Jump to content
TorGuard
  • 0

wireguard vpn and expiration

Rate this question


James8078
 Share

Question

hi,

 

someone knows if there is a solution to do something about the generator tool with wireguard, the problem is it seems that once you disconnected your vpn and you already created some peers, you want to change the peer or just reconnect wireguard and unfortunately it does not work anymore, you have to open torguard website and the generator again.

??

 

thanks

Link to comment
Share on other sites

9 answers to this question

Recommended Posts

  • 0
On 11/7/2020 at 9:27 PM, James8078 said:

someone knows if there is a solution to do something about the generator tool with wireguard

I wrote this for openwrt guide, if you use it on a mobile phone, then save your api url as bookmark in your browser on your phone (assuming you want to manage it from your mobile device) for ability to activate any of your configs. You can easily manage and activate all ip's which you use.

Link to comment
Share on other sites

  • 0
On 11/9/2020 at 10:18 PM, 19807409 said:

I wrote this for openwrt guide, if you use it on a mobile phone, then save your api url as bookmark in your browser on your phone (assuming you want to manage it from your mobile device) for ability to activate any of your configs. You can easily manage and activate all ip's which you use.

Hi @19807409 

I have a the same issue. 

Is this script working if you have defined a dedicated IP for WG ? I have an IP where I have opened up some ports, but I currently see that after a couple of days , the server lose its connection . TG support informs me that the API system should be fixed the upcomming week ( doubt that to be honest ) . 

Once I refresh the config file via the configurator, I can connect again. After a couple of days - it dies. 

The odd thing is that TG states in a ticket to me that my connection will be online the entire time, unless I disconnect for +15 minuts and then the config expires which makes OK sense. But I have a dedicated server which is online 24/7 and I have now seen this issue persist over and over within the same time frame .

Im running headless on a Ubuntu Server 20.04 , so all help would be very much appreciated :)

 

Cheers

Morphy

 

 

 

Link to comment
Share on other sites

  • 0
On 6/25/2021 at 1:13 PM, Morphy said:

Hi @19807409 

I have a the same issue. 

Is this script working if you have defined a dedicated IP for WG ? I have an IP where I have opened up some ports, but I currently see that after a couple of days , the server lose its connection . TG support informs me that the API system should be fixed the upcomming week ( doubt that to be honest ) . 

Once I refresh the config file via the configurator, I can connect again. After a couple of days - it dies. 

The odd thing is that TG states in a ticket to me that my connection will be online the entire time, unless I disconnect for +15 minuts and then the config expires which makes OK sense. But I have a dedicated server which is online 24/7 and I have now seen this issue persist over and over within the same time frame .

Im running headless on a Ubuntu Server 20.04 , so all help would be very much appreciated :)

 

Cheers

Morphy

 

 

 

Hello @Morphy,

long time, hope you are well, yes this script is working for dedicated IP's. But before I continue, dedicated IP's do not expire as far as I know (if nothing change, @Support can confirm/deny). At least none of my dedicated IP's ever expired. If that is correct, you do not need to use the script, I keep using it for the case if connection drops, it does not hurt to simply validate/activate it ;).

About port-forward I have troubles in reply as you did not specify it in details, but I believe I understand what it is about. If it worked then you probably configured it properly which might include ifup/ifdown lines, but I guess you did not add anything outside guide/scripting. If it worked and you experience disconnects then of course it could be on torguard side too. I do not experience connection drops and if, wireguard is peerless protocol meaning that you do not need to restart/reconnect, as soon as your connection or server gets back online, handshake will happen and from that point you would be online.

If you use it on router, then it is not bad idea anyway to reboot it lets say once a day, your configs would also not expire.

If you switched your router off for time period of expiration or longer (which I believe is now 24 hours), then of course it is another story, but if you use my scripts rebooting should help.

It also could be some issue with your router software, you would need to check logs to see why at all you get disconnected, that is not normal case and never happens to me on any of devices.

For the odd thing about 15 minutes, once again, Torguard changed it to 24 hours (or maybe even longer), your configs will not expire after 15 minutes.

One big reason why I use TorGuard is because I use it on servers too which need reliable VPN connection without drops, in over 5 years I did not see any unannouced drops/maintenance on any of servers which I used (I am sure this is not the case for all 3000+ servers).

If you need any help, you know ;) that you are welcome to ask and I will gladly help where I can.

  • Like 1
Link to comment
Share on other sites

  • 0

One note as addition as many seem to be confused, configs do not expire if you are connected to vpn, if you disconnect for longer than 24 hours then it will expire, but as soon as you reconnect within 24 hours, expiration will be postponed. This is where my script is usefull, as you can validate/keep valid by launching the script and you can run it on any device worldwide, it does not need to be device which connects.

