 2nd WG interface is now indeed removed. And - tada - I can now again also login to my RUTX11 directly without RMS, i.e. just entering the RUTX11’s local IP 192.168.11.1 in my PC Firefox browser. Very confusing, though…

PPS:

I just did a re-challenge, i.e. I again created a 2nd WG interface (left all default settings) but did not enable it, and just saved it. Then immediately, I deleted it again, and this has no effect on the RMS connection (still online), and I can still access my RUTX11 directly, too.

I.e., removing a (2nd?) WG interface that is enabled seems to disturb the RMS connecction, whereas deleting it when disabled does not. This is maybe not surprising, but I want to point it out for completeness.

Hello,

Thank you for providing detailed information.

Could you please check the System Log after the issue occurs? To do this:

1. Navigate to System → Maintenance → Troubleshoot
2. Click Show next to System Log
3. Check if there are any logs related to internet connectivity or any other events that might be causing the router to go offline in RMS, apart from the logs indicating that the WireGuard interface was deleted.

Additionally, you can monitor logs in real-time by logging into the router via SSH and executing the following command before replicating the issue:
logread -f
This will display all recent system events as they occur.

Please let me know if you find anything relevant in the logs. If not, I can send you a form so you can provide a troubleshoot file for further analysis.

Regarding using CLI via RMS, there is no need to connect remotely to the WebUI and access the CLI from there. Instead, you can do it more easily by clicking on Device CLI and creating a remote CLI connection, just as you would for WebUI:

image284×165 7.18 KB

image565×264 11.8 KB

image1133×479 9.96 KB

Let me know how it goes!

Best regards,

Thanks for the great hint! I shall remember this!

A while ago, @flebourse kindly suggested there to set up the WG watchdog via crond, which I did:

# cat /etc/crontabs/root
11 6 * * 2 /sbin/rut_fota --fw_info >/dev/null 2>&1
* * * * * /usr/bin/wireguard_watchdog

There is further reading about WG watchdog (for other interested users, too). And in this thread, there is a more extensive crontab entry mentioned (and much more):

* * * * * /usr/bin/wireguard_watchdog' >> /etc/crontabs/root
/etc/init.d/cron restart

I do not know what the extra >> /etc/crontabs/root /etc/init.d/cron restart implies. Maybe @flebourse could explain a bit?

Following @Marija’s proposal, I see the below (and more, but please let me first stick to this):

#  logread -f
17877 Tue Feb 25 17:15:00 2025 cron.err crond[10564]: USER root pid 3895 cmd /usr/bin/wireguard_watchdog
17878 Tue Feb 25 17:16:00 2025 cron.err crond[10564]: USER root pid 4196 cmd /usr/bin/wireguard_watchdog

In my case (just * * * * * /usr/bin/wireguard_watchdog), does cron.err really imply an error? How could I get details about this?

I will also follow your suggestions about further log reading and post results later.

Below is the output of logread -f, starting when creating a 2nd WG interface named “test” (1st WG interface “Home” already there), saving, deleting 2nd WG interface “test” => RMS connection DOWN, and finally saving. I hope it makes some sense. After approx. 1 minute, RMS is available again.

