* Wireguard Handshake failures
@ 2023-01-11 11:57 Venkatakrishna S
2023-01-13 8:55 ` Bjarne Nilsson
0 siblings, 1 reply; 2+ messages in thread
From: Venkatakrishna S @ 2023-01-11 11:57 UTC (permalink / raw)
To: wireguard
I came across a weird problem when I connect and disconnect
continuously. The handshakes are failing and the wireguard(server) is
generating and destroying key pairs continuously for the client. I
have added the wireguard logs ,client and server configuration below.
Checked the iptable input rules for the client , those are correct.
But the wireguard traffic is blocked. Tried with persistent-keepalive
enabled and disabled. The same conf below works if I do not connect
and disconnect continuously within a short span of time. It starts
working after I stop the wireguard on my client and remove the peer on
the server. Need help as I'm unable to figure out the root cause.
Thanks in advance!
Server conf :
# interface_server start Created by wrapper @ 2022-12-28
17:02:22.645524175 +0000 UTC
[Interface]
Address = 10.0.0.48/26
ListenPort = 443
PrivateKey = <privateKey>
PostUp = sysctl -w net.ipv4.ip_forward=1; iptables -t nat -A
POSTROUTING -o eth0 -j MASQUERADE;
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE;
SaveConfig = false
# interface_server end
Client conf :
PrivateKey = <privatekey>
Address = 10.0.0.41/32
DNS = 8.8.8.8, 8.8.4.4
[Peer]
PublicKey = <public key>
AllowedIPs = <ip1>, <ip2> , <ip3> , 8.8.8.8/32, 8.8.4.4/32
Endpoint = endpointip:443
Server Wireguard logs :
[Wed Jan 11 11:42:21 2023] wireguard: wg0: Sending handshake response
to peer 247 (ip:port)
[Wed Jan 11 11:42:21 2023] wireguard: wg0: Keypair 12666 destroyed for peer 247
[Wed Jan 11 11:42:21 2023] wireguard: wg0: Keypair 12667 created for peer 247
[Wed Jan 11 11:42:26 2023] wireguard: wg0: Receiving handshake
initiation from peer 247 (ip:port)
[Wed Jan 11 11:42:26 2023] wireguard: wg0: Sending handshake response
to peer 247 (ip:port)
[Wed Jan 11 11:42:26 2023] wireguard: wg0: Keypair 12667 destroyed for peer 247
[Wed Jan 11 11:42:26 2023] wireguard: wg0: Keypair 12668 created for peer 247
[Wed Jan 11 11:42:31 2023] wireguard: wg0: Receiving handshake
initiation from peer 247 (ip:port)
[Wed Jan 11 11:42:31 2023] wireguard: wg0: Sending handshake response
to peer 247 (ip:port)
[Wed Jan 11 11:42:31 2023] wireguard: wg0: Keypair 12668 destroyed for peer 247
[Wed Jan 11 11:42:31 2023] wireguard: wg0: Keypair 12669 created for peer 247
[Wed Jan 11 11:42:36 2023] wireguard: wg0: Receiving handshake
initiation from peer 247 (ip:port)
[Wed Jan 11 11:42:36 2023] wireguard: wg0: Sending handshake response
to peer 247 (ip:port)
[Wed Jan 11 11:42:36 2023] wireguard: wg0: Keypair 12669 destroyed for peer 247
[Wed Jan 11 11:42:36 2023] wireguard: wg0: Keypair 12670 created for peer 247
[Wed Jan 11 11:42:41 2023] wireguard: wg0: Receiving handshake
initiation from peer 247 (ip:port)
[Wed Jan 11 11:42:41 2023] wireguard: wg0: Sending handshake response
to peer 247 (ip:port)
[Wed Jan 11 11:42:41 2023] wireguard: wg0: Keypair 12670 destroyed for peer 247
[Wed Jan 11 11:42:41 2023] wireguard: wg0: Keypair 12671 created for peer 247
[Wed Jan 11 11:42:46 2023] wireguard: wg0: Receiving handshake
initiation from peer 247 (ip:port)
[Wed Jan 11 11:42:46 2023] wireguard: wg0: Sending handshake response
to peer 247 (ip:port)
[Wed Jan 11 11:42:46 2023] wireguard: wg0: Keypair 12671 destroyed for peer 247
[Wed Jan 11 11:42:46 2023] wireguard: wg0: Keypair 12672 created for peer 247
[Wed Jan 11 11:42:51 2023] wireguard: wg0: Receiving handshake
initiation from peer 247 (ip:port)
[Wed Jan 11 11:42:51 2023] wireguard: wg0: Sending handshake response
to peer 247 (ip:port)
[Wed Jan 11 11:42:51 2023] wireguard: wg0: Keypair 12672 destroyed for peer 247
[Wed Jan 11 11:42:51 2023] wireguard: wg0: Keypair 12673 created for peer 247
Client Logs :
2023-01-11 17:10:28.493: [TUN] [ZTNATunnelService] Sending handshake
initiation to peer 7 (endpoint:port)
2023-01-11 17:10:33.601: [TUN] [ZTNATunnelService] Handshake for peer
7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