  • Like 1
Link to comment
Share on other sites

  • 0

Hi mate :)

 

Im doing just fine , and I hope that you are ok as well? 

I see that my post was a bit off regarding the ports and the dedicated ip .

 

What I have done is to ping swe.torguard.com -> gave me an ip ( random ). That isn't a dedicated ip , its a shared I guess ? But I use that specific IP for the configurator :) . In my port forward in TG webpage - I have opened ports for that specific IP I got. 

 

Im running an Ubuntu Server 20.04LTS - pure CLI . 

The really odd thing is that support confirms in my tickets that the config won't expire, unless I have a DC and it last for 24 hours. Then it would expire. I have a UFW firewall rule set up which secure my connection if the WG dies. I have seen it happens aprox 3 times now - duration is almost the same days counting. 

What I am looking for is a solution to keep this working for me. Maybe a reconnect script if the connection fails. Just don't know how to make a script like that. 

After the connection died, I can confirm I cant reconnect with sudo wg-quick up wg0 - it simply won't reconnect. Then I have go to the webpage - remake a config and start it up again :) .

I also love TG - great service and tons of servers. And the support and the forum is great .

 

All help would be appreciated :) 

Cheers

 

Morphy

Link to comment
Share on other sites

  • 0

I am fine thanks for asking ;)

Calling something dedicated IP is a little bit misleading and I myself are not really aware of how TorGuard calls it internally. They used to say for IP which you enter for port forwarding as dedicated which in fact is not wrong as it indeed is dedicated. However, from definition one would believe a dedicated server is a server where only I can connect for which torguard offers separate product. However, in both cases configs should not expire if it is dedicated server or dedicated forwarding. I believe in both cases they do not expire and can confirm that one of 10Gbit dedicated port forwarding ip's is not expiring for me and that device was for weeks on and by that I can confirm that they actually did not expire after 24 hours. However, clear status can be given only by support, I can say it just for ip's which I use.

5 hours ago, Morphy said:

What I am looking for is a solution to keep this working for me. Maybe a reconnect script if the connection fails. Just don't know how to make a script like that. 

You do not need reconnect script, wireguard is connectionless protocol, if you or other side gets offline, then you do not need to restart your interface, as soon as connection is there and handshake happens you are online. What you speak about is something that is not active on TorGuard side, back then keys expired after 10 minutes, for some time it was even changed to I think 5 (for a day or two). Where I used a script which simlply runs every minutes which was sufficient that in case of invalidation key will be validated within 60 seconds, meaning that your connectionless wireguard will immediately be online because the internal IP does not change (do not remember how much time/buffer there was before IP was unassigned from key). Currently, if your key expires, you get new internal IP except if it is port-forward/dedicated ip, as then internal IP stays same and therefore no disconnects at all and it does not expire (I do not remember that I experienced any invalidations since I run it)

Also, you can add another service (systemd) which simply restarts your wireguard interface if you want to enforce some periodic restarts, but it is really not required, you do not need it as explained above.

In wireguard guide for radxa's rockj I describe how you can add it as a loop, but there are many ways of how you can run it, on ubuntu I would suggest to run it as systemd service. I simply added to 3 different devices on 3 different locations to run curl line and keep my keys valid, by that I do not need to bother with current pc, where router as example is running 24h/day and is stable for years, meaning that running there a curl job is really very secure and stable.

 Also, if you actually ping domain, then you probably do it for ability to find out IP address to which you want to connect. Instead of ping, use nslookup, this will show all available IP's from that domain (country).

5 hours ago, Morphy said:

I can confirm I cant reconnect with sudo wg-quick up wg0 - it simply won't reconnect.

Do you have a logs of that? I am using it with ubuntu and debian too and have no issues which you mention, but I am permanently connected and do not really switch IP's.

Link to comment
Share on other sites

  • 0

Hi mate .

 

Thanks for the good explanation. Appreciated .

Well I dont have any logs, but I do not have any connection to my media, Ping or anything after the dc .

I have now made a cronjob which connects to TG API server every ten minuts :) . So hopefully this would solve my issue. 
 

Gonna let the server run for the next week to see what happends :) 

  • Like 1
Link to comment
Share on other sites

  • 0
28 minutes ago, Morphy said:

Hi mate .

 

Thanks for the good explanation. Appreciated .

Well I dont have any logs, but I do not have any connection to my media, Ping or anything after the dc .

I have now made a cronjob which connects to TG API server every ten minuts :) . So hopefully this would solve my issue. 
 

Gonna let the server run for the next week to see what happends :) 

Yes, it should resolve the issue if the issue indeed was expiring config. Hope it is resolved for you.

If not, then take in mind that your ISP could get downtime or your router hangs, because if you get invalidated, then you were not connected for certain time, thats why I asked if you have logs as there it should be visible when you disconnected/lost connection.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...