Greetings!
I've had this user profile connected to a VPN for a year without disconnects.
However the last few days I've found that phone has been disconnected from the VPN when i first check it in the morning.
It seems as android is killing the wireguard application and thus the VPN connection is terminated.

My theory is that android is doing this to free up RAM, but I'm not sure.
My owner profile also have VPN set up in the same way but it doesn't disconnect at night.

Any ideas of how I can resolve this issue?

I've tried disabling some apps that where installed during these last few days, this didn't not resolve the issue.

Wireguard app
Unrestricted battery usage enabled
version 1.0.20231018
com.wireguard.android
versionCode 510

System settings for wireguard app
Always-on-VPN
Block connections without VPN

Graphene Build:
GrapheneOS Build when problem first appeared:2024112700
GrapheneOS build(current):2024120200

I have a similar problem with the Mullvad app (which also uses Wireguard). Every morning I find it disconnected, both on the main and work profile. It doesn't happen during the day, but just during the night.

Settings:

  • unlimited battery permission given to the app
  • [X] Always-on-VPN
  • [ ] Block connections without VPN (as this would break split tunneling)

    As the issue has reoccur every night since i made this thread I've been able to collect logs.
    The logs definitely seems to indicate a problem with releasing memory.

    1. An attempt to release memory but 0 Byte where release
    2. Forced garbage collection, reason memory

    Beside the logs I've found out that there might be a memory leak in wireguard-go (It's relied upon when Wireguard Isn't included in the kernel).
    https://github.com/WireGuard/wireguard-go/pull/69

    If anyone knows of a good software to monitor ram usage I'd be happy to know about since I believe enabling Dev options (to check ram usage) is I'll advised.

    type: logcat
osVersion: google/bluejay/bluejay:15/AP3A.241105.007/2024120400:user/release-keys
userType: full.secondary
package: com.wireguard.android:510, targetSdk 34
buffers: main,system,crash,events,kernel
level: verbose

--------- beginning of events
12-07 01:18:09.671  6746  6746 I sqlite_mem_released: Memory released=0B
12-07 01:18:09.672  6746  6746 I force_gc: reason=mem
--------- beginning of system
12-07 02:42:57.945  6746  6746 D ActivityThread: Package [org.mozilla.firefox] reported as REPLACED, but missing application info. Assuming REMOVED.
12-07 02:42:57.953  6746  6746 D ActivityThread: Package [org.mozilla.firefox] reported as REPLACED, but missing application info. Assuming REMOVED.

    Viewpoint0232 Every morning I find it disconnected, both on the main and work profile. It doesn't happen during the day, but just during the night.

    Yeah, you definitely seem to have the same symptoms.
    Perhaps you could look at your logcat and see if you have the same entries in your log(after disconnect and before opening the mullvad app again).
    sqlite_mem_released
    force_gc

    many thanks

      Think another cause for crash might be memory tagging extensions which I believe are enabled by default on GrapheneOS.

      WireGuard uses golang for its userspace implementation (like in the official WireGuard Android app), and the golang runtime doesn't yet fully support memory tagging.

      See if turning OFF memory tagging for WireGuard works (don't recommend leaving it turned off though)?

        if this only happens with the WireGuard app, you might want to try WGTunnel (which offers more customization anyway) to see if that makes a difference.

          ignoramous
          Assume your talking about exploit protection, a memory tagging toggle does not exist.
          exploit protection compatibility mode Disabled

          This is what i have, Exploit protection vise

          Hardened memory allocator Enabled
          Native code debugging Blocked
          webview JIT Disabled
          Dynamic code loading via memory Restricted
          Dynamic code loading via Storage Restricted

          I Haven't experienced any warnings about DCL as one would expect to receive if an app tries such a thing.

          In my primary profile i also have WG setup(without issue), the only difference here is that i have Dynamic code loading via Storage set to allowed

          As my next step I'm gonna try to set Dynamic code loading via Storage to DIsabled in my Primary profile as well and see if it also disconnects at night time.

              DeletedUser87
              Ok, thanks, i will consider it if I'm unable to get the official client working properly as I have not tried any alternative wireguard app.

              Do you have any experience with using WGTunnel yourself?

                  DeletedUser87
                  I checked out WGTunnel github page and on the surface it looks like a very reasonable VPN app, although not as lean as the official client it does not appear unnecessarily bloated either.

                      yellow-leaves
                      So it's now been two night since I've Set Dynamic code loading via Storage Restricted for Wireguard on owner/Primary as well.

                      On the first night wireguard remained connect, but during the second night wireguard was terminated!
                      Unfortunately the logcat for wireguard in the owner profile was empty so i was unable make a definitive correlation.
                      I have however no recollection of this ever happening before so this is unlikely to be a coincidence.

                      Meanwhile wireguard running in the secondary profile has also been disconnecting every night as usual/expected.

                      If wireguard in the owner profile continues to terminate every night just like it does in the secondary profile i will assume that DCL via storage is required and enable it for both profiles and hope that the issue goes away.

                        Hi - I think I might have a similar issue.

                        I've used the Proton VPN app for a few years on GrapheneOS without issue. Rarely, almost never dropped.. but in the past week I've been waking up to the VPN disconnected. Always in the morning, every morning, and never once during the day.

                        I'm using a Pixel 7 Pro and WireGuard protocol in my VPN settings. Did anyone figure this out?

                          Viewpoint0232
                          Do you mean DCL via storage?
                          It turns out Wireguard terminating in the owners profile was a one time thing, so I've just left it disabled in both profiles.

                            RootCron Interesting, this is about the same time I started having issues, Are you running proton in Owner or secondary profile?
                            Are you establishing a wireguard or openvpn connection (not sure if proton is wireguard only or if they do openvpn as well)

                                My most recent attempt to resolve this issue where to attempt to switch to my VPN providers own VPN client but the UI was absolutely horrible and it forced me to a have an active none VPN:ed connecting in order to let me register it as a system VPN provider (I tried to disable the old VPN provider and register the new one while in airplane but it was impossible.)

                                I believe my next step is to try out wgtunnel although I had previously decided against as using it introduces additional link in my chain of trust but now It's my best option(protocol developer, VPN provider, android client developer etc).

                                p.s. tried using app manager to detect if wireguard or any other app was using an abnormal amount of ram but alas i was unsuccessful as root or adb is required to gain access to such info.
                                https://github.com/MuntashirAkon/AppManager?tab=readme-ov-file

                                yellow-leaves

                                I'm running the official ProtonVPN app in owner mode, and have no other profiles.

                                ProtonVPN was set to smart protocol and had chose Wireguard - so I've set it to fixed openvpn and will see if that makes a difference tomorrow morning.

                                  So, first overnight experiment after changing ProtonVPN app to openvpn, rather than Wireguard. I never woke up to a disconnected VPN, like I have in the last week.

                                  I wonder what it is about "overnight" that causes the Wireguard connection to fail. Maybe it's not "overnight" as such, but if the screen isn't unlocked for X hours, or something like that. With GrapheneOS, I'd imagine people using always-on VPNs is common, but I'm not hearing any widespread issues about this. I'm thinking maybe it's a bespoke config or app we have installed that's causing the issue.

                                  Other than a standard Pixel 7 Pro, my setup is pretty standard. I've no additional profiles or weird configs. One thing is my phone always charges overnight, and very rarely during the day. Could it be the charging that's causing this? Just thinking out loud!