Mytob 2 Posted ... Got fiber to the home last week so I decided to switch from OpenVPN to Wireguard on my Ubiqity USG to make use of the higher thoughput offered from Wireguard. After switching from OpenVPN to Wireguard on my USG I am running into issues of various sites not working such as duckduckgo.com. Have checked again with OpenVPn and all works as expected. After doing a bit of searching the forums I came across others with a similar issue which suggested adjusting the MTU Value to 1300. This has had no effect on the issue. I have tried the same config files using the Windows client and it works fine. The USG will only seem to accept an IPV4 address as well for some reason? Any suggestions? Quote Share this post Link to post
Staff 10014 Posted ... 29 minutes ago, Mytob said: suggested adjusting the MTU Value to 1300. This has had no effect on the issue. Hello! Please try MTU set to 1280 bytes, if you haven't already done so. Kind regards Quote Share this post Link to post
Mytob 2 Posted ... Hi 😃 Just tried 1280 via the config gen and has not made any difference unfortunatly. Did also just try a Wireguard config from VPN Unlimited and that is not having the same issue for some reason. Looked at the config files and there is no obvious differnce between them apart from having resolved hosts and the MTU line being omited from it. Can post cencored configs if its any help. Thanks =) Quote Share this post Link to post
Staff 10014 Posted ... 10 hours ago, Mytob said: Hi 😃 Just tried 1280 via the config gen and has not made any difference unfortunatly. Did also just try a Wireguard config from VPN Unlimited and that is not having the same issue for some reason. Looked at the config files and there is no obvious differnce between them apart from having resolved hosts and the MTU line being omited from it. Can post cencored configs if its any help. Thanks 😃 Hello! Is the Windows system successfully connecting with WireGuard through the same ISP and the same upstream router? If so, the problem should be Unifi specific. Could you please send us the WireGuard log while the problem is ongoing? Can you also make sure that the WireGuard interface is up and running on the USG (please check the interface status by connecting via SSH to the device and entering either wg show or ip addr show command). Also check whether you can ping the VPN gateway directly from the Unifi device during your SSH session on the Unifi (ping 10.128.0.1) while the WireGuard connection is allegedly up. Kind regards Quote Share this post Link to post
Mytob 2 Posted ... 23 hours ago, Staff said: Is the Windows system successfully connecting with WireGuard through the same ISP and the same upstream router? If so, the problem should be Unifi specific. Can confirm that i can access duckduckgo from Windows with a Windows wireguard client running. This is going over the same router and the same ISP as i am having issue with. 23 hours ago, Staff said: Can you also make sure that the WireGuard interface is up and running on the USG (please check the interface status by connecting via SSH to the device and entering either wg show or ip addr show command). interface: wgclt1 public key: u7FpkRwKI44Klsbzwzn/yFA1nsx8XWfpOLRV/kzIPzw= private key: (hidden) listening port: 36861 peer: PyLC<cut> preshared key: (hidden) endpoint: 83.143.245.53:1637 allowed ips: 0.0.0.0/0 latest handshake: 48 seconds ago latest receive: 2 seconds ago transfer: 5.58 GiB received, 7.02 GiB sent persistent keepalive: every 1 minute forced handshake: every 5 seconds Working as far as i can tell! 23 hours ago, Staff said: Also check whether you can ping the VPN gateway directly from the Unifi device during your SSH session on the Unifi (ping 10.128.0.1) while the WireGuard connection is allegedly up. root@UDM-SE:~# ping 10.128.0.1 PING 10.128.0.1 (10.128.0.1) 56(84) bytes of data. ^C --- 10.128.0.1 ping statistics --- 151 packets transmitted, 0 received, 100% packet loss, time 155890ms No luck on pinging from the USG intrestingly though on Windows i get... C:\Users\Ian>ping 10.128.0.1 Pinging 10.128.0.1 with 32 bytes of data: Reply from 10.128.0.1: bytes=32 time=22ms TTL=63 Reply from 10.128.0.1: bytes=32 time=20ms TTL=63 Reply from 10.128.0.1: bytes=32 time=21ms TTL=63 Reply from 10.128.0.1: bytes=32 time=22ms TTL=63 Ping statistics for 10.128.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 20ms, Maximum = 22ms, Average = 21ms 23 hours ago, Staff said: Could you please send us the WireGuard log while the problem is ongoing? From what I can gather it logs to messages which I have attached. The issues would have started from about 10/09/24 when I would have tried switchng to the Wireguard client. .essages Quote Share this post Link to post
Staff 10014 Posted ... @Mytob Hello! While we can see multiple problems, none of them seems strictly related to WireGuard. Please re-check configuration through the official guide here: https://help.ui.com/hc/en-us/articles/16357883221015-UniFi-Gateway-WireGuard-VPN-Client and don't forget to set traffic routes to let devices send traffic over the VPN if necessary. If the problem persists, we would suggest you contact Unifi support. If they reply and manage to solve the problem, please let the community know what the problem was: the info can be useful for future Unifi users. Kind regards Quote Share this post Link to post
Mytob 2 Posted ... Have just put a post on the Ubiquity forums if anyone else is running into simlar issues... https://community.ui.com/questions/AirVPN-Wireguard-Timeout-Issues-UDM-SE/cabd29e4-675d-4de4-b9ff-5d6e216afc8e 1 Staff reacted to this Quote Share this post Link to post
imsimone 0 Posted ... I ran into this issue and fixed it with the solution in this post https://community.ui.com/questions/Wireguard-Client-Server-Issue-Accessing-Certain-Websites-MTU-issue/373f7a7b-36be-4645-89c7-870fcf759c85#answer/c38e283f-0d38-474f-967c-4bf8923a3fb1 Seems that MSS clamping isn't getting applied properly right now so you need to do it yourself Quote Share this post Link to post
Mytob 2 Posted ... Just tried and works fine now. Hope they fix it soon! Many thanks for the link Quote Share this post Link to post