Wireguard Unable to Connect or Stay Connected

InsipidxMoniker · April 12, 2023, 9:59pm

Hello,

I have recently spun up a DigitalOcean Droplet and installed wireguard-tools followed by the Ubuntu installer using the instructions in the documentation. I have the latest Pritunl client installed on my Windows machine as well as the latest Wireguard client.

I am able to connect to OpenVPN just fine, no issues whatsoever; however, when I try to connect to Wireguard, it gives me one of two issues.

It will connect for ~20-30 seconds and then disconnect me and give me the error “Failed to connect to TestServer.”

Here are the logs for issue 1:

Service logs:

[2023-04-12 14:53:22][INFO] ▶ profile: Connecting ◆ device_auth=false ◆ disable_gateway=false ◆ dynamic_firewall=false ◆ force_dns=false ◆ mode="wg" ◆ profile_id="c72c4a6ad27fde9a" ◆ reconnect=true ◆ sso_auth=false
[2023-04-12 14:53:54][ERRO] ▶ profile: Keepalive failed
profile: Request put error
Put "https://192.168.234.1/key/wg/643720808137861663545e03/643720858137861663545e12/6437211c8137861663545ee5": read tcp 192.168.234.2:61761->192.168.234.1:443: wsarecv: An existing connection was forcibly closed by the remote host.
ORIGINAL STACK TRACE:
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).pingWg
	C:/Users/Windows/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:3127 +0xb46dae
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).watchWg
	C:/Users/Windows/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:3689 +0xb49139
runtime.goexit
	C:/Program Files/Go/src/runtime/asm_amd64.s:1594 +0x5a7260
[2023-04-12 14:53:54][INFO] ▶ profile: Reconnecting ◆ profile_id="c72c4a6ad27fde9a"
[2023-04-12 14:53:54][INFO] ▶ profile: Disconnected ◆ profile_id="c72c4a6ad27fde9a"
[2023-04-12 14:53:54][INFO] ▶ profile: Connecting ◆ device_auth=false ◆ disable_gateway=false ◆ dynamic_firewall=false ◆ force_dns=false ◆ mode="wg" ◆ profile_id="c72c4a6ad27fde9a" ◆ reconnect=true ◆ sso_auth=false
[2023-04-12 14:53:55][ERRO] ▶ profile: Request wg connection failed
profile: Request put error
Post "https://164.92.70.86/key/wg/643720808137861663545e03/643720858137861663545e12/6437211c8137861663545ee5": read tcp 192.168.1.138:61788->164.92.70.86:443: wsarecv: An existing connection was forcibly closed by the remote host.
ORIGINAL STACK TRACE:
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).reqWg
	C:/Users/Windows/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:2762 +0xb44019
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).startWg
	C:/Users/Windows/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:3850 +0xb4acb5
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).Start
	C:/Users/Windows/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:1291 +0xb394ac
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).Restart
	C:/Users/Windows/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:4288 +0xb4c957
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).restartSafe
	C:/Users/Windows/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:4189 +0xb4c2d3
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).watchWg
	C:/Users/Windows/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:3701 +0xb492fe
runtime.goexit
	C:/Program Files/Go/src/runtime/asm_amd64.s:1594 +0x5a7260
[2023-04-12 14:53:58][INFO] ▶ profile: Reconnecting ◆ profile_id="c72c4a6ad27fde9a"
[2023-04-12 14:54:03][INFO] ▶ profile: Disconnected ◆ profile_id="c72c4a6ad27fde9a"
[2023-04-12 14:54:03][INFO] ▶ profile: Connecting ◆ device_auth=false ◆ disable_gateway=false ◆ dynamic_firewall=false ◆ force_dns=false ◆ mode="wg" ◆ profile_id="c72c4a6ad27fde9a" ◆ reconnect=true ◆ sso_auth=false
[2023-04-12 14:54:03][ERRO] ▶ profile: Request wg connection failed
profile: Request put error
Post "https://164.92.70.86/key/wg/643720808137861663545e03/643720858137861663545e12/6437211c8137861663545ee5": read tcp 192.168.1.138:61876->164.92.70.86:443: wsarecv: An existing connection was forcibly closed by the remote host.
ORIGINAL STACK TRACE:
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).reqWg
	C:/Users/Windows/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:2762 +0xb44019
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).startWg
	C:/Users/Windows/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:3850 +0xb4acb5
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).Start
	C:/Users/Windows/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:1291 +0xb394ac
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).Restart
	C:/Users/Windows/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:4288 +0xb4c957
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).restartSafe
	C:/Users/Windows/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:4189 +0xb4c2d3
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).startWg
	C:/Users/Windows/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:3876 +0xb4a5a7
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).Start
	C:/Users/Windows/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:1291 +0xb394ac
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).Restart
	C:/Users/Windows/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:4288 +0xb4c957
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).restartSafe
	C:/Users/Windows/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:4189 +0xb4c2d3
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).watchWg
	C:/Users/Windows/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:3701 +0xb492fe
runtime.goexit
	C:/Program Files/Go/src/runtime/asm_amd64.s:1594 +0x5a7260
[2023-04-12 14:54:06][INFO] ▶ profile: Reconnecting ◆ profile_id="c72c4a6ad27fde9a"
[2023-04-12 14:54:11][INFO] ▶ profile: Disconnected ◆ profile_id="c72c4a6ad27fde9a"
[2023-04-12 14:54:11][INFO] ▶ profile: Connecting ◆ device_auth=false ◆ disable_gateway=false ◆ dynamic_firewall=false ◆ force_dns=false ◆ mode="wg" ◆ profile_id="c72c4a6ad27fde9a" ◆ reconnect=true ◆ sso_auth=false
[2023-04-12 14:54:11][INFO] ▶ profile: Disconnecting ◆ profile_id="c72c4a6ad27fde9a"
[2023-04-12 14:54:12][INFO] ▶ profile: Disconnected ◆ profile_id="c72c4a6ad27fde9a"

