From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: sirus.lopus@yahoo.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id e90667d1 for ; Thu, 22 Feb 2018 12:30:56 +0000 (UTC) Received: from sonic314-19.consmr.mail.gq1.yahoo.com (sonic314-19.consmr.mail.gq1.yahoo.com [98.137.69.82]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 7bba746c for ; Thu, 22 Feb 2018 12:30:56 +0000 (UTC) Date: Thu, 22 Feb 2018 12:38:28 +0000 (UTC) From: Hannes Wagner To: "wireguard@lists.zx2c4.com" Message-ID: <630889583.2626955.1519303108947@mail.yahoo.com> Subject: ExtIP change no new handshake MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_2626954_671528259.1519303108945" References: <630889583.2626955.1519303108947.ref@mail.yahoo.com> List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , ------=_Part_2626954_671528259.1519303108945 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable I stumbled upon the following observation. I have a router with an dynamic = external IP with changes every 24h. It can be reached via it's dyndns test.= test.zzz. Client1 and 2 have the same config to reach the endpoint:[Peer] PublicKey =3D 5JZzs90SBYzXc8pfDW...... Endpoint =3D test.test.zzz:443 PersistentKeepAlive=3D3600 Client2 Ext IP 145.x.y.z wg0 10.2.1.3 =C2=A0=C2=A0=C2=A0=C2=A0| =C2=A0=C2=A0=C2=A0=C2=A0| Router IP 10.1.1.1=C2=A0 Dynamic Ext IP 83.x1.y1.z1 (after 24h/change to 84= .x2.y2.z2) dyndns: test.test.zzz =C2=A0=C2=A0 | =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 | =C2=A0=C2=A0 | =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 |=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0Client1 10.1.1.3 wg0 1= 0.2.1.2 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Server 10.1.1.2 wg0 10.2= .1.1 After the external IP address changes I cannot reach client1 from server or= client2 on it's wireguard wg0 device. wg show on client1=20 peer: 5JZzs90SBYzXc8pfDW...... endpoint: 83.x.y.z:443 allowed ips: 10.2.0.0/16 latest handshake: 8 hours, 14 minutes, 42 seconds ago transfer: 9.98 KiB received, 49.73 KiB sent persistent keepalive: every 6 minutes wg show on server peer: 9BhasduiUTa3d..... endpoint: 83.x.y.z:43765 allowed ips: 10.2.1.2/32 latest handshake: 8 hours, 14 minutes, 42 seconds ago transfer: 22.73 KiB=C2=A0 received, 169.98 KiB sent Both devices still list the old external IP. Although on client1 and server= test.test.zzz resolves to it's new external IP 84.x2.y2.z2. I know that I = could fix this by entering the internal IP of the server as the endpoint ad= dress on client1, but I thought that if the server couldn't be reached any = more a new handshake process (with DNS lookup) would be initiated?=C2=A0=20 ------=_Part_2626954_671528259.1519303108945 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
I stumbled upon the following ob= servation. I have a router with an dynamic external IP with changes every 2= 4h. It can be reached via it's dyndns test.test.zzz. Client1 and 2 have the= same config to reach the endpoint:
[Peer]
PublicKey =3D 5JZzs= 90SBYzXc8pfDW......
Endpoint =3D test.test.zzz:443
Persist= entKeepAlive=3D3600

Client2 Ext IP 145.x.y.z wg0 1= 0.2.1.3
    |
  &= nbsp; |
Router IP 10.1.1.1  Dynamic Ext IP 83.x1.y1= .z1 (after 24h/change to 84.x2.y2.z2) dyndns: test.test.zzz
&= nbsp;  |           &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; |
   |        = ;            &n= bsp;            = ;            &n= bsp;    |        
Client1 10.1.1.3 wg0 10.2.1.2       &= nbsp; Server 10.1.1.2 wg0 10.2.1.1

After the exter= nal IP address changes I cannot reach client1 from server or client2 on it'= s wireguard wg0 device.

wg show on client1
peer: 5JZzs90SBYzXc8pfDW......
endpoint: 83.x.y.z:443
allowed= ips: 10.2.0.0/16
latest handshake: 8 hours, 14 minutes, 42 seconds ago<= br>transfer: 9.98 KiB received, 49.73 KiB sent
persistent keepalive: eve= ry 6 minutes

wg show on server
p= eer: 9BhasduiUTa3d.....
endpoint: 83.x.y.z:43765
allowed ips: 10.2.1.= 2/32
latest handshake: 8 hours, 14 minutes, 42 seconds ago
transfer: = 22.73 KiB  received, 169.98 KiB sent

Both= devices still list the old external IP. Although on client1 and server tes= t.test.zzz resolves to it's new external IP 84.x2.y2.z2.
I know = that I could fix this by entering the internal IP of the server as the endp= oint address on client1, but I thought that if the server couldn't be reach= ed any more a new handshake process (with DNS lookup) would be initiated?&n= bsp;


------=_Part_2626954_671528259.1519303108945--