~# logread -f
18540 Tue Feb 25 17:50:29 2025 kern.notice kernel: User "admin" changed Network configuration in "/" page
18541 Tue Feb 25 17:50:29 2025 kern.notice kernel: User "admin" changed Firewall configuration in "/" page
18542 Tue Feb 25 17:50:33 2025 daemon.notice netifd: Wireless device 'radio0' set retry=3
18543 Tue Feb 25 17:50:33 2025 daemon.notice netifd: Wireless device 'radio1' set retry=3
18544 Tue Feb 25 17:50:33 2025 daemon.info mobifd: Service reload initiated
18545 Tue Feb 25 17:50:37 2025 kern.notice kernel: User "admin" changed Network configuration in "/" page
18546 Tue Feb 25 17:50:40 2025 daemon.notice netifd: Wireless device 'radio0' set retry=3
18547 Tue Feb 25 17:50:40 2025 daemon.notice netifd: Wireless device 'radio1' set retry=3
18548 Tue Feb 25 17:50:40 2025 daemon.info mobifd: Service reload initiated
18549 Tue Feb 25 17:50:47 2025 kern.notice kernel: User "admin" changed Network configuration in "/" page
18550 Tue Feb 25 17:50:47 2025 daemon.notice netifd: Interface 'test' is setting up now
18551 Tue Feb 25 17:50:47 2025 daemon.info dnsmasq[9684]: reading /tmp/resolv.conf.d/resolv.conf.auto
18552 Tue Feb 25 17:50:47 2025 daemon.info dnsmasq[9684]: using nameserver 1.1.1.1#53
18553 Tue Feb 25 17:50:47 2025 daemon.info dnsmasq[9684]: using nameserver 192.168.178.21#53
18554 Tue Feb 25 17:50:47 2025 daemon.info dnsmasq[9684]: using nameserver 10.74.---.---#53
18555 Tue Feb 25 17:50:47 2025 daemon.info dnsmasq[9684]: using nameserver 10.74.---.---#53
18556 Tue Feb 25 17:50:47 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for test
18557 Tue Feb 25 17:50:47 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for onion
18558 Tue Feb 25 17:50:47 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for localhost
18559 Tue Feb 25 17:50:47 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for local
18560 Tue Feb 25 17:50:47 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for invalid
18561 Tue Feb 25 17:50:47 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for bind
18562 Tue Feb 25 17:50:47 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for lan
18563 Tue Feb 25 17:50:48 2025 kern.notice kernel: User "admin" changed Firewall configuration in "/" page
18564 Tue Feb 25 17:50:48 2025 daemon.notice netifd: Network device 'Home' link is down
18565 Tue Feb 25 17:50:48 2025 user.notice mwan3-hotplug[26028]: mwan3 hotplug on Home not called because interface disabled
18566 Tue Feb 25 17:50:48 2025 daemon.notice netifd: Interface 'test' is now down
18567 Tue Feb 25 17:50:48 2025 daemon.notice netifd: Interface 'test' is setting up now
18568 Tue Feb 25 17:50:48 2025 daemon.notice netifd: Interface 'Home' is now down
18569 Tue Feb 25 17:50:48 2025 daemon.notice netifd: Interface 'Home' is setting up now
18570 Tue Feb 25 17:50:48 2025 daemon.notice netifd: Interface 'test' is now up
18571 Tue Feb 25 17:50:48 2025 daemon.notice netifd: Network device 'test' link is up
18572 Tue Feb 25 17:50:49 2025 daemon.notice netifd: Interface 'Home' is now up
18573 Tue Feb 25 17:50:49 2025 daemon.info dnsmasq[9684]: reading /tmp/resolv.conf.d/resolv.conf.auto
18574 Tue Feb 25 17:50:49 2025 daemon.info dnsmasq[9684]: using nameserver 1.1.1.1#53
18575 Tue Feb 25 17:50:49 2025 daemon.info dnsmasq[9684]: using nameserver 192.168.178.21#53
18576 Tue Feb 25 17:50:49 2025 daemon.info dnsmasq[9684]: using nameserver 10.74.---.---#53
18577 Tue Feb 25 17:50:49 2025 daemon.info dnsmasq[9684]: using nameserver 10.74.---.---#53
18578 Tue Feb 25 17:50:49 2025 daemon.info dnsmasq[9684]: using nameserver 1.1.1.1#53
18579 Tue Feb 25 17:50:49 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for test
18580 Tue Feb 25 17:50:49 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for onion
18581 Tue Feb 25 17:50:49 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for localhost
18582 Tue Feb 25 17:50:49 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for local
18583 Tue Feb 25 17:50:49 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for invalid
18584 Tue Feb 25 17:50:49 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for bind
18585 Tue Feb 25 17:50:49 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for lan
18586 Tue Feb 25 17:50:49 2025 kern.err kernel: [193324.687775] wireguard: Home: Could not create IPv4 socket
18587 Tue Feb 25 17:50:50 2025 user.notice mwan3-hotplug[26354]: mwan3 hotplug on test not called because interface disabled
18588 Tue Feb 25 17:50:51 2025 user.notice firewall: Reloading firewall due to ifup of test (test)
18589 Tue Feb 25 17:50:51 2025 daemon.notice netifd: Wireless device 'radio0' set retry=3
18590 Tue Feb 25 17:50:51 2025 daemon.notice netifd: Wireless device 'radio1' set retry=3
18591 Tue Feb 25 17:50:51 2025 daemon.info mobifd: Service reload initiated
18592 Tue Feb 25 17:50:52 2025 user.notice mwan3-hotplug[27130]: mwan3 hotplug on Home not called because interface disabled
18593 Tue Feb 25 17:50:53 2025 user.notice firewall: Reloading firewall due to ifup of Home (Home)
18594 Tue Feb 25 17:51:00 2025 cron.err crond[10564]: USER root pid 27560 cmd /usr/bin/wireguard_watchdog
18595 Tue Feb 25 17:51:15 2025 daemon.notice hostapd: wlan0-1: AP-STA-DISCONNECTED --:--:--:--:--:--
18596 Tue Feb 25 17:51:15 2025 kern.notice Haystack2G: WiFi client disconnected: --:--:--:--:--:--
18597 Tue Feb 25 17:51:15 2025 daemon.info hostapd: wlan0-1: STA --:--:--:--:--:-- IEEE 802.1X: unauthorizing port
18598 Tue Feb 25 17:51:15 2025 daemon.info hostapd: wlan0-1: STA --:--:--:--:--:-- IEEE 802.11: disassociated
18599 Tue Feb 25 17:51:16 2025 kern.notice kernel: User "admin" changed Network configuration in "/" page
18600 Tue Feb 25 17:51:16 2025 kern.notice kernel: User "admin" changed Firewall configuration in "/" page
18601 Tue Feb 25 17:51:16 2025 kern.notice kernel: User "admin" changed Firewall configuration in "/" page
18602 Tue Feb 25 17:51:16 2025 daemon.info hostapd: wlan0-1: STA --:--:--:--:--:-- IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
18603 Tue Feb 25 17:51:16 2025 daemon.notice netifd: Network device 'test' link is down
18604 Tue Feb 25 17:51:16 2025 user.notice mwan3-hotplug[27624]: mwan3 hotplug on test not called because interface disabled
18605 Tue Feb 25 17:51:16 2025 daemon.notice netifd: Interface 'test' is now down
18606 Tue Feb 25 17:51:19 2025 daemon.notice netifd: Wireless device 'radio0' set retry=3
18607 Tue Feb 25 17:51:19 2025 daemon.notice netifd: Wireless device 'radio1' set retry=3
18608 Tue Feb 25 17:51:19 2025 daemon.info mobifd: Service reload initiated
18609 Tue Feb 25 17:51:26 2025 daemon.info hostapd: wlan0-1: STA --:--:--:--:--:-- IEEE 802.11: associated (aid 2)
18610 Tue Feb 25 17:51:26 2025 daemon.info hostapd: wlan0-1: STA --:--:--:--:--:-- IEEE 802.1X: unauthorizing port
18611 Tue Feb 25 17:51:27 2025 daemon.notice hostapd: wlan0-1: AP-STA-CONNECTED --:--:--:--:--:-- auth_alg=sae
18612 Tue Feb 25 17:51:27 2025 kern.notice Haystack2G: WiFi client connected: --:--:--:--:--:--
18613 Tue Feb 25 17:51:27 2025 daemon.info hostapd: wlan0-1: STA --:--:--:--:--:-- IEEE 802.1X: authorizing port
18614 Tue Feb 25 17:51:27 2025 daemon.info hostapd: wlan0-1: STA --:--:--:--:--:-- RADIUS: starting accounting session ----------------
18615 Tue Feb 25 17:51:27 2025 daemon.info hostapd: wlan0-1: STA --:--:--:--:--:-- WPA: pairwise key handshake completed (RSN)
18616 Tue Feb 25 17:51:27 2025 daemon.notice hostapd: wlan0-1: EAPOL-4WAY-HS-COMPLETED --:--:--:--:--:--
18617 Tue Feb 25 17:52:00 2025 cron.err crond[10564]: USER root pid 28486 cmd /usr/bin/wireguard_watchdog

