* Wireguard is loosing connection for no reason
@ 2022-06-21 14:20 Pavel Yegorov
2022-06-27 21:40 ` Alan Graham
0 siblings, 1 reply; 2+ messages in thread
From: Pavel Yegorov @ 2022-06-21 14:20 UTC (permalink / raw)
To: wireguard
Hey folks!
I really need some advice, cause I just don't know how to deal with my problem.
So, I have a WG "server" on ubuntu 18.04.6 LTS, hosted in the oracle
free tier. I've installed wireguard using well-known
https://github.com/angristan/wireguard-install script. Then I've
generated several configs for my desktops, phones, etc. It connects
and runs perfectly, but sometimes it just freezes for no reason.
There's no connectivity issues or something like that. Logs on client
side says something like that:
2022-06-21 03:01:01.845: [TUN] [win] Keypair 17 created for peer 1
2022-06-21 03:01:01.846: [TUN] [win] Sending keepalive packet to peer
1 (SERVER_IP:SERVER_PORT)
2022-06-21 03:03:01.822: [TUN] [win] Sending handshake initiation to
peer 1 (SERVER_IP:SERVER_PORT)
2022-06-21 03:03:01.884: [TUN] [win] Receiving handshake response from
peer 1 (SERVER_IP:SERVER_PORT)
2022-06-21 03:03:01.884: [TUN] [win] Keypair 16 destroyed for peer 1
2022-06-21 03:03:01.884: [TUN] [win] Keypair 18 created for peer 1
2022-06-21 03:03:01.884: [TUN] [win] Sending keepalive packet to peer
1 (SERVER_IP:SERVER_PORT)
2022-06-21 03:05:02.058: [TUN] [win] Sending handshake initiation to
peer 1 (SERVER_IP:SERVER_PORT)
2022-06-21 03:05:02.106: [TUN] [win] Receiving handshake response from
peer 1 (SERVER_IP:SERVER_PORT)
2022-06-21 03:05:02.106: [TUN] [win] Keypair 17 destroyed for peer 1
2022-06-21 03:05:02.106: [TUN] [win] Keypair 19 created for peer 1
2022-06-21 03:05:02.106: [TUN] [win] Sending keepalive packet to peer
1 (SERVER_IP:SERVER_PORT)
2022-06-21 03:06:21.302: [TUN] [win] Retrying handshake with peer 1
(SERVER_IP:SERVER_PORT) because we stopped hearing back after 15
seconds
2022-06-21 03:06:21.302: [TUN] [win] Sending handshake initiation to
peer 1 (SERVER_IP:SERVER_PORT)
2022-06-21 03:06:26.423: [TUN] [win] Handshake for peer 1
(SERVER_IP:SERVER_PORT) did not complete after 5 seconds, retrying
(try 2)
2022-06-21 03:06:26.423: [TUN] [win] Sending handshake initiation to
peer 1 (SERVER_IP:SERVER_PORT)
2022-06-21 03:06:31.471: [TUN] [win] Handshake for peer 1
(SERVER_IP:SERVER_PORT) did not complete after 5 seconds, retrying
(try 3)
2022-06-21 03:06:31.473: [TUN] [win] Sending handshake initiation to
peer 1 (SERVER_IP:SERVER_PORT)
2022-06-21 03:06:36.517: [TUN] [win] Handshake for peer 1
(SERVER_IP:SERVER_PORT) did not complete after 5 seconds, retrying
(try 4)
If I reconnect WG client, it immediately connects and everything is ok.
Any advices? I tried to experiment with PersistentKeepAlive param (on
both sides!) that doesn't change anything.
