From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: me.kalin@gmail.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id a65b4108 for ; Thu, 22 Mar 2018 19:07:43 +0000 (UTC) Received: from mail-oi0-f47.google.com (mail-oi0-f47.google.com [209.85.218.47]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 9e75cf64 for ; Thu, 22 Mar 2018 19:07:43 +0000 (UTC) Received: by mail-oi0-f47.google.com with SMTP id 126-v6so2366790oig.0 for ; Thu, 22 Mar 2018 12:19:08 -0700 (PDT) MIME-Version: 1.0 References: <1521743208.1840.55.camel@gmail.com> In-Reply-To: <1521743208.1840.55.camel@gmail.com> From: Kalin KOZHUHAROV Date: Thu, 22 Mar 2018 19:18:56 +0000 Message-ID: Subject: Re: link disappears To: ST Content-Type: multipart/alternative; boundary="001a1137314083f6730568052eda" Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --001a1137314083f6730568052eda Content-Type: text/plain; charset="UTF-8" On Thu, Mar 22, 2018, 19:27 ST wrote: > Hello, > > I'm new to networking in general and VPN in particular but need to setup > infrastructure to be able to SSH easily to several people who are behind > routers (NAT). After reading that WireGuard is super simple - I decided > to give it try. > > It indeed turned out to be simple till now. I setup a Debian virtual > server with a public IP and configure it as follows: > > Server: > > # wg > interface: wg0 > public key: QMwhCacViCKcTrkevg5NxLnTEJDU1bTNgQp43rp7BHM= > private key: (hidden) > listening port: 12000 > > peer: hiUdjmCK+iZf8wGEB+rYxMYYBF8QoOsm3nkF3asllRY= > endpoint: 37.X.Y.Z:4488 > allowed ips: 10.8.8.9/32 Where is that port from? Is everything OK here?... At the beginning everything worked as expected > - I could ping/SSH in both directions via the private 10.8.8.8 and > 10.8.8.9 addresses. Later I put my desktop into "hibernate mode" and > after turning it on again could no longer use the link... > I guess the NAT router in between dropped your connection by timeout. You either need to ping from behind-NAT first, to re-establish the tunnel, or if you want to do it both-ways setup portforwarding on the NAT. Check the keepalive opions in wg, in case your NAT has only short memory. Cheers, Kalin. --001a1137314083f6730568052eda Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


= On Thu, Mar 22, 2018, 19:27 ST <smnt= ov@gmail.com> wrote:
Hello,<= br>
I'm new to networking in general and VPN in particular but need to setu= p
infrastructure to be able to SSH easily to several people who are behind routers (NAT). After reading that WireGuard is super simple - I decided
to give it try.

It indeed turned out to be simple till now. I setup a Debian virtual
server with a public IP and configure it as follows:

Server:

# wg
interface: wg0
=C2=A0 public key: QMwhCacViCKcTrkevg5NxLnTEJDU1bTNgQp43rp7BHM=3D
=C2=A0 private key: (hidden)
=C2=A0 listening port: 12000

peer: hiUdjmCK+iZf8wGEB+rYxMYYBF8QoOsm3nkF3asllRY=3D
=C2=A0 endpoint: 37.X.Y.Z:4488
=C2=A0 allowed ips: 10.8.8.9/32

Where is that po= rt from?


Is everything OK here?... At the beginning everything worked as expected - I could ping/SSH in both directions via the private 10.8.8.8 and
10.8.8.9 addresses. Later I put my desktop into "hibernate mode" = and
after turning it on again could no longer use the link...
<= /div>

I guess the NAT ro= uter in between dropped your connection by timeout.
= You either need to ping from behind-NAT first, to re-establish the tunnel, = or if you want to do it both-ways setup portforwarding on the NAT.

Check the keepalive opions in wg= , in case your NAT has only short memory.

=
Cheers,
Kalin.
--001a1137314083f6730568052eda--