Bug #16611
open
WireGuard MultiWAN Not Failing Back to Tier 1
Added by steven warner 3 months ago.
Updated 21 days ago.
Affected Plus Version:
25.11
Affected Architecture:
amd64
Description
When using a GW group for WAN failover, WireGuard will fail to Tier2 when the Tier1 GW is down. However, when Tier1 is restore, WireGuard does not revert back to Tier1.
re-opening issue 11630. This issue still occurs in 25.11.
Hello Steven,
Do you have state killing on lower priority gateways selected under System --> Advanced --> Misc?
Hi Kris - Yes that setting is set as you asked. The Wireguard tunnel stays firmly gripped on the lower tier gateway when the higher priority tier restores, while other traffic correctly migrates.
I also see this behavior at my location here.
I can add linbks to other reports from reddit etc... I believe this really happens. Big problem when your backup WAN is on a metered link...
Tested on 25.11.1-RELEASE
I was able to reproduce this issue and as a workaround I added Floating Firewall rule:
Interfaces: Any
Direction: Out
Protocol: UDP
Destination: <WireGuard Server IP>
Destination Port: <WireGuard Port> (for example, 51820)
Gateway: <Failover Gateway group>
and in System->Advanced-> Miscellaneous I chose 'State Killing on Gateway Recovery: Kill all states for lower-priority gateways'.
After I added these settings, whenever WAN1 went down, WireGuard started using WAN2. When WAN1 came back up, WireGuard successfully switched back to WAN1.
- Status changed from New to Confirmed
State Killing on Gateway Failures set to "Flush all states on gateway failure" will cause a full flush, which "fixes" the problem. However, with "State Killing on Gateway Recovery" set to "Kill all states for lower priority gateways" set, it should fall back to the higher tier WG gateway and it does not.
Marking as Confirmed, as we have at least 3 accounts and someone from TAC confirming this issue.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by