I will try to narrow this more down, maybe even inserting some comment rows in the output, indicating what I did at the respective time.

The OP contents was:

echo '* * * * * /usr/bin/wireguard_watchdog' >> /etc/crontabs/root
/etc/init.d/cron restart

not

* * * * * /usr/bin/wireguard_watchdog' >> /etc/crontabs/root
/etc/init.d/cron restart

This was just to add a line to the root user crontab and restart cron as the configuration has been modified.

Don’t bother it is a dubious log level somewhere in the busybox source code.
I use a rsyslogd to copy the logs of the RUTs on a central server, I kill this line with:

if $msg contains "cmd /usr/bin/wireguard_watchdog" then stop

Yes, I know what it was, i.e. that it was a bit different Thanks for your kind feedback, also about the non-important cron.err.

2nd WG interface “test” added (kept disabled) and saved:

18922 Tue Feb 25 18:08:49 2025 kern.notice kernel: User "admin" changed Network configuration in "/" page
18923 Tue Feb 25 18:08:49 2025 kern.notice kernel: User "admin" changed Firewall configuration in "/" page
18924 Tue Feb 25 18:08:52 2025 daemon.notice netifd: Wireless device 'radio0' set retry=3
18925 Tue Feb 25 18:08:52 2025 daemon.notice netifd: Wireless device 'radio1' set retry=3
18926 Tue Feb 25 18:08:52 2025 daemon.info mobifd: Service reload initiated
18927 Tue Feb 25 18:08:59 2025 kern.notice kernel: User "admin" changed Network configuration in "/" page
18928 Tue Feb 25 18:09:00 2025 cron.err crond[10564]: USER root pid 4030 cmd /usr/bin/wireguard_watchdog
18929 Tue Feb 25 18:09:02 2025 daemon.notice netifd: Wireless device 'radio0' set retry=3
18930 Tue Feb 25 18:09:02 2025 daemon.notice netifd: Wireless device 'radio1' set retry=3
18931 Tue Feb 25 18:09:02 2025 daemon.info mobifd: Service reload initiated

.
2nd WG interface “test” - clicked on button in “Enabled” column => on (but not yet clicked on button “Save & Apply”):
first no output - cursor stops blinking - after about 10 seconds, cursors starts blinking again (as expected), and:

18935 Tue Feb 25 18:11:00 2025 cron.err crond[10564]: USER root pid 4819 cmd /usr/bin/wireguard_watchdog

(nothing else for a while)

.
Clicked on button “Save & Apply”:

