From: Pavel Yegorov <yegorov.p@gmail.com>
To: wireguard@lists.zx2c4.com
Subject: Wireguard is loosing connection for no reason
Date: Tue, 21 Jun 2022 17:20:09 +0300 [thread overview]
Message-ID: <CADuzeTx8_ODe2gF_hN6nhVFh5j+pEYXZB6fpVcC23pD2LLwCsw@mail.gmail.com> (raw)
Hey folks!
I really need some advice, cause I just don't know how to deal with my problem.
So, I have a WG "server" on ubuntu 18.04.6 LTS, hosted in the oracle
free tier. I've installed wireguard using well-known
https://github.com/angristan/wireguard-install script. Then I've
generated several configs for my desktops, phones, etc. It connects
and runs perfectly, but sometimes it just freezes for no reason.
There's no connectivity issues or something like that. Logs on client
side says something like that:
2022-06-21 03:01:01.845: [TUN] [win] Keypair 17 created for peer 1
2022-06-21 03:01:01.846: [TUN] [win] Sending keepalive packet to peer
1 (SERVER_IP:SERVER_PORT)
2022-06-21 03:03:01.822: [TUN] [win] Sending handshake initiation to
peer 1 (SERVER_IP:SERVER_PORT)
2022-06-21 03:03:01.884: [TUN] [win] Receiving handshake response from
peer 1 (SERVER_IP:SERVER_PORT)
2022-06-21 03:03:01.884: [TUN] [win] Keypair 16 destroyed for peer 1
2022-06-21 03:03:01.884: [TUN] [win] Keypair 18 created for peer 1
2022-06-21 03:03:01.884: [TUN] [win] Sending keepalive packet to peer
1 (SERVER_IP:SERVER_PORT)
2022-06-21 03:05:02.058: [TUN] [win] Sending handshake initiation to
peer 1 (SERVER_IP:SERVER_PORT)
2022-06-21 03:05:02.106: [TUN] [win] Receiving handshake response from
peer 1 (SERVER_IP:SERVER_PORT)
2022-06-21 03:05:02.106: [TUN] [win] Keypair 17 destroyed for peer 1
2022-06-21 03:05:02.106: [TUN] [win] Keypair 19 created for peer 1
2022-06-21 03:05:02.106: [TUN] [win] Sending keepalive packet to peer
1 (SERVER_IP:SERVER_PORT)
2022-06-21 03:06:21.302: [TUN] [win] Retrying handshake with peer 1
(SERVER_IP:SERVER_PORT) because we stopped hearing back after 15
seconds
2022-06-21 03:06:21.302: [TUN] [win] Sending handshake initiation to
peer 1 (SERVER_IP:SERVER_PORT)
2022-06-21 03:06:26.423: [TUN] [win] Handshake for peer 1
(SERVER_IP:SERVER_PORT) did not complete after 5 seconds, retrying
(try 2)
2022-06-21 03:06:26.423: [TUN] [win] Sending handshake initiation to
peer 1 (SERVER_IP:SERVER_PORT)
2022-06-21 03:06:31.471: [TUN] [win] Handshake for peer 1
(SERVER_IP:SERVER_PORT) did not complete after 5 seconds, retrying
(try 3)
2022-06-21 03:06:31.473: [TUN] [win] Sending handshake initiation to
peer 1 (SERVER_IP:SERVER_PORT)
2022-06-21 03:06:36.517: [TUN] [win] Handshake for peer 1
(SERVER_IP:SERVER_PORT) did not complete after 5 seconds, retrying
(try 4)
If I reconnect WG client, it immediately connects and everything is ok.
Any advices? I tried to experiment with PersistentKeepAlive param (on
both sides!) that doesn't change anything.
My server cfg:
[Interface]
Address = 10.66.66.1/24,fd42:42:42::1/64
ListenPort = SERVER_PORT
PrivateKey = M?????Uyg4r3mo=
PostUp = iptables -I FORWARD -i ens3 -o wg0 -j ACCEPT; iptables -I
FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j
MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A
POSTROUTING -o ens3 -j MASQUERADE; sudo iptables -I INPUT -i ens3 -p
udp --dport SERVER_PORT -m state --state NEW,ESTABLISHED -j ACCEPT
PostDown = iptables -D FORWARD -i ens3 -o wg0 -j ACCEPT; iptables -D
FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j
MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D
POSTROUTING -o ens3 -j MASQUERADE; sudo iptables -D INPUT -i ens3 -p
udp --dport SERVER_PORT -m state --state NEW,ESTABLISHED -j ACCEPT
### Client iphone
[Peer]
PublicKey = 0+V???????4HnM=
PresharedKey = s???????amJCxJyqcE=
AllowedIPs = 10.66.66.2/32,fd42:42:42::2/128
### Client mac
[Peer]
PublicKey = Tet4??????mI=
PresharedKey = Ld???r8=
AllowedIPs = 10.66.66.3/32,fd42:42:42::3/128
My client cfg
[Interface]
PrivateKey = 4Bp????=
Address = 10.66.66.2/32,fd42:42:42::2/128
DNS = 8.8.8.8,1.1.1.1
[Peer]
PublicKey = 5R?????c=
PresharedKey = sY????E=
Endpoint = SERVER_IP:SERVER_PORT
AllowedIPs = 0.0.0.0/0,::/0
some stats
root@oraclevpn:~# wg show all
interface: wg0
public key: 5R?????c=
private key: (hidden)
listening port: SERVER_PORT
peer: 0+?????nM=
preshared key: (hidden)
endpoint: 666.666.666.666:11111
allowed ips: 10.66.66.2/32, fd42:42:42::2/128
latest handshake: 2 minutes, 2 seconds ago
transfer: 533.52 MiB received, 5.18 GiB sent
--
Pavel Yegorov
next reply other threads:[~2022-06-27 11:02 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-21 14:20 Pavel Yegorov [this message]
2022-06-27 21:40 ` Alan Graham
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CADuzeTx8_ODe2gF_hN6nhVFh5j+pEYXZB6fpVcC23pD2LLwCsw@mail.gmail.com \
--to=yegorov.p@gmail.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).