So the other night I upgraded my er707-m2 router from firmware version 1.2.2 to 1.2.3. Once this upgrade was complete the next day wireguard clients would no longer connect successfully to the server. I did see a couple of posts of people saying they had to delete and recreate the wireguard configurations in order for the clients to be able to connect again which leades to the below.

 

~While the er707 was on firmware ver 1.2.3

I deleted and recreated all the wireguard server and clients entries under the vpn tab .

I also deleted any acl that had reference to the wireguard network range that I use.

Once that was done the clients successfully handshake once or twice and vpn works. 

However after that one or two times of being successfully connected and disconnected the clients no longer connect. 

 

Wireguard Log on client when handshake fails.

Sending handshake initiation.... Handshake did not complete after 5 seconds, retryng.

 

 

~With the er707 downgraded and back on firmware ver 1.2.2

I deleted and recreated all the wireguard server and clients entries under the vpn tab again.

Once again with that done the clients successfully handshake once or twice and vpn works. 

Then after that one or two times of being successfully connected and disconnected the clients no longer connect. 

 

Also once again Wireguard Log on client when handshake fails.

Sending handshake initiation.... Handshake did not complete after 5 seconds, retryng.

 

~Should be noted I also downgraded the er707 back to firmware ver 1.2.1 with the same results and no Wireguard ACL's were recreated.

 

With the sporadic successfull connections I have gotten and being able to replicate the issue consistently I am not 100% whether this is router or wireguard configuration related. With that in mind my wireguard configuration on the server and clients worked for the last year with no problems or hiccups and I have double and triple checked the config for it multiple times.

 

~Wiregaurd VPN

Omada Server Config

MTU: 1420

Listen Port: 51820

Local IP Address: 192.168.192.1

Private Key: Redacted

 

~Omada Peer Config

Interface: Wireguard VPN

Endpoint192.168.192.3

Endpoint Port: 51820

Allow Address: 192.168.192.3/32, local lan range/24

Persistent Keepalive: 25

Public Key: Redacted 

Preshared Key: Redacted

 

~iOS Mobile Device Config

Interface

Private Key: Redacted

Public Key: Redacted

Addresses: 192.168.192.3/32

Listen Port: 51820

MTU: 1420

DNS Servers: 1.1.1.1, 1.0.0.1

 

Peer

Public Key: Redacted

Preshared Key: Redacted

Endpoint: Redacted:51820

Allowed IP's: 0.0.0.0/0, 192.168.192.0/32, local lan range/24

Exclude Private IP's: None

Persistent Keepalive: 25