* Connections dropped after long in-activity
@ 2018-12-27 19:34 Muhammad Naseer Bhatti
2019-01-08 8:22 ` Kalin KOZHUHAROV
0 siblings, 1 reply; 2+ messages in thread
From: Muhammad Naseer Bhatti @ 2018-12-27 19:34 UTC (permalink / raw)
To: wireguard
Hi,
Facing a strange issue with single and sometimes with double NAT with client running Wireguard with the server on Public IP address. If client remains idle for long time (more than 15 minutes) NAT table in the route is dropped for that port combination (at the ISP side) since there is no activity, and Wireguard does not re-establishes the connection or tries to refresh. I am not sure why Keep alives set to 30 seconds not working either since if Keep Alives are set this should not happen.
Is this the desired behavior or am I missing something here?
Thanks.
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Connections dropped after long in-activity
2018-12-27 19:34 Connections dropped after long in-activity Muhammad Naseer Bhatti
@ 2019-01-08 8:22 ` Kalin KOZHUHAROV
0 siblings, 0 replies; 2+ messages in thread
From: Kalin KOZHUHAROV @ 2019-01-08 8:22 UTC (permalink / raw)
To: Muhammad Naseer Bhatti; +Cc: WireGuard mailing list
On Tue, Jan 8, 2019 at 3:20 AM Muhammad Naseer Bhatti <nbhatti@gmail.com> wrote:
> Facing a strange issue with single and sometimes with double NAT with client running Wireguard with the server on Public IP address. If client remains idle for long time (more than 15 minutes) NAT table in the route is dropped for that port combination (at the ISP side) since there is no activity, and Wireguard does not re-establishes the connection or tries to refresh. I am not sure why Keep alives set to 30 seconds not working either since if Keep Alives are set this should not happen.
>
This should not be the case, if keep-alive is enabled. But note that
it is off by default, e.g. man page
The use of persistent-keepalive is optional and is by default off;
setting it to 0 or "off" disables it. Otherwise it reprеsents, in
seconds, between 1 and 65535 inclusive, how often to send an
authenticated empty packet to the peer, for the purpose of keeping a
stateful firewall or NAT mapping valid persistently. For example, if
the interface very rarely sends traffic, but it might at anytime
receive traffic from a peer, and it is behind NAT, the interface
might benefit from having a persistent keepalive interval of 25
seconds; however, most users will not need this.
What does this command (replace <INTERFACE> with yours) say:
wg show <INTERFACE> persistent-keepalive
> Is this the desired behavior or am I missing something here?
>
Do a packet dump/capture and observe that there is indeed traffic
(keep-alives) going from the client (wireshark, tcpdump, etc). If you
use iptables, you can check packet count going through wg interface.
Cheers,
Kalin.
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-01-08 8:22 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-27 19:34 Connections dropped after long in-activity Muhammad Naseer Bhatti
2019-01-08 8:22 ` Kalin KOZHUHAROV
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).