My server cfg:
[Interface]
Address = 10.66.66.1/24,fd42:42:42::1/64
ListenPort = SERVER_PORT
PrivateKey = M?????Uyg4r3mo=
PostUp = iptables -I FORWARD -i ens3 -o wg0 -j ACCEPT; iptables -I
FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j
MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A
POSTROUTING -o ens3 -j MASQUERADE; sudo iptables -I INPUT -i ens3 -p
udp --dport SERVER_PORT -m state --state NEW,ESTABLISHED -j ACCEPT
PostDown = iptables -D FORWARD -i ens3 -o wg0 -j ACCEPT; iptables -D
FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j
MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D
POSTROUTING -o ens3 -j MASQUERADE; sudo iptables -D INPUT -i ens3 -p
udp --dport SERVER_PORT -m state --state NEW,ESTABLISHED -j ACCEPT
### Client iphone
[Peer]
PublicKey = 0+V???????4HnM=
PresharedKey = s???????amJCxJyqcE=
AllowedIPs = 10.66.66.2/32,fd42:42:42::2/128
### Client mac
[Peer]
PublicKey = Tet4??????mI=
PresharedKey = Ld???r8=
AllowedIPs = 10.66.66.3/32,fd42:42:42::3/128
My client cfg
[Interface]
PrivateKey = 4Bp????=
Address = 10.66.66.2/32,fd42:42:42::2/128
DNS = 8.8.8.8,1.1.1.1
[Peer]
PublicKey = 5R?????c=
PresharedKey = sY????E=
Endpoint = SERVER_IP:SERVER_PORT
AllowedIPs = 0.0.0.0/0,::/0
some stats
root@oraclevpn:~# wg show all
interface: wg0
public key: 5R?????c=
private key: (hidden)
listening port: SERVER_PORT
peer: 0+?????nM=
preshared key: (hidden)
endpoint: 666.666.666.666:11111
allowed ips: 10.66.66.2/32, fd42:42:42::2/128
latest handshake: 2 minutes, 2 seconds ago
transfer: 533.52 MiB received, 5.18 GiB sent
--
Pavel Yegorov
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Wireguard is loosing connection for no reason
2022-06-21 14:20 Wireguard is loosing connection for no reason Pavel Yegorov
@ 2022-06-27 21:40 ` Alan Graham
0 siblings, 0 replies; 2+ messages in thread
From: Alan Graham @ 2022-06-27 21:40 UTC (permalink / raw)
To: Pavel Yegorov; +Cc: WireGuard mailing list
Hi Pavel,
I also have a VM in OCI, albeit with Oracle Linux and not Ubuntu.
It's working without issues. Your PresharedKeys could be at fault
based on how you obfuscated them. However, I would look at all the
other iptables rules that Oracle made in the VM. They are long and
complicated and I believe at some point I just nuked them all.
You might also want to install Wireshark on the client and make a
capture when you're having the problem. You can also remove the
fd42:42:42:2/128 references and see if that solves the problem. I can
imagine switching from ipv4 to ipv6 could cause such a hiccup and I
don't actually have ipv6 setup in my config. I'd also ensure you're
not using Oracle's NAT feature for your VM as theirs is not a NAT you
can run Wireguard behind. Hopefully one of these suggestions will
help!
Best regards,
Alan
On Mon, Jun 27, 2022 at 4:07 AM Pavel Yegorov <yegorov.p@gmail.com> wrote:
>
> Hey folks!
>
> I really need some advice, cause I just don't know how to deal with my problem.
>
> So, I have a WG "server" on ubuntu 18.04.6 LTS, hosted in the oracle
> free tier. I've installed wireguard using well-known
> https://github.com/angristan/wireguard-install script. Then I've
> generated several configs for my desktops, phones, etc. It connects
> and runs perfectly, but sometimes it just freezes for no reason.