18937 Tue Feb 25 18:12:51 2025 kern.notice kernel: User "admin" changed Network configuration in "/" page
18938 Tue Feb 25 18:12:51 2025 daemon.notice netifd: Interface 'test' is setting up now
18939 Tue Feb 25 18:12:51 2025 daemon.info dnsmasq[9684]: reading /tmp/resolv.conf.d/resolv.conf.auto
18940 Tue Feb 25 18:12:51 2025 daemon.info dnsmasq[9684]: using nameserver 1.1.1.1#53
18941 Tue Feb 25 18:12:51 2025 daemon.info dnsmasq[9684]: using nameserver 192.168.178.21#53
18942 Tue Feb 25 18:12:51 2025 daemon.info dnsmasq[9684]: using nameserver 10.74.---.---#53
18943 Tue Feb 25 18:12:51 2025 daemon.info dnsmasq[9684]: using nameserver 10.74.---.---#53
18944 Tue Feb 25 18:12:51 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for test
18945 Tue Feb 25 18:12:51 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for onion
18946 Tue Feb 25 18:12:51 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for localhost
18947 Tue Feb 25 18:12:51 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for local
18948 Tue Feb 25 18:12:51 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for invalid
18949 Tue Feb 25 18:12:51 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for bind
18950 Tue Feb 25 18:12:51 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for lan
18951 Tue Feb 25 18:12:51 2025 kern.notice kernel: User "admin" changed Firewall configuration in "/" page
18952 Tue Feb 25 18:12:51 2025 user.notice mwan3-hotplug[5259]: mwan3 hotplug on Home not called because interface disabled
18953 Tue Feb 25 18:12:51 2025 daemon.notice netifd: Interface 'test' is now down
18954 Tue Feb 25 18:12:51 2025 daemon.notice netifd: Interface 'test' is setting up now
18955 Tue Feb 25 18:12:51 2025 daemon.notice netifd: Interface 'Home' is now down
18956 Tue Feb 25 18:12:51 2025 daemon.notice netifd: Interface 'Home' is setting up now
18957 Tue Feb 25 18:12:52 2025 daemon.notice netifd: Interface 'test' is now down
18958 Tue Feb 25 18:12:52 2025 daemon.notice netifd: Interface 'test' is setting up now
18959 Tue Feb 25 18:12:52 2025 user.notice wireguard: Interface test mtu size changed from  to 1420
18960 Tue Feb 25 18:12:52 2025 daemon.notice netifd: Interface 'test' is now up
18961 Tue Feb 25 18:12:52 2025 daemon.notice netifd: Network device 'test' link is up
18962 Tue Feb 25 18:12:53 2025 kern.err kernel: [194648.235003] wireguard: Home: Could not create IPv4 socket
18963 Tue Feb 25 18:12:53 2025 daemon.notice netifd: Interface 'Home' is now up
18964 Tue Feb 25 18:12:53 2025 daemon.info dnsmasq[9684]: reading /tmp/resolv.conf.d/resolv.conf.auto
18965 Tue Feb 25 18:12:53 2025 daemon.info dnsmasq[9684]: using nameserver 1.1.1.1#53
18966 Tue Feb 25 18:12:53 2025 daemon.info dnsmasq[9684]: using nameserver 192.168.178.21#53
18967 Tue Feb 25 18:12:53 2025 daemon.info dnsmasq[9684]: using nameserver 10.74.---.---#53
18968 Tue Feb 25 18:12:53 2025 daemon.info dnsmasq[9684]: using nameserver 10.74.---.---#53
18969 Tue Feb 25 18:12:53 2025 daemon.info dnsmasq[9684]: using nameserver 1.1.1.1#53
18970 Tue Feb 25 18:12:53 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for test
18971 Tue Feb 25 18:12:53 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for onion
18972 Tue Feb 25 18:12:53 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for localhost
18973 Tue Feb 25 18:12:53 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for local
18974 Tue Feb 25 18:12:53 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for invalid
18975 Tue Feb 25 18:12:53 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for bind
18976 Tue Feb 25 18:12:53 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for lan
18977 Tue Feb 25 18:12:53 2025 user.notice mwan3-hotplug[5711]: mwan3 hotplug on test not called because interface disabled
18978 Tue Feb 25 18:12:54 2025 user.notice firewall: Reloading firewall due to ifup of test (test)
18979 Tue Feb 25 18:12:54 2025 daemon.notice netifd: Wireless device 'radio0' set retry=3
18980 Tue Feb 25 18:12:54 2025 daemon.notice netifd: Wireless device 'radio1' set retry=3
18981 Tue Feb 25 18:12:55 2025 daemon.info mobifd: Service reload initiated
18982 Tue Feb 25 18:12:56 2025 user.notice mwan3-hotplug[6383]: mwan3 hotplug on Home not called because interface disabled
18983 Tue Feb 25 18:12:57 2025 user.notice firewall: Reloading firewall due to ifup of Home (Home)
18984 Tue Feb 25 18:13:00 2025 cron.err crond[10564]: USER root pid 6862 cmd /usr/bin/wireguard_watchdog

.
2nd WG interface “test” - clicked on button in “Enabled” column => off (but not yet clicked on button “Save & Apply”):
first no output - cursor stops blinking - after about 10 seconds, cursors starts blinking again (as expected), and:

18987 Tue Feb 25 18:15:00 2025 cron.err crond[10564]: USER root pid 7397 cmd /usr/bin/wireguard_watchdog

(nothing else for a while)

.
2nd WG interface “test” deleted (but not yet clicked on button “Save & Apply”):
Instantly, the RMS status light turned red => Device status: Offline

