Re: something affects wg iface - how to troubleshoot ?

[Ashish <ashish.is@lostca.se>]

[-- Attachment #1: Type: text/plain, Size: 1735 bytes --]

On Thu, May 26, 2022 at 11:36:37AM +0100, lejeczek wrote:
> Hi guys.
> 
> I have quite a peculiar case which possibly might interest anybody - as
> oppose to just resolving an issue.
> I use a very popular monitoring tool 'monit' to monit my wg0 iface and that
> works okey, meaning 'monit' does not see any issue with wg0, but _only_ if
> 'qbittorrent' is _not_ running!
> When 'qbittorrent' is running 'monit' is reporting:
> 
> 'wg0' 5 upload errors detected
> 'wg0' trying to restart
> 'wg0' stop: '/usr/bin/systemctl stop wg-quick@wg0.service'
> 'wg0' start: '/usr/bin/systemctl start wg-quick@wg0.service'
> 'wg0' download errors check succeeded
> 
> in my case monit's action is to restart wg0 iface.
> 'qbittorrent' is not, should not be, particularly interested in wg0 iface.
> 
> What do you think is happening there? I'm on Centos 9. Is some kind of
> leakage or something more sinister happening there?
> Lastly, how to investigate this, how to tell what is happening to wg iface?

If I've to make a rough guess without looking at your exact monit configuration, I would say qbittorrent is choking the network interface, causing the wireguard packets to be delayed:

You can verify this by:

 - stopping all the upload/download activity in qbittorrent

 - if previous step works as expected for you, then you can implement some speed throttling in qbittorrent

You can also verifying by tcpdump-ing the underlying interface (e.g. eth0, and not wg0) for the wireguard traffic and see if it's going out, and coming back in as expected.

HTH
-- 
Ashish | GPG: F682 CDCC 39DC 0FEA E116  20B6 C746 CFA9 E74F A4B0

"If I destroy you, what business is it of yours ?" (Dark Forest, Liu Cixin)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 963 bytes --]