Development discussion of WireGuard
 help / color / mirror / Atom feed
* Wireguard Link issue
@ 2019-04-23  9:49 Joshua Grimm
  2019-05-08 19:29 ` Frank Carmickle
  0 siblings, 1 reply; 2+ messages in thread
From: Joshua Grimm @ 2019-04-23  9:49 UTC (permalink / raw)
  To: wireguard

Hey Guys,

I have used Wireguard for quite some time now and I'm facing a problem.

every other day one wireguard link stops working. It just stops
accepting traffic:

root@bladerunner-2:~# ping -c 1 10.0.1.1
PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data.

--- 10.0.1.1 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

wg tells me that the link is up and handshakes are still working:

peer: Q7pO6XUeBKi2dtSZOIyXjpkyUESbvGHfSF7cu1KmD1g=
  endpoint: redacted:51820
  allowed ips: 0.0.0.0/0
  latest handshake: 11 seconds ago
  transfer: 162.67 GiB received, 8.32 GiB sent
  persistent keepalive: every 1 minute

if I restart the link with

systemctl restart wg-quick@wg0

it works again.

Here is the relevent part of my config:

[Interface]
Address = 10.0.1.3
PrivateKey = redacted
ListenPort = 51820
Table = off
FwMark = 1234

[Peer]
PublicKey = redacted
AllowedIps = 0.0.0.0/0
Endpoint = redacted:51820
PersistentKeepalive=60

I tried running wireguard in this debug mode with

echo "module wireguard +p" >/sys/kernel/debug/dynamic_debug/control

the only messages I get are:

[677569.105551] wireguard: wg0: Sending handshake initiation to peer 1
(redacted:51820)
[677569.116744] wireguard: wg0: Receiving handshake response from peer 1
(redacted:51820)
[677569.116761] wireguard: wg0: Keypair 28551 destroyed for peer 1
[677569.116765] wireguard: wg0: Keypair 28554 created for peer 1
[677569.116775] wireguard: wg0: Sending keepalive packet to peer 1
(redacted:51820)
[677585.105603] wireguard: wg0: Retrying handshake with peer 1
(redacted:51820) because we stopped hearing back after 15 seconds
[677585.105644] wireguard: wg0: Sending handshake initiation to peer 1
(redacted:51820)
[677585.112877] wireguard: wg0: Receiving handshake response from peer 1
(redacted:51820)
[677585.112893] wireguard: wg0: Keypair 28553 destroyed for peer 1
[677585.112898] wireguard: wg0: Keypair 28555 created for peer 1
[677585.112907] wireguard: wg0: Sending keepalive packet to peer 1
(redacted:51820)

Here are some more details:

this is a 6 node network with one node acting as gateway, I set the
routes via PreUp/PostUp and remove them via PreDown/PostDown.

root@bladerunner-2:~# uname -a
Linux bladerunner-2 4.4.0-145-generic #171-Ubuntu SMP Tue Mar 26
12:43:40 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

root@bladerunner-2:~# ip link show wg0
3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state
UNKNOWN mode DEFAULT group default qlen 1
    link/none
    
root@bladerunner-2:~# dpkg -l | grep wireguard
ii  wireguard-dkms                  
0.0.20190406-wg1~xenial                    all          fast, modern,
secure kernel VPN tunnel (DKMS version)
ii  wireguard-tools                 
0.0.20190406-wg1~xenial                    amd64        fast, modern,
secure kernel VPN tunnel (userland utilities)

Please help me debugging this Issue, I'm a big fan of Wireguard and
would love to use it with mode projects

Have a nice Day,
Joshi
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: Wireguard Link issue
  2019-04-23  9:49 Wireguard Link issue Joshua Grimm
@ 2019-05-08 19:29 ` Frank Carmickle
  0 siblings, 0 replies; 2+ messages in thread
From: Frank Carmickle @ 2019-05-08 19:29 UTC (permalink / raw)
  To: Joshua Grimm; +Cc: wireguard

