Development discussion of WireGuard
 help / color / mirror / Atom feed
From: Mo Balaa <buddybalaa@gmail.com>
To: "Tomcsanyi, Domonkos" <domi@tomcsanyi.net>
Cc: Ashish Madeti <ashish@provakil.com>,
	wireguard@lists.zx2c4.com, Pulkit Anand <pulkit@provakil.com>
Subject: Re: Transient Connection Issue
Date: Tue, 10 Nov 2020 03:23:57 -0600	[thread overview]
Message-ID: <0A5C340C-6B05-4C75-9F0F-B72A56D55FBB@gmail.com> (raw)
In-Reply-To: <589074B2-A2F2-4B87-AA27-0B60704A5798@tomcsanyi.net>

Check your MTU across your paths. In my experience, transient connection issues are due to MTU oversize. 


> On Nov 10, 2020, at 2:20 AM, Tomcsanyi, Domonkos <domi@tomcsanyi.net> wrote:
> 
> Hi Ashish,
> 
> With the amount of information given it is very hard to comment anything meaningful.
> Have you gone through standard network connectivity issue investigation steps?
> E.g.: does ping work? Do you have correct routes setup? What does wg show tell during downtime? What does tcpdump shows on the wire?
> 
> Cheers,
> Domi
> 
> 
>> 10.11.2020 dátummal, 0:21 időpontban Ashish Madeti <ashish@provakil.com> írta:
>> 
>> Hi All
>> 
>> Background: I am using Wireguard VPN to secure intra-server
>> communications among my 5-6 ubuntu servers sitting in different data
>> centers.
>> 
>> Today, we had a downtime of around 15 minutes because the server
>> running nginx was not able to connect to the web-application server
>> using the wireguard interface [0]. I ascertained that it was not a
>> connection issue between nginx server and web-application server by
>> trying to connect to web-application server via its public IP, which
>> worked [1]. I even tried restarting wireguard service [2] on both
>> nginx and web-application server but to no avail.
>> So, before investigating further, I decided to first route all the
>> traffic to a failover server (which was also a part of the VPN). It
>> took me around 5-10 minutes to pull the latest configuration and
>> application changes onto the failover server and then route all
>> traffic to it. Once our site was up, I again tried connecting to the
>> original web-application server from nginx server, using curl, but
>> this time it worked fine.
>> 
>> Can anybody help me understand the problem or anything I should try if
>> it happens again?
>> 
>> Please let me know if you need any more information.
>> 
>> [0] Tried via curl. curl 10.0.0.10:8080. Received the error
>> 'Connection timed out'
>> [1] curl w.x.y.z:8080 returned the html content as expected.
>> [2] sudo service wg-quick@wg0 restart
>> 
>> Regards
>> -- 
>> Ashish Madeti

      reply	other threads:[~2020-11-10  9:24 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-22  4:40 Ashish Madeti
2020-11-10  8:18 ` Tomcsanyi, Domonkos
2020-11-10  9:23   ` Mo Balaa [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0A5C340C-6B05-4C75-9F0F-B72A56D55FBB@gmail.com \
    --to=buddybalaa@gmail.com \
    --cc=ashish@provakil.com \
    --cc=domi@tomcsanyi.net \
    --cc=pulkit@provakil.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).