Archer C7 (US) v2 locks up with Wireguard

Report problems and success stories with Gargoyle on various hardware platforms.

Moderator: Moderators

JeffinTx
Posts: 27
Joined: Sat Jan 23, 2016 8:01 pm

Archer C7 (US) v2 locks up with Wireguard

Post by JeffinTx »

Super THANKS for all the fantastic work on this product! I've been a fan since buying a 1043 from you years ago. Sorry if this issue is a dupe, but some of the forum pages time out when I try to check. Maybe corrupted?

I'm trying to build what I hope is a fairly typical setup for Wireguard, using the 1.13 GUI pages. See below if the target setup matters.

The problem I'm running into is that my router locks up completely when I get to the point of saving the configuration. Specifically, I'm starting with my first of two TP Link/Archer C7v2 devices. My steps are:

1. go to Connection/Wireguard, enable Wireguard config as Server
2. fill out Server Config with Generate Keys, change Internal IP and subnet, SAVE (all OK)
3. Add Allowed Clients, fill in Client Config(.conf) page with Client Name, Generate Keys, update Client Internal IP (gets auto-updated) and Subnet Behind Client data. (all OK)
4. Save Changes on Client Config page (LOCKS UP!)

By Locks Up, I mean that the router goes to spinning during the save but never completes. I went to dinner and came back (>1 hour) and it was still spinning. While spinnng, the router apperared on, with lights flickering normally, DHCP clients attached, but no connectivity. Attached devices could not access internet or each other and could not access the router by web, by ssh or even ping.

Multiple reboots did not change the router, it rebooted and provided DHCP addresses, appeared okay visually, but no connections to LAN or WAN by any means. I even tried booting it with WAN connected under a different router and it did not request a WAN IP on the other router's DHCP.

The only recovery I could get was a full 30-30-30 reset, which returned me to base 1.13 settings. Fortunately I do have a restore point to load in.

I've tried the process multiple times, sometimes with minor variations, but the Save Changes on the Add Peer/Client Config(.conf) page always locks me up.

Any ideas?

---------------------
Target Setup
Basic goal is for two (or more) Locations to be on the same subnet so that they can share access to each others' resources, but each have DHCP control over a limited IP range. In this example, Location A has 255 addresses under 172.16.4 and Location B has 255 under 172.16.5, but once joined by Wireguard they are all in one shared subnet. Potentially expand to Locations C and D.

Location A
(172.16.4.0/22)

>> Gargoyle A (Server)
(172.16.4.1 LAN/x.x.x.x DDNS WAN)

>> Modem A
----- Internet -----
<< Modem B

<< Gargoyle B (Client)
172.16.5.1 LAN y.y.y.y DDNS WAN)

Location B
(172.16.5.1/22)

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Archer C7 (US) v2 locks up with Wireguard

Post by Lantis »

What are you changing the WireGuard IP address to?
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

JeffinTx
Posts: 27
Joined: Sat Jan 23, 2016 8:01 pm

Re: Archer C7 (US) v2 locks up with Wireguard

Post by JeffinTx »

I watched all the Wireguard videos, etc., but couldn't tell what I should use for the Wireguard server IP. I tried both within the Location A DHCP range (I think I tried 172.16.4.15) and also a separate range in the same subnet (172.16.7.1).
My ideas for the problem cause were a) that I might have bad configuration values in the server and/or client set ups, or b) a possible hardware issue, or c) who knows?
If it's a), great and maybe an easy fix. It might warrant some improved error check, if that's even possible. Nearly bricking the router with bad user values is pretty dangerous. There are probably plenty of users out there who are even better than me at being dumb :)
If it's b), then sadly I'll just have to either do without Wireguard or buy a new device.

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Archer C7 (US) v2 locks up with Wireguard

Post by Lantis »

Can you try the following:
- server to 10.64.0.1
- client 1 (location b) to 10.64.0.2
- route client 1 subnet 172.16.5.1 with the appropriate mask

The idea with how Gargoyle does WireGuard is not to end up with everyone on 1 subnet, but to allow routing to both subnets from each other.
The 10.64.0.1/24 addresses identify the locations of the server and clients, but don’t apply to the clients in a subnet behind those.
Routes will automatically be created from location A to both 10.64.0.2/32 and 172.16.5.1/24, and vice versa.

I take your point about “bricking”. I guess a few things here:
- 30/30/30 does nothing. Any perceived benefit is luck at best that you triggered a proper reset by doing so
- in the case of a bad configuration (flash is ok, but bad network config for example), booting to failsafe (properly) is almost always guaranteed to be able to recover the device, either by resetting it or manually fixing the offending config
- I can attempt to put more checking in, but this is v1 of the plug-in. So far I know of a few people here and a few on the polish forums that have made it work right, and I know a few who have struggled. Need to gather feedback (like this) and attempt to improve.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

JeffinTx
Posts: 27
Joined: Sat Jan 23, 2016 8:01 pm

Re: Archer C7 (US) v2 locks up with Wireguard

Post by JeffinTx »

Thanks again, this time for the quick replies. I take it that the first "Try this..." step is in the Server config on Gargoyle A and the second two steps are in the Add Allowed Clients area of Gargoyle A? I.e., all on the Location A device?

I'll try it out in the morning, EDT.

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Archer C7 (US) v2 locks up with Wireguard

Post by Lantis »

Correcto
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

JeffinTx
Posts: 27
Joined: Sat Jan 23, 2016 8:01 pm

Re: Archer C7 (US) v2 locks up with Wireguard

Post by JeffinTx »

Same behavior. Locked up.

JeffinTx
Posts: 27
Joined: Sat Jan 23, 2016 8:01 pm

Re: Archer C7 (US) v2 locks up with Wireguard

Post by JeffinTx »

Update: tried same on an Archer C7 v5. Worked fine. Now need to figure if the difference is because v2 vs. v5 or if the specific v2 has some problem.

JeffinTx
Posts: 27
Joined: Sat Jan 23, 2016 8:01 pm

Re: Archer C7 (US) v2 locks up with Wireguard

Post by JeffinTx »

Update: I still had 192.168.0.1 network in the Peer subnet settings before. 10.64.0.1 for the Wireguard address, but 192 for the subnet behind it. I modified the subnet behind to 172.16.5.1 and saved...LOCK UP. And now I'm having trouble recovering the C7 v5.
Recovery complete, but back to square one. Whew. Need to take a break from this.

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Archer C7 (US) v2 locks up with Wireguard

Post by ispyisail »

screenshots will help us a lot

I use Greenshot

Then host on Imugr


Image

Image

Post Reply