wireguard-windows: Wireguard does not start a previously activated tunnel from time to time

wireguard-windows: Wireguard does not start a previously activated tunnel from time to time

[Jan Petrischkeit]

Dear Wireguard Community,

I have the problem that Wireguard on some systems and there only from 
time to time forgets to activate the tunnel at system startup.
Mainly this happens after an update of the wireguard client or changes 
to the client config. If an admin then reactivates the tunnel, it will 
(mostly) run on the following system starts.
My users have no way to disable the tunnel. At least in the past, but 
the problem has come up so often now that I've started making the 
LimitedOperatorGUI available to them to be able to activate the tunnel.

One user (Denis Brodbeck @ 2021-07-06 6:18 UTC) had already sent a mail 
to this list about this problem (Title: "wireguard-windows: client 
forgets after restart that there was an activated tunnel before and 
won't activate said tunnel anymore"), my environment and experiences 
pretty much match his descriptions.
However, I am fairly unexperienced with mailing lists, so I don't know 
how to directly reply to that entry.

However, I have two systems so far where the tunnel never starts 
automatically on boot. On these systems I noticed that Windows notes a 
corresponding entry in the event viewer (translated from german to english):

Event 7023, ServiceControlManager: The service 
"WireGuardTunnel$HOST-WG2" was terminated with the following error: The 
requested name is valid, but no data of the requested type was found.

If I set the tunnel's service to Delayed Start, it works, but usually 
only some time after the user logs in. It also works if I start the 
service manually before Delayed Start becomes active.
If I don't set the startup type of the tunnel to "Delayed start", the 
service entry for the tunnel disappears from the services list after the 
next restart (and the error message in the event viewer).


Hope someone has some pointers on how to resolve this.

Cheers,
Jan Petrischkeit

RE: wireguard-windows: Wireguard does not start a previously activated tunnel from time to time

[Simon Rozman]

Hi,

> Event 7023, ServiceControlManager: The service "WireGuardTunnel$HOST-
> WG2" was terminated with the following error: The requested name is valid,
> but no data of the requested type was found.

The error message you are mentioning is WSANO_DATA 11004 which is related to DNS resolution problems. Which is kind of expected early in the boot process when the Dnscache service is starting and/or Dhcp service might not yet configured the DNS.

I presume changing the Endpoint= lines of peers to contain IPs rather than hostnames could solve your problem.

See if it helps.

If you can confirm it, maybe we can add some retry on WSANO_DATA in the wireguard-windows. (Personally, I would avoid adding hard dependency on Dnscache and Dhcp services. As there are situations where they can be disabled, preventing the WireGuard tunnel service startup then.) 

Regards,
Simon

Re: wireguard-windows: Wireguard does not start a previously activated tunnel from time to time

[Jan Petrischkeit]

[-- Attachment #1: Type: text/plain, Size: 1687 bytes --]

Hi,

thank you for this information, I will take a look at that. Now I know 
where to look.

However, I am using the "endpoint-by-dns" for a specific reason:
In my area there is an internet provider which uses carrier grade nat in 
a strange way, so that no rdp session can be created over a wireguard 
tunnel if the ipv4 address of the server is used as endpoint. I created 
a dns entry for the wireguard server, so that in these cases the ipv6 
address is used and the tunnel is established without the weird nat of 
the internet provider in between.
Since not all people here have activated ipv6 in their home routers or 
have always an ipv6 connection while traveling, I cannot simply use the 
ipv6 adress in the config.

Regards,
Jan


Am 28.09.22 um 19:23 schrieb Simon Rozman:
> Hi,
> 
>> Event 7023, ServiceControlManager: The service "WireGuardTunnel$HOST-
>> WG2" was terminated with the following error: The requested name is valid,
>> but no data of the requested type was found.
> 
> The error message you are mentioning is WSANO_DATA 11004 which is related to DNS resolution problems. Which is kind of expected early in the boot process when the Dnscache service is starting and/or Dhcp service might not yet configured the DNS.
> 
> I presume changing the Endpoint= lines of peers to contain IPs rather than hostnames could solve your problem.
> 
> See if it helps.
> 
> If you can confirm it, maybe we can add some retry on WSANO_DATA in the wireguard-windows. (Personally, I would avoid adding hard dependency on Dnscache and Dhcp services. As there are situations where they can be disabled, preventing the WireGuard tunnel service startup then.)
> 
> Regards,
> Simon

[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 5386 bytes --]