2023-01-11 17:10:33.601: [TUN] [ZTNATunnelService] Sending handshake
initiation to peer 7 (endpoint:port)
2023-01-11 17:10:38.616: [TUN] [ZTNATunnelService] Handshake for peer
7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
2023-01-11 17:10:38.616: [TUN] [ZTNATunnelService] Sending handshake
initiation to peer 7 (endpoint:port)
2023-01-11 17:10:43.637: [TUN] [ZTNATunnelService] Handshake for peer
7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
2023-01-11 17:10:43.637: [TUN] [ZTNATunnelService] Sending handshake
initiation to peer 7 (endpoint:port)
2023-01-11 17:10:48.699: [TUN] [ZTNATunnelService] Handshake for peer
7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
2023-01-11 17:10:48.699: [TUN] [ZTNATunnelService] Sending handshake
initiation to peer 7 (endpoint:port)
2023-01-11 17:10:53.781: [TUN] [ZTNATunnelService] Handshake for peer
7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
2023-01-11 17:10:53.781: [TUN] [ZTNATunnelService] Sending handshake
initiation to peer 7 (endpoint:port)
2023-01-11 17:10:58.835: [TUN] [ZTNATunnelService] Handshake for peer
7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
2023-01-11 17:10:58.835: [TUN] [ZTNATunnelService] Sending handshake
initiation to peer 7 (endpoint:port)
2023-01-11 17:11:03.922: [TUN] [ZTNATunnelService] Handshake for peer
7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
2023-01-11 17:11:03.922: [TUN] [ZTNATunnelService] Sending handshake
initiation to peer 7 (endpoint:port)
2023-01-11 17:11:08.968: [TUN] [ZTNATunnelService] Handshake for peer
7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
2023-01-11 17:11:08.968: [TUN] [ZTNATunnelService] Sending handshake
initiation to peer 7 (endpoint:port)
2023-01-11 17:11:14.079: [TUN] [ZTNATunnelService] Handshake for peer
7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
2023-01-11 17:11:14.079: [TUN] [ZTNATunnelService] Sending handshake
initiation to peer 7 (endpoint:port)
2023-01-11 17:11:19.183: [TUN] [ZTNATunnelService] Handshake for peer
7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
2023-01-11 17:11:19.183: [TUN] [ZTNATunnelService] Sending handshake
initiation to peer 7 (endpoint:port)
2023-01-11 17:11:24.196: [TUN] [ZTNATunnelService] Handshake for peer
7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
2023-01-11 17:11:24.196: [TUN] [ZTNATunnelService] Sending handshake
initiation to peer 7 (endpoint:port)
2023-01-11 17:11:29.345: [TUN] [ZTNATunnelService] Handshake for peer
7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
2023-01-11 17:11:29.345: [TUN] [ZTNATunnelService] Sending handshake
initiation to peer 7 (endpoint:port)
2023-01-11 17:11:34.360: [TUN] [ZTNATunnelService] Sending handshake
initiation to peer 7 (endpoint:port)
2023-01-11 17:11:39.376: [TUN] [ZTNATunnelService] Handshake for peer
7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
2023-01-11 17:11:39.376: [TUN] [ZTNATunnelService] Sending handshake
initiation to peer 7 (endpoint:port)
2023-01-11 17:11:44.537: [TUN] [ZTNATunnelService] Handshake for peer
7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
2023-01-11 17:11:44.537: [TUN] [ZTNATunnelService] Sending handshake
initiation to peer 7 (endpoint:port)
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Wireguard Handshake failures
2023-01-11 11:57 Wireguard Handshake failures Venkatakrishna S
@ 2023-01-13 8:55 ` Bjarne Nilsson
0 siblings, 0 replies; 2+ messages in thread
From: Bjarne Nilsson @ 2023-01-13 8:55 UTC (permalink / raw)
To: Venkatakrishna S; +Cc: wireguard
Hello
The server needs a peer section for the client, listing the clients public key and the addresses the cliets is alowed to use ( on its interface). Hope this helps
> On 12 Jan 2023, at 01:40, Venkatakrishna S <venkata@instasafe.com> wrote:
>
> I came across a weird problem when I connect and disconnect
> continuously. The handshakes are failing and the wireguard(server) is
> generating and destroying key pairs continuously for the client. I
> have added the wireguard logs ,client and server configuration below.