> There's no connectivity issues or something like that. Logs on client
> side says something like that:
>
> 2022-06-21 03:01:01.845: [TUN] [win] Keypair 17 created for peer 1
> 2022-06-21 03:01:01.846: [TUN] [win] Sending keepalive packet to peer
> 1 (SERVER_IP:SERVER_PORT)
> 2022-06-21 03:03:01.822: [TUN] [win] Sending handshake initiation to
> peer 1 (SERVER_IP:SERVER_PORT)
> 2022-06-21 03:03:01.884: [TUN] [win] Receiving handshake response from
> peer 1 (SERVER_IP:SERVER_PORT)
> 2022-06-21 03:03:01.884: [TUN] [win] Keypair 16 destroyed for peer 1
> 2022-06-21 03:03:01.884: [TUN] [win] Keypair 18 created for peer 1
> 2022-06-21 03:03:01.884: [TUN] [win] Sending keepalive packet to peer
> 1 (SERVER_IP:SERVER_PORT)
> 2022-06-21 03:05:02.058: [TUN] [win] Sending handshake initiation to
> peer 1 (SERVER_IP:SERVER_PORT)
> 2022-06-21 03:05:02.106: [TUN] [win] Receiving handshake response from
> peer 1 (SERVER_IP:SERVER_PORT)
> 2022-06-21 03:05:02.106: [TUN] [win] Keypair 17 destroyed for peer 1
> 2022-06-21 03:05:02.106: [TUN] [win] Keypair 19 created for peer 1
> 2022-06-21 03:05:02.106: [TUN] [win] Sending keepalive packet to peer
> 1 (SERVER_IP:SERVER_PORT)
> 2022-06-21 03:06:21.302: [TUN] [win] Retrying handshake with peer 1
> (SERVER_IP:SERVER_PORT) because we stopped hearing back after 15
> seconds
> 2022-06-21 03:06:21.302: [TUN] [win] Sending handshake initiation to
> peer 1 (SERVER_IP:SERVER_PORT)
> 2022-06-21 03:06:26.423: [TUN] [win] Handshake for peer 1
> (SERVER_IP:SERVER_PORT) did not complete after 5 seconds, retrying
> (try 2)
> 2022-06-21 03:06:26.423: [TUN] [win] Sending handshake initiation to
> peer 1 (SERVER_IP:SERVER_PORT)
> 2022-06-21 03:06:31.471: [TUN] [win] Handshake for peer 1
> (SERVER_IP:SERVER_PORT) did not complete after 5 seconds, retrying
> (try 3)
> 2022-06-21 03:06:31.473: [TUN] [win] Sending handshake initiation to
> peer 1 (SERVER_IP:SERVER_PORT)
> 2022-06-21 03:06:36.517: [TUN] [win] Handshake for peer 1
> (SERVER_IP:SERVER_PORT) did not complete after 5 seconds, retrying
> (try 4)
>
> If I reconnect WG client, it immediately connects and everything is ok.
>
> Any advices? I tried to experiment with PersistentKeepAlive param (on
> both sides!) that doesn't change anything.
>
> My server cfg:
>
> [Interface]
> Address = 10.66.66.1/24,fd42:42:42::1/64
> ListenPort = SERVER_PORT
> PrivateKey = M?????Uyg4r3mo=
>
> PostUp = iptables -I FORWARD -i ens3 -o wg0 -j ACCEPT; iptables -I
> FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j
> MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A
> POSTROUTING -o ens3 -j MASQUERADE; sudo iptables -I INPUT -i ens3 -p
> udp --dport SERVER_PORT -m state --state NEW,ESTABLISHED -j ACCEPT
> PostDown = iptables -D FORWARD -i ens3 -o wg0 -j ACCEPT; iptables -D
> FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j
> MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D
> POSTROUTING -o ens3 -j MASQUERADE; sudo iptables -D INPUT -i ens3 -p
> udp --dport SERVER_PORT -m state --state NEW,ESTABLISHED -j ACCEPT
>
> ### Client iphone
> [Peer]
> PublicKey = 0+V???????4HnM=
> PresharedKey = s???????amJCxJyqcE=
> AllowedIPs = 10.66.66.2/32,fd42:42:42::2/128
>
> ### Client mac
> [Peer]
> PublicKey = Tet4??????mI=
> PresharedKey = Ld???r8=
> AllowedIPs = 10.66.66.3/32,fd42:42:42::3/128
>
> My client cfg
>
> [Interface]
> PrivateKey = 4Bp????=
> Address = 10.66.66.2/32,fd42:42:42::2/128
> DNS = 8.8.8.8,1.1.1.1
>
> [Peer]
> PublicKey = 5R?????c=
> PresharedKey = sY????E=
> Endpoint = SERVER_IP:SERVER_PORT
> AllowedIPs = 0.0.0.0/0,::/0
>
> some stats
>
> root@oraclevpn:~# wg show all
> interface: wg0
> public key: 5R?????c=
> private key: (hidden)
> listening port: SERVER_PORT
>
> peer: 0+?????nM=
> preshared key: (hidden)
> endpoint: 666.666.666.666:11111
> allowed ips: 10.66.66.2/32, fd42:42:42::2/128
> latest handshake: 2 minutes, 2 seconds ago
> transfer: 533.52 MiB received, 5.18 GiB sent
>
>
> --
> Pavel Yegorov
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-06-27 21:40 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-21 14:20 Wireguard is loosing connection for no reason Pavel Yegorov
2022-06-27 21:40 ` Alan Graham
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).