18996 Tue Feb 25 18:18:02 2025 kern.notice kernel: User "admin" changed Network configuration in "/" page
18997 Tue Feb 25 18:18:02 2025 kern.notice kernel: User "admin" changed Firewall configuration in "/" page
18998 Tue Feb 25 18:18:02 2025 kern.notice kernel: User "admin" changed Firewall configuration in "/" page
18999 Tue Feb 25 18:18:02 2025 daemon.notice netifd: Network device 'test' link is down
19000 Tue Feb 25 18:18:02 2025 user.notice mwan3-hotplug[8118]: mwan3 hotplug on test not called because interface disabled
19001 Tue Feb 25 18:18:03 2025 daemon.notice netifd: Interface 'test' is now down
19002 Tue Feb 25 18:18:05 2025 daemon.notice netifd: Wireless device 'radio0' set retry=3
19003 Tue Feb 25 18:18:05 2025 daemon.notice netifd: Wireless device 'radio1' set retry=3
19004 Tue Feb 25 18:18:05 2025 daemon.info mobifd: Service reload initiated

.
Approx. 1 minute later, RMS/device status is back to green/Online, and:

19006 Tue Feb 25 18:19:08 2025 daemon.err rms_mqtt[10639]: Mosquitto disconnected: Keepalive exceeded
19007 Tue Feb 25 18:19:08 2025 daemon.err rms_mqtt[10639]: Connection timeout (60), retrying
19008 Tue Feb 25 18:19:08 2025 daemon.err rms_mqtt[10639]: Mosquitto reconnecting
19009 Tue Feb 25 18:19:11 2025 daemon.err rms_mqtt[10639]: Mosquitto connected
19010 Tue Feb 25 18:19:27 2025 daemon.notice wpa_supplicant[2143]: wlan0-2: RSN: Group rekeying completed with --:--:--:--:--:-- [GTK=CCMP]
19011 Tue Feb 25 18:20:00 2025 cron.err crond[10564]: USER root pid 9326 cmd /usr/bin/wireguard_watchdog
19012 Tue Feb 25 18:21:00 2025 cron.err crond[10564]: USER root pid 9577 cmd /usr/bin/wireguard_watchdog
19013 Tue Feb 25 18:21:39 2025 daemon.notice hostapd: wlan0-1: AP-STA-DISCONNECTED --:--:--:--:--:--
19014 Tue Feb 25 18:21:39 2025 kern.notice ----------------: WiFi client disconnected: --:--:--:--:--:--
19015 Tue Feb 25 18:21:39 2025 daemon.info hostapd: wlan0-1: STA --:--:--:--:--:-- IEEE 802.1X: unauthorizing port
19016 Tue Feb 25 18:21:39 2025 daemon.info hostapd: wlan0-1: STA --:--:--:--:--:-- IEEE 802.11: disassociated
19017 Tue Feb 25 18:21:40 2025 daemon.info hostapd: wlan0-1: STA --:--:--:--:--:-- IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
19018 Tue Feb 25 18:21:50 2025 daemon.info hostapd: wlan0-1: STA --:--:--:--:--:-- IEEE 802.11: associated (aid 2)
19019 Tue Feb 25 18:21:50 2025 daemon.info hostapd: wlan0-1: STA --:--:--:--:--:-- IEEE 802.1X: unauthorizing port
19020 Tue Feb 25 18:21:51 2025 daemon.notice hostapd: wlan0-1: AP-STA-CONNECTED --:--:--:--:--:-- auth_alg=sae
19021 Tue Feb 25 18:21:51 2025 kern.notice ----------------: WiFi client connected: --:--:--:--:--:--
19022 Tue Feb 25 18:21:51 2025 daemon.info hostapd: wlan0-1: STA --:--:--:--:--:-- IEEE 802.1X: authorizing port
19023 Tue Feb 25 18:21:51 2025 daemon.info hostapd: wlan0-1: STA --:--:--:--:--:-- RADIUS: starting accounting session ----------------
19024 Tue Feb 25 18:21:51 2025 daemon.info hostapd: wlan0-1: STA --:--:--:--:--:-- WPA: pairwise key handshake completed (RSN)
19025 Tue Feb 25 18:21:51 2025 daemon.notice hostapd: wlan0-1: EAPOL-4WAY-HS-COMPLETED --:--:--:--:--:--
19026 Tue Feb 25 18:22:00 2025 cron.err crond[10564]: USER root pid 9811 cmd /usr/bin/wireguard_watchdog
19027 Tue Feb 25 18:22:02 2025 daemon.notice wpa_supplicant[2143]: wlan0-2: SME: Trying to authenticate with --:--:--:--:--:-- (SSID='----------------' freq=2412 MHz)
19028 Tue Feb 25 18:22:03 2025 kern.info kernel: [195198.335788] wlan0-2: disconnect from AP --:--:--:--:--:-- for new auth to --:--:--:--:--:--
19029 Tue Feb 25 18:22:03 2025 daemon.notice netifd: Network device 'wlan0-2' link is down
19030 Tue Feb 25 18:22:03 2025 daemon.notice netifd: Interface 'ifWan2' has link connectivity loss
19031 Tue Feb 25 18:22:03 2025 daemon.notice netifd: ifWan2 (577): udhcpc: received SIGTERM
19032 Tue Feb 25 18:22:03 2025 daemon.notice netifd: ifWan2 (577): udhcpc: unicasting a release of 192.168.178.64 to 192.168.178.1
19033 Tue Feb 25 18:22:03 2025 daemon.notice netifd: ifWan2 (577): udhcpc: sending release
