Development discussion of WireGuard
 help / color / mirror / Atom feed
* Transient Connection Issue
@ 2020-10-22  4:40 Ashish Madeti
  2020-11-10  8:18 ` Tomcsanyi, Domonkos
  0 siblings, 1 reply; 3+ messages in thread
From: Ashish Madeti @ 2020-10-22  4:40 UTC (permalink / raw)
  To: wireguard; +Cc: Pulkit Anand

Hi All

Background: I am using Wireguard VPN to secure intra-server
communications among my 5-6 ubuntu servers sitting in different data
centers.

Today, we had a downtime of around 15 minutes because the server
running nginx was not able to connect to the web-application server
using the wireguard interface [0]. I ascertained that it was not a
connection issue between nginx server and web-application server by
trying to connect to web-application server via its public IP, which
worked [1]. I even tried restarting wireguard service [2] on both
nginx and web-application server but to no avail.
So, before investigating further, I decided to first route all the
traffic to a failover server (which was also a part of the VPN). It
took me around 5-10 minutes to pull the latest configuration and
application changes onto the failover server and then route all
traffic to it. Once our site was up, I again tried connecting to the
original web-application server from nginx server, using curl, but
this time it worked fine.

Can anybody help me understand the problem or anything I should try if
it happens again?

Please let me know if you need any more information.

[0] Tried via curl. curl 10.0.0.10:8080. Received the error
'Connection timed out'
[1] curl w.x.y.z:8080 returned the html content as expected.
[2] sudo service wg-quick@wg0 restart

Regards
-- 
Ashish Madeti

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Transient Connection Issue
  2020-10-22  4:40 Transient Connection Issue Ashish Madeti
@ 2020-11-10  8:18 ` Tomcsanyi, Domonkos
  2020-11-10  9:23   ` Mo Balaa
  0 siblings, 1 reply; 3+ messages in thread
From: Tomcsanyi, Domonkos @ 2020-11-10  8:18 UTC (permalink / raw)
  To: Ashish Madeti; +Cc: wireguard, Pulkit Anand

Hi Ashish,

With the amount of information given it is very hard to comment anything meaningful.
Have you gone through standard network connectivity issue investigation steps?
E.g.: does ping work? Do you have correct routes setup? What does wg show tell during downtime? What does tcpdump shows on the wire?

Cheers,
Domi


> 10.11.2020 dátummal, 0:21 időpontban Ashish Madeti <ashish@provakil.com> írta:
> 
> Hi All
> 
> Background: I am using Wireguard VPN to secure intra-server
> communications among my 5-6 ubuntu servers sitting in different data
> centers.
> 
> Today, we had a downtime of around 15 minutes because the server
> running nginx was not able to connect to the web-application server
> using the wireguard interface [0]. I ascertained that it was not a
> connection issue between nginx server and web-application server by
> trying to connect to web-application server via its public IP, which
> worked [1]. I even tried restarting wireguard service [2] on both
> nginx and web-application server but to no avail.
> So, before investigating further, I decided to first route all the
> traffic to a failover server (which was also a part of the VPN). It
> took me around 5-10 minutes to pull the latest configuration and
> application changes onto the failover server and then route all
> traffic to it. Once our site was up, I again tried connecting to the
> original web-application server from nginx server, using curl, but
> this time it worked fine.
> 
> Can anybody help me understand the problem or anything I should try if
> it happens again?
> 
> Please let me know if you need any more information.
> 
> [0] Tried via curl. curl 10.0.0.10:8080. Received the error
> 'Connection timed out'
> [1] curl w.x.y.z:8080 returned the html content as expected.
> [2] sudo service wg-quick@wg0 restart
> 
> Regards
> -- 
> Ashish Madeti

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Transient Connection Issue
  2020-11-10  8:18 ` Tomcsanyi, Domonkos
@ 2020-11-10  9:23   ` Mo Balaa
  0 siblings, 0 replies; 3+ messages in thread
From: Mo Balaa @ 2020-11-10  9:23 UTC (permalink / raw)
  To: Tomcsanyi, Domonkos; +Cc: Ashish Madeti, wireguard, Pulkit Anand

Check your MTU across your paths. In my experience, transient connection issues are due to MTU oversize. 


> On Nov 10, 2020, at 2:20 AM, Tomcsanyi, Domonkos <domi@tomcsanyi.net> wrote:
> 
> Hi Ashish,
> 
> With the amount of information given it is very hard to comment anything meaningful.
> Have you gone through standard network connectivity issue investigation steps?
> E.g.: does ping work? Do you have correct routes setup? What does wg show tell during downtime? What does tcpdump shows on the wire?
> 
> Cheers,
> Domi
> 
> 
>> 10.11.2020 dátummal, 0:21 időpontban Ashish Madeti <ashish@provakil.com> írta:
>> 
>> Hi All
>> 
>> Background: I am using Wireguard VPN to secure intra-server
>> communications among my 5-6 ubuntu servers sitting in different data
>> centers.
>> 
>> Today, we had a downtime of around 15 minutes because the server
>> running nginx was not able to connect to the web-application server
>> using the wireguard interface [0]. I ascertained that it was not a
>> connection issue between nginx server and web-application server by
>> trying to connect to web-application server via its public IP, which
>> worked [1]. I even tried restarting wireguard service [2] on both
>> nginx and web-application server but to no avail.
>> So, before investigating further, I decided to first route all the
>> traffic to a failover server (which was also a part of the VPN). It
>> took me around 5-10 minutes to pull the latest configuration and
>> application changes onto the failover server and then route all
>> traffic to it. Once our site was up, I again tried connecting to the
>> original web-application server from nginx server, using curl, but
>> this time it worked fine.
>> 
>> Can anybody help me understand the problem or anything I should try if
>> it happens again?
>> 
>> Please let me know if you need any more information.
>> 
>> [0] Tried via curl. curl 10.0.0.10:8080. Received the error
>> 'Connection timed out'
>> [1] curl w.x.y.z:8080 returned the html content as expected.
>> [2] sudo service wg-quick@wg0 restart
>> 
>> Regards
>> -- 
>> Ashish Madeti

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2020-11-10  9:24 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-22  4:40 Transient Connection Issue Ashish Madeti
2020-11-10  8:18 ` Tomcsanyi, Domonkos
2020-11-10  9:23   ` Mo Balaa

Development discussion of WireGuard

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.vuxu.org/wireguard

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 wireguard wireguard/ http://inbox.vuxu.org/wireguard \
		wireguard@lists.zx2c4.com
	public-inbox-index wireguard

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.wireguard


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git