Hello Josh,

> OnApr 23, 2019, at 5:49 AM, Joshua Grimm <joshua.grimm@hetzner-cloud.de> wrote:
> 
> Hey Guys,
> 
> I have used Wireguard for quite some time now and I'm facing a problem.
> 
> every other day one wireguard link stops working. It just stops
> accepting traffic:
> 
> root@bladerunner-2:~# ping -c 1 10.0.1.1
> PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data.
> 
> --- 10.0.1.1 ping statistics ---
> 1 packets transmitted, 0 received, 100% packet loss, time 0ms
> 
> wg tells me that the link is up and handshakes are still working:
> 
> peer: Q7pO6XUeBKi2dtSZOIyXjpkyUESbvGHfSF7cu1KmD1g=
>   endpoint: redacted:51820
>   allowed ips: 0.0.0.0/0
>   latest handshake: 11 seconds ago
>   transfer: 162.67 GiB received, 8.32 GiB sent
>   persistent keepalive: every 1 minute
> 
> if I restart the link with
> 
> systemctl restart wg-quick@wg0
> 
> it works again.
> 
> Here is the relevent part of my config:
> 
> [Interface]
> Address = 10.0.1.3
> PrivateKey = redacted
> ListenPort = 51820
> Table = off
> FwMark = 1234
> 
> [Peer]
> PublicKey = redacted
> AllowedIps = 0.0.0.0/0
> Endpoint = redacted:51820
> PersistentKeepalive=60

I’m guessing this is to infrequent for a NAT timer. Try 20 secs and see if it’s any better.

> I tried running wireguard in this debug mode with
> 
> echo "module wireguard +p" >/sys/kernel/debug/dynamic_debug/control
> 
> the only messages I get are:
> 
> [677569.105551] wireguard: wg0: Sending handshake initiation to peer 1
> (redacted:51820)
> [677569.116744] wireguard: wg0: Receiving handshake response from peer 1
> (redacted:51820)
> [677569.116761] wireguard: wg0: Keypair 28551 destroyed for peer 1
> [677569.116765] wireguard: wg0: Keypair 28554 created for peer 1
> [677569.116775] wireguard: wg0: Sending keepalive packet to peer 1
> (redacted:51820)
> [677585.105603] wireguard: wg0: Retrying handshake with peer 1
> (redacted:51820) because we stopped hearing back after 15 seconds
> [677585.105644] wireguard: wg0: Sending handshake initiation to peer 1
> (redacted:51820)
> [677585.112877] wireguard: wg0: Receiving handshake response from peer 1
> (redacted:51820)
> [677585.112893] wireguard: wg0: Keypair 28553 destroyed for peer 1
> [677585.112898] wireguard: wg0: Keypair 28555 created for peer 1
> [677585.112907] wireguard: wg0: Sending keepalive packet to peer 1
> (redacted:51820)
> 

Maybe someone familiar with the code can tell us if "Receiving handshake response from peer 1” might be better phrased, "listening for response from peer 1"?


--FC

> Here are some more details:
> 
> this is a 6 node network with one node acting as gateway, I set the
> routes via PreUp/PostUp and remove them via PreDown/PostDown.
> 
> root@bladerunner-2:~# uname -a
> Linux bladerunner-2 4.4.0-145-generic #171-Ubuntu SMP Tue Mar 26
> 12:43:40 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
> 
> root@bladerunner-2:~# ip link show wg0
> 3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state
> UNKNOWN mode DEFAULT group default qlen 1
>     link/none
>     
> root@bladerunner-2:~# dpkg -l | grep wireguard
> ii  wireguard-dkms                  
> 0.0.20190406-wg1~xenial                    all          fast, modern,
> secure kernel VPN tunnel (DKMS version)
> ii  wireguard-tools                 
> 0.0.20190406-wg1~xenial                    amd64        fast, modern,
> secure kernel VPN tunnel (userland utilities)
> 
> Please help me debugging this Issue, I'm a big fan of Wireguard and
> would love to use it with mode projects
> 
> Have a nice Day,
> Joshi
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-05-11 13:08 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-23  9:49 Wireguard Link issue Joshua Grimm
2019-05-08 19:29 ` Frank Carmickle

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).