> Checked the iptable input rules for the client , those are correct.
> But the wireguard traffic is blocked. Tried with persistent-keepalive
> enabled and disabled. The same conf below works if I do not connect
> and disconnect continuously within a short span of time. It starts
> working after I stop the wireguard on my client and remove the peer on
> the server. Need help as I'm unable to figure out the root cause.
> Thanks in advance!
>
> Server conf :
> # interface_server start Created by wrapper @ 2022-12-28
> 17:02:22.645524175 +0000 UTC
> [Interface]
> Address = 10.0.0.48/26
> ListenPort = 443
> PrivateKey = <privateKey>
> PostUp = sysctl -w net.ipv4.ip_forward=1; iptables -t nat -A
> POSTROUTING -o eth0 -j MASQUERADE;
> PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE;
> SaveConfig = false
> # interface_server end
>
>
> Client conf :
>
> PrivateKey = <privatekey>
> Address = 10.0.0.41/32
> DNS = 8.8.8.8, 8.8.4.4
> [Peer]
> PublicKey = <public key>
> AllowedIPs = <ip1>, <ip2> , <ip3> , 8.8.8.8/32, 8.8.4.4/32
> Endpoint = endpointip:443
>
>
> Server Wireguard logs :
>
> [Wed Jan 11 11:42:21 2023] wireguard: wg0: Sending handshake response
> to peer 247 (ip:port)
> [Wed Jan 11 11:42:21 2023] wireguard: wg0: Keypair 12666 destroyed for peer 247
> [Wed Jan 11 11:42:21 2023] wireguard: wg0: Keypair 12667 created for peer 247
> [Wed Jan 11 11:42:26 2023] wireguard: wg0: Receiving handshake
> initiation from peer 247 (ip:port)
> [Wed Jan 11 11:42:26 2023] wireguard: wg0: Sending handshake response
> to peer 247 (ip:port)
> [Wed Jan 11 11:42:26 2023] wireguard: wg0: Keypair 12667 destroyed for peer 247
> [Wed Jan 11 11:42:26 2023] wireguard: wg0: Keypair 12668 created for peer 247
> [Wed Jan 11 11:42:31 2023] wireguard: wg0: Receiving handshake
> initiation from peer 247 (ip:port)
> [Wed Jan 11 11:42:31 2023] wireguard: wg0: Sending handshake response
> to peer 247 (ip:port)
> [Wed Jan 11 11:42:31 2023] wireguard: wg0: Keypair 12668 destroyed for peer 247
> [Wed Jan 11 11:42:31 2023] wireguard: wg0: Keypair 12669 created for peer 247
> [Wed Jan 11 11:42:36 2023] wireguard: wg0: Receiving handshake
> initiation from peer 247 (ip:port)
> [Wed Jan 11 11:42:36 2023] wireguard: wg0: Sending handshake response
> to peer 247 (ip:port)
> [Wed Jan 11 11:42:36 2023] wireguard: wg0: Keypair 12669 destroyed for peer 247
> [Wed Jan 11 11:42:36 2023] wireguard: wg0: Keypair 12670 created for peer 247
> [Wed Jan 11 11:42:41 2023] wireguard: wg0: Receiving handshake
> initiation from peer 247 (ip:port)
> [Wed Jan 11 11:42:41 2023] wireguard: wg0: Sending handshake response
> to peer 247 (ip:port)
> [Wed Jan 11 11:42:41 2023] wireguard: wg0: Keypair 12670 destroyed for peer 247
> [Wed Jan 11 11:42:41 2023] wireguard: wg0: Keypair 12671 created for peer 247
> [Wed Jan 11 11:42:46 2023] wireguard: wg0: Receiving handshake
> initiation from peer 247 (ip:port)
> [Wed Jan 11 11:42:46 2023] wireguard: wg0: Sending handshake response
> to peer 247 (ip:port)
> [Wed Jan 11 11:42:46 2023] wireguard: wg0: Keypair 12671 destroyed for peer 247
> [Wed Jan 11 11:42:46 2023] wireguard: wg0: Keypair 12672 created for peer 247
> [Wed Jan 11 11:42:51 2023] wireguard: wg0: Receiving handshake
> initiation from peer 247 (ip:port)
> [Wed Jan 11 11:42:51 2023] wireguard: wg0: Sending handshake response
> to peer 247 (ip:port)
> [Wed Jan 11 11:42:51 2023] wireguard: wg0: Keypair 12672 destroyed for peer 247
> [Wed Jan 11 11:42:51 2023] wireguard: wg0: Keypair 12673 created for peer 247
>
>
> Client Logs :
>
> 2023-01-11 17:10:28.493: [TUN] [ZTNATunnelService] Sending handshake
> initiation to peer 7 (endpoint:port)
