I have the problem that with Firmware TRB501_R_00.07.19.4 the Gateway does not reconnect to my wireguard server after the modem restartes and the public IP changes. The Handshake between Wireguard server and TRB is not happening. After some testing AI told me the problem is: “The built-in wireguard_watchdog script on Teltonika devices has a bug - it tries to use wg set to re-resolve the endpoint, but this doesn’t properly rebind the socket after the source IP changes.” When downgrading to TRB501_R_00.07.18.3 the problem is solved. Is this a known issue?
If you look at the wireguard_watchdog script on your device, and you have a very recent firmware version ….. you may discover that asking AI can ometimes be near on useless. 0n RUTX devices the script uses ‘ifup’ instead of ‘wgset’, on later firmware versions. Sorry I couldn’t give you any better insight, maybe someone has come across your particular scenario on TRB’s.
Is our TRB501 the client or the server for this setup?
You mention that the Public IP changes, does it change on the server or on the client?
If our device isn’t the server, what device is?
A few notes - if the public IP changes on the server, which isn’t our device, then you’d have to change the peer IP address in the config in order to be able to reconnect. This is the only way to approach this. Alternatively, you could opt for requesting your internet service provider to change your Public IP from a Dynamic one, to a static one, that way it will not change after a reboot.
To add up on what I wrote above, I forgot to mention that if the server IP changes, you can also setup a DDNS (Dynamic DNS) and point our device to the hostname, instead of a direct IP address, this way, any changes that have been made to the IP address will automatically renew.
Hi, thanks for the reply, but the TRB is just the client. Wireguard server is a Ubuntu server with static IP. Connecting to it is also no problem for the other devices I use. When watching the handshakes on the wiregurad server I observe that no handshake is taking place between the TRB and the wg server. Rebooting the TRB router or modem does not solve the problem, but navigating to Services → VPN → WireGuard and selecting the Enabled switch to off, save, enable it again and save, immediatly I see the handshake taking place at the wg server console. This confirmes me thinking it is a bug since just disabling and enabling of wg tunnel in the TRB solves the issue.
Actually that the public IP change of the TRB is the cause is only a guess by me. I am not sure what the real root cause is. Maybe actually the watchdog script fails to determin that the handshake between wg server and TRB is not taking place and therefor it is not doing the disable enable automatic.
By any chance, is there more than a single WireGuard instance on the TRB501 device? If so, could you possibly delete the ones that aren’t being used?
If this isn’t the case for you, I believe it would be wise for us to continue our conversation in a private channel. I’ve sent you a form to fill out which you will receive in your e-mail inbox that the forum account is registered on. In the Ticket ID field. simply enter 17252 and I’ll reach out to you via e-mail as soon as possible.