wgcf icon indicating copy to clipboard operation
wgcf copied to clipboard
verified publisher icon ViRb3

Often initial connection issues at random

Open dvcrn opened this issue 5 months ago • 2 comments

Hi! I wasn't sure where to ask this so figured to create an issue on this repo in case other people encountering something similar

I often have initial connectivity issues when activating the Wireguard profile. It just gets stuck on the initial handshake and nothing happens. I toggle on and off a couple times and sometimes it just works again on the 2nd try, sometimes on the 8th try. But my point is, it's not reliable. Once connected all is fine and well and works perfectly

I did a bit of digging around and have a feeling it has something to do with the engage.cloudflareclient.com endpoint, but even pinning this to a specific IPv4 did not properly resolve the issue.

An AI debugging session mentioned it could be due to initial DNS resolution failing because the tunnel establishes before DNS can be resolved, though I wasn't able to verify this.

This happens on all my devices: iPhone, mac with official Wireguard client, gl-inet router, UniFi router

Example file I generated:

[Interface]
PrivateKey = <strip>
Address = 172.16.0.2/32, 2606:4700:110:8c5e:95f5:a285:7afa:f8fa/128
DNS = 1.1.1.1, 1.0.0.1, 2606:4700:4700::1111, 2606:4700:4700::1001
MTU = 1280

[Peer]
PublicKey = <strip>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = engage.cloudflareclient.com:2408

Any ideas?

dvcrn avatar Nov 09 '25 11:11 dvcrn

The proper way to debug this would be WireShark and looking into the packets. Does this happen with the official Cloudflare app? Does it happen with other WireGuard VPNs? It's most likely a networking issue on your end - be it your LAN, ISP, peering to Cloudflare, etc. Ultimately wgcf can't help your connection sadly, as it only extracts a WireGuard profile and nothing more.

ViRb3 avatar Nov 09 '25 14:11 ViRb3

I haven't debugged with Wireguard yet, but:

  • It doesn't happen with the official apps (Cloudflare One / Cloudflare 1.1.1.1), those always work.
  • It happens on multiple ISPs independent of location while traveling. So far it repeatedly happened in Vietnam and Cambodia at multiple locations and hotel Wi-Fis. Also in my home network in Japan, though less often.
  • It happens independent of device: iPhone, iPad, UniFi router, gl-inet router.

So it definitely looks to me like something with the initial connection. And once the connection attempt goes through, it stays stable.

I'll do some digging with Wireguard and report back if I make progress.

dvcrn avatar Nov 09 '25 14:11 dvcrn