19034 Tue Feb 25 18:22:03 2025 daemon.notice netifd: ifWan2 (577): udhcpc: entering released state
19035 Tue Feb 25 18:22:03 2025 daemon.notice netifd: ifWan2 (577): Command failed: Permission denied
19036 Tue Feb 25 18:22:03 2025 daemon.notice netifd: Interface 'ifWan2' is now down
19037 Tue Feb 25 18:22:03 2025 kern.warn kernel: [195198.437183] ath10k_ahb a000000.wifi: peer-unmap-event: unknown peer id 175
19038 Tue Feb 25 18:22:03 2025 kern.warn kernel: [195198.437260] ath10k_ahb a000000.wifi: peer-unmap-event: unknown peer id 175
19039 Tue Feb 25 18:22:03 2025 kern.warn kernel: [195198.443974] ath10k_ahb a000000.wifi: peer-unmap-event: unknown peer id 175
19040 Tue Feb 25 18:22:03 2025 kern.info kernel: [195198.459252] wlan0-2: authenticate with --:--:--:--:--:--
19041 Tue Feb 25 18:22:03 2025 kern.info kernel: [195198.459365] wlan0-2: 80 MHz not supported, disabling VHT
19042 Tue Feb 25 18:22:03 2025 kern.info kernel: [195198.469860] wlan0-2: send auth to --:--:--:--:--:-- (try 1/3)
19043 Tue Feb 25 18:22:03 2025 kern.info kernel: [195198.477279] wlan0-2: authenticated
19044 Tue Feb 25 18:22:03 2025 daemon.info dnsmasq[9684]: reading /tmp/resolv.conf.d/resolv.conf.auto
19045 Tue Feb 25 18:22:03 2025 daemon.info dnsmasq[9684]: using nameserver 1.1.1.1#53
19046 Tue Feb 25 18:22:03 2025 daemon.info dnsmasq[9684]: using nameserver 10.74.---.---#53
19047 Tue Feb 25 18:22:03 2025 daemon.info dnsmasq[9684]: using nameserver 10.74.---.---#53
19048 Tue Feb 25 18:22:03 2025 daemon.info dnsmasq[9684]: using nameserver 1.1.1.1#53
19049 Tue Feb 25 18:22:03 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for test
19050 Tue Feb 25 18:22:03 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for onion
19051 Tue Feb 25 18:22:03 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for localhost
19052 Tue Feb 25 18:22:03 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for local
19053 Tue Feb 25 18:22:03 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for invalid
19054 Tue Feb 25 18:22:03 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for bind
19055 Tue Feb 25 18:22:03 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for lan
19056 Tue Feb 25 18:22:03 2025 daemon.notice wpa_supplicant[2143]: wlan0-2: Trying to associate with --:--:--:--:--:-- (SSID='----------------' freq=2412 MHz)
19057 Tue Feb 25 18:22:03 2025 kern.info kernel: [195198.486122] wlan0-2: associate with --:--:--:--:--:-- (try 1/3)
19058 Tue Feb 25 18:22:03 2025 kern.info kernel: [195198.493766] wlan0-2: RX ReassocResp from --:--:--:--:--:-- (capab=0x1431 status=0 aid=2)
19059 Tue Feb 25 18:22:03 2025 kern.warn kernel: [195198.495913] ath10k_ahb a000000.wifi: pdev param 0 not supported by firmware
19060 Tue Feb 25 18:22:03 2025 kern.warn kernel: [195198.501128] ath10k_ahb a000000.wifi: failed to enable peer stats info: -95
19061 Tue Feb 25 18:22:03 2025 kern.info kernel: [195198.508365] wlan0-2: associated
19062 Tue Feb 25 18:22:03 2025 daemon.notice netifd: Network device 'wlan0-2' link is up
19063 Tue Feb 25 18:22:03 2025 daemon.notice netifd: Interface 'ifWan2' has link connectivity
19064 Tue Feb 25 18:22:03 2025 daemon.notice netifd: Interface 'ifWan2' is setting up now
19065 Tue Feb 25 18:22:03 2025 kern.debug kernel: [195198.565067] wlan0-2: Limiting TX power to 20 (20 - 0) dBm as advertised by --:--:--:--:--:--
19066 Tue Feb 25 18:22:03 2025 daemon.notice wpa_supplicant[2143]: wlan0-2: Associated with --:--:--:--:--:--
19067 Tue Feb 25 18:22:03 2025 daemon.notice netifd: ifWan2 (9876): udhcpc: started, v1.34.1
19068 Tue Feb 25 18:22:03 2025 daemon.notice wpa_supplicant[2143]: wlan0-2: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
19069 Tue Feb 25 18:22:03 2025 daemon.notice netifd: ifWan2 (9876): udhcpc: broadcasting discover
19070 Tue Feb 25 18:22:03 2025 user.notice mwan3-hotplug[9833]: Execute ifdown event on interface ifWan2 (unknown)
19071 Tue Feb 25 18:22:03 2025 daemon.notice wpa_supplicant[2143]: wlan0-2: WPA: Key negotiation completed with --:--:--:--:--:-- [PTK=CCMP GTK=CCMP]