Client Logs:

[2023-4-12 14:53:20][INFO] Profiles: Skipping profile sync, requires subscription
[2023-4-12 14:53:22][INFO] Profiles: Updating profile 'c72c4a6ad27fde9a'

It won’t connect at all and says “Failed to connect to TestServer.”

Service Logs:

[2023-04-12 14:57:59][INFO] ▶ profile: Connecting ◆ device_auth=false ◆ disable_gateway=false ◆ dynamic_firewall=false ◆ force_dns=false ◆ mode="wg" ◆ profile_id="c72c4a6ad27fde9a" ◆ reconnect=true ◆ sso_auth=false
[2023-04-12 14:57:59][ERRO] ▶ profile: Request wg connection failed
profile: Request put error
Post "https://164.92.70.86/key/wg/643720808137861663545e03/643720858137861663545e12/6437211c8137861663545ee5": read tcp 192.168.1.138:59718->164.92.70.86:443: wsarecv: An existing connection was forcibly closed by the remote host.
ORIGINAL STACK TRACE:
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).reqWg
	C:/Users/Windows/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:2762 +0xb44019
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).startWg
	C:/Users/Windows/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:3850 +0xb4acb5
github.com/pritunl/pritunl-client-electron/service/profile.(*Profile).Start
	C:/Users/Windows/go/src/github.com/pritunl/pritunl-client-electron/service/profile/profile.go:1291 +0xb394ac
github.com/pritunl/pritunl-client-electron/service/handlers.profilePost.func1
	C:/Users/Windows/go/src/github.com/pritunl/pritunl-client-electron/service/handlers/profile.go:103 +0xb5362b
runtime.goexit
	C:/Program Files/Go/src/runtime/asm_amd64.s:1594 +0x5a7260
[2023-04-12 14:58:00][INFO] ▶ profile: Disconnecting ◆ profile_id="c72c4a6ad27fde9a"
[2023-04-12 14:58:01][INFO] ▶ profile: Disconnected ◆ profile_id="c72c4a6ad27fde9a"

Client Logs:

[2023-4-12 14:57:57][INFO] Profiles: Skipping profile sync, requires subscription
[2023-4-12 14:57:59][INFO] Profiles: Updating profile 'c72c4a6ad27fde9a'

Any help would be appreciate with this. I’m working on a POC for my work and would love to be able to present the Wireguard option in addition to OpenVPN.

Thanks!

EDIT: There are no firewalls enabled at all on this instance as it is a test instance. Connection should be stable from DO’s end and internet connection is stable on my end.

netpro25 · May 31, 2024, 4:47am

For anyone else who runs across this issue this happened to me when I changed the bind_addr in the /etc/pritunl.conf file from 0.0.0.0 to a particular network interface IP. I was able to resolve by reverting back to 0.0.0.0

zach · June 5, 2024, 1:21pm

Verify there are no software firewalls and try removing the 0.0.0.0/0 route. Also check that the WireGuard virtual network does not overlap a local network on the client.

netpro25 · June 5, 2024, 1:46pm

Zach,

When this happened to me, I had checked this and it did not help. The issue has to do with Pritunl trying to make a request to the Pritunl server using the gateway address for the VPN network. When you bind Pritunl to a particular IP this stops the web server from running on the gateway address and keeps the client from accessing the gateway to PUT the key as shown in the below snippet.

profile: Request put error
Put "https://192.168.234.1/key/wg/....

zach · June 7, 2024, 1:53pm

There isn’t anything that can be done about that issue. The requests should go through the VPN connection which requires sending the request to the internal virtual server IP. These types of problems can be excluded by connecting to the server with OpenVPN and using curl --insecure https://<first_ip_in_virtual_network>/check. If that request doesn’t work it is most likely an issue with the web server. Otherwise it is likely an issue with the WireGuard connection.