> 2023-01-11 17:10:33.601: [TUN] [ZTNATunnelService] Handshake for peer
> 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
> 2023-01-11 17:10:33.601: [TUN] [ZTNATunnelService] Sending handshake
> initiation to peer 7 (endpoint:port)
> 2023-01-11 17:10:38.616: [TUN] [ZTNATunnelService] Handshake for peer
> 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
> 2023-01-11 17:10:38.616: [TUN] [ZTNATunnelService] Sending handshake
> initiation to peer 7 (endpoint:port)
> 2023-01-11 17:10:43.637: [TUN] [ZTNATunnelService] Handshake for peer
> 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
> 2023-01-11 17:10:43.637: [TUN] [ZTNATunnelService] Sending handshake
> initiation to peer 7 (endpoint:port)
> 2023-01-11 17:10:48.699: [TUN] [ZTNATunnelService] Handshake for peer
> 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
> 2023-01-11 17:10:48.699: [TUN] [ZTNATunnelService] Sending handshake
> initiation to peer 7 (endpoint:port)
> 2023-01-11 17:10:53.781: [TUN] [ZTNATunnelService] Handshake for peer
> 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
> 2023-01-11 17:10:53.781: [TUN] [ZTNATunnelService] Sending handshake
> initiation to peer 7 (endpoint:port)
> 2023-01-11 17:10:58.835: [TUN] [ZTNATunnelService] Handshake for peer
> 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
> 2023-01-11 17:10:58.835: [TUN] [ZTNATunnelService] Sending handshake
> initiation to peer 7 (endpoint:port)
> 2023-01-11 17:11:03.922: [TUN] [ZTNATunnelService] Handshake for peer
> 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
> 2023-01-11 17:11:03.922: [TUN] [ZTNATunnelService] Sending handshake
> initiation to peer 7 (endpoint:port)
> 2023-01-11 17:11:08.968: [TUN] [ZTNATunnelService] Handshake for peer
> 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
> 2023-01-11 17:11:08.968: [TUN] [ZTNATunnelService] Sending handshake
> initiation to peer 7 (endpoint:port)
> 2023-01-11 17:11:14.079: [TUN] [ZTNATunnelService] Handshake for peer
> 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
> 2023-01-11 17:11:14.079: [TUN] [ZTNATunnelService] Sending handshake
> initiation to peer 7 (endpoint:port)
> 2023-01-11 17:11:19.183: [TUN] [ZTNATunnelService] Handshake for peer
> 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
> 2023-01-11 17:11:19.183: [TUN] [ZTNATunnelService] Sending handshake
> initiation to peer 7 (endpoint:port)
> 2023-01-11 17:11:24.196: [TUN] [ZTNATunnelService] Handshake for peer
> 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
> 2023-01-11 17:11:24.196: [TUN] [ZTNATunnelService] Sending handshake
> initiation to peer 7 (endpoint:port)
> 2023-01-11 17:11:29.345: [TUN] [ZTNATunnelService] Handshake for peer
> 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
> 2023-01-11 17:11:29.345: [TUN] [ZTNATunnelService] Sending handshake
> initiation to peer 7 (endpoint:port)
> 2023-01-11 17:11:34.360: [TUN] [ZTNATunnelService] Sending handshake
> initiation to peer 7 (endpoint:port)
> 2023-01-11 17:11:39.376: [TUN] [ZTNATunnelService] Handshake for peer
> 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
> 2023-01-11 17:11:39.376: [TUN] [ZTNATunnelService] Sending handshake
> initiation to peer 7 (endpoint:port)
> 2023-01-11 17:11:44.537: [TUN] [ZTNATunnelService] Handshake for peer
> 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2)
> 2023-01-11 17:11:44.537: [TUN] [ZTNATunnelService] Sending handshake
> initiation to peer 7 (endpoint:port)
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-01-17 19:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-11 11:57 Wireguard Handshake failures Venkatakrishna S
2023-01-13 8:55 ` Bjarne Nilsson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).