19072 Tue Feb 25 18:22:03 2025 daemon.notice wpa_supplicant[2143]: wlan0-2: CTRL-EVENT-CONNECTED - Connection to --:--:--:--:--:-- completed [id=1 id_str=]
19073 Tue Feb 25 18:22:03 2025 user.info mwan3track[3202]: Detect ifdown event on interface ifWan2 (wlan0-2)
19074 Tue Feb 25 18:22:04 2025 user.info mwan3track[3202]: Check (ping) failed for target "1.1.1.1" on interface ifWan2 (wlan0-2). Current score: 6
19075 Tue Feb 25 18:22:04 2025 daemon.notice wpa_supplicant[2143]: wlan0-2: CTRL-EVENT-SIGNAL-CHANGE above=1 signal=-43 noise=-109 txrate=1000
19076 Tue Feb 25 18:22:04 2025 user.info mwan3track[3202]: Check (ping) failed for target "8.8.8.8" on interface ifWan2 (wlan0-2). Current score: 6
19077 Tue Feb 25 18:22:04 2025 user.notice mwan3track[3202]: Interface ifWan2 (wlan0-2) is disconnecting
19078 Tue Feb 25 18:22:05 2025 user.notice mwan3track[3202]: Interface ifWan2 (wlan0-2) is offline
19079 Tue Feb 25 18:22:05 2025 user.notice mwan3-hotplug[10325]: Execute disconnected event on interface ifWan2 (wlan0-2)
19080 Tue Feb 25 18:22:06 2025 kern.info WAN (ifWan2) is down, switched to backup WAN (mob1s1a1)
19081 Tue Feb 25 18:22:06 2025 daemon.info events_reporting: Sending email to "--------@----------------.com "
19082 Tue Feb 25 18:22:06 2025 daemon.notice netifd: ifWan2 (9876): udhcpc: broadcasting discover
19083 Tue Feb 25 18:22:06 2025 daemon.notice netifd: ifWan2 (9876): udhcpc: broadcasting select for 192.168.178.64, server 192.168.178.1
19084 Tue Feb 25 18:22:06 2025 daemon.notice netifd: ifWan2 (9876): udhcpc: lease of 192.168.178.64 obtained from 192.168.178.1, lease time 86400
19085 Tue Feb 25 18:22:07 2025 daemon.notice netifd: Interface 'ifWan2' is now up
19086 Tue Feb 25 18:22:07 2025 daemon.info dnsmasq[9684]: reading /tmp/resolv.conf.d/resolv.conf.auto
19087 Tue Feb 25 18:22:07 2025 daemon.info dnsmasq[9684]: using nameserver 1.1.1.1#53
19088 Tue Feb 25 18:22:07 2025 daemon.info dnsmasq[9684]: using nameserver 192.168.178.21#53
19089 Tue Feb 25 18:22:07 2025 daemon.info dnsmasq[9684]: using nameserver 10.74.---.---#53
19090 Tue Feb 25 18:22:07 2025 daemon.info dnsmasq[9684]: using nameserver 10.74.---.---#53
19091 Tue Feb 25 18:22:07 2025 daemon.info dnsmasq[9684]: using nameserver 1.1.1.1#53
19092 Tue Feb 25 18:22:07 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for test
19093 Tue Feb 25 18:22:07 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for onion
19094 Tue Feb 25 18:22:07 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for localhost
19095 Tue Feb 25 18:22:07 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for local
19096 Tue Feb 25 18:22:07 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for invalid
19097 Tue Feb 25 18:22:07 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for bind
19098 Tue Feb 25 18:22:07 2025 daemon.info dnsmasq[9684]: using only locally-known addresses for lan
19099 Tue Feb 25 18:22:07 2025 daemon.err events_reporting: Failed to send email to "--------@----------------.com "
19100 Tue Feb 25 18:22:07 2025 user.notice mwan3-hotplug[10580]: Execute ifup event on interface ifWan2 (wlan0-2)
19101 Tue Feb 25 18:22:08 2025 kern.info Switched to main WAN (ifWan2)
19102 Tue Feb 25 18:22:08 2025 user.info mwan3track[3202]: Detect ifup event on interface ifWan2 (wlan0-2)
19103 Tue Feb 25 18:22:09 2025 user.info mwan3track[3202]: Check (ping) success for target "1.1.1.1" on interface ifWan2 (wlan0-2). Current score: 0
19104 Tue Feb 25 18:22:09 2025 user.notice mwan3track[3202]: Interface ifWan2 (wlan0-2) is connecting
19105 Tue Feb 25 18:22:09 2025 daemon.info events_reporting: Sending email to "--------@----------------.com "
19106 Tue Feb 25 18:22:09 2025 daemon.err events_reporting: Failed to send email to "--------@----------------.com "
19107 Tue Feb 25 18:22:10 2025 user.info mwan3track[3202]: Lost 2 ping(s) on interface ifWan2 (wlan0-2). Current score: 0
19108 Tue Feb 25 18:22:10 2025 user.notice mwan3track[3202]: Interface ifWan2 (wlan0-2) is online
19109 Tue Feb 25 18:23:00 2025 cron.err crond[10564]: USER root pid 11668 cmd /usr/bin/wireguard_watchdog

I surely have pasted more than necessary and hope you do not mind.

There are several spots in this last logread, where I fear problems, but I do not want to deviate from the actual problem of this thread, i.e. that the RMS connection always breaks if a 2nd WG interface is deleted.

I have not tried with the 1st WG interface and do not want to, because then I would have to set this up again, too, and this was (for me) already difficult.

Hopefully, the provided feedback helps @Marija to see what is going wrong. Thanks a lot for your support!

Hello,

From the logs, I can see that the primary WAN (ifWan2) experienced a loss of connection, causing the device to switch to the backup WAN (mob1s1a1). This switch led to the disconnection from RMS. When the device does not have an active internet connection, it cannot remain online in RMS. Therefore, during the transition from the main WAN to the backup WAN, the RUTX11 goes offline and is temporarily disconnected from RMS.

Best regards,

The RUTX11 is directly connected to my Fritzbox Wifi (1 m away - for testing purposes).

Why does it everytime and reproducibly lose Wifi connection when I delete an used 2nd test WG interface from the RUTX11?

Could you please check the routing table by executing ip route in the CLI both before and after deleting the WireGuard interface, to see if any routes are affected?

Thank you.

Best regards,

2nd WG interface “test” (disabled):

~# ip route
default via 192.168.178.1 dev wlan0-2 proto static src 192.168.178.64 metric 1
default dev qmimux0 proto static scope link src 10.76.215.59 metric 2
10.76.215.59 dev qmimux0 proto static scope link src 10.76.215.59 metric 2
xxx.xxx.xxx.xxx via 192.168.178.1 dev wlan0-2 metric 1
xxx.xxx.xxx.xxx dev qmimux0 scope link metric 2
192.168.11.0/24 dev br-lan proto kernel scope link src 192.168.11.1
192.168.178.0/24 dev wlan0-2 proto static scope link src 192.168.178.64 metric 1
192.168.178.0/24 dev Home proto static scope link metric 3

2nd WG interface “test” => Delete + Save & Apply:

~# ip route
default via 192.168.178.1 dev wlan0-2 proto static src 192.168.178.64 metric 1
default dev qmimux0 proto static scope link src 10.76.215.59 metric 2
10.76.215.59 dev qmimux0 proto static scope link src 10.76.215.59 metric 2
xxx.xxx.xxx.xxx via 192.168.178.1 dev wlan0-2 metric 1
xxx.xxx.xxx.xxx dev qmimux0 scope link metric 2
192.168.11.0/24 dev br-lan proto kernel scope link src 192.168.11.1
192.168.178.0/24 dev wlan0-2 proto static scope link src 192.168.178.64 metric 1
192.168.178.0/24 dev Home proto static scope link metric 3

2nd WG interface “test” (enabled):

~# ip route
default via 192.168.178.1 dev wlan0-2 proto static src 192.168.178.64 metric 1
default dev qmimux0 proto static scope link src 10.76.215.59 metric 2
10.5.0.0/24 dev test proto kernel scope link src 10.5.0.1
10.76.215.59 dev qmimux0 proto static scope link src 10.76.215.59 metric 2
xxx.xxx.xxx.xxx via 192.168.178.1 dev wlan0-2 metric 1
xxx.xxx.xxx.xxx dev qmimux0 scope link metric 2
192.168.11.0/24 dev br-lan proto kernel scope link src 192.168.11.1
192.168.178.0/24 dev wlan0-2 proto static scope link src 192.168.178.64 metric 1

2nd WG interface “test” => Delete + Save & Apply:

~# ip route
default via 192.168.178.1 dev wlan0-2 proto static src 192.168.178.64 metric 1
default dev qmimux0 proto static scope link src 10.76.215.59 metric 2
10.76.215.59 dev qmimux0 proto static scope link src 10.76.215.59 metric 2
xxx.xxx.xxx.xxx via 192.168.178.1 dev wlan0-2 metric 1
xxx.xxx.xxx.xxx dev qmimux0 scope link metric 2
192.168.11.0/24 dev br-lan proto kernel scope link src 192.168.11.1
192.168.178.0/24 dev wlan0-2 proto static scope link src 192.168.178.64 metric 1
192.168.178.0/24 dev Home proto static scope link metric 3

IPs that I know about:

• 192.168.11.1: RUTX11’s static IP (DHCP range: 192.168.11.2 - 192.168.11.99)
• 192.168.178.1: Fritzbox’s static IP (DHCP range: 192.168.178.2 - 192.168.178.190)
• 192.168.178.64: RUTX11, as it appears as client on the Fritzbox’s network when directly connected via Wifi

When I added the “test” WG interface on the RUTX11, I left all default values untouched, e.g. IP addresses: 10.5.0.1/24.

@Marija
Does this all make any sense to you?

@Marija
Please let me know if you need any further information from me. Thank you!

This topic was automatically closed after 60 days. New replies are no longer allowed.