On Wed, Mar 20, 2024 at 08:15:55AM +0100, Kirill Miazine wrote:
> Hi there
>
> • Paul B. Henson [2024-03-20 05:40]:
> > We're using wireguard to set up VPN connections from various systems
> > deployed on-prem at customer sites to central openbsd boxes to route
> > internal traffic between the remote boxes and the internal network.
> >
> > After a fresh reboot with a given configuration, everything works great.
> > The problem we have is when we later add or remove a remote system and
> > try to reconfigure the wireguard interface on the central servers.
> >
> > Sometimes the new system just won't work, or oddly the new system works
> > fine but an existing system that was working breaks 8-/. When that
> > happens, we generally have to reboot it, at which point everything
> > works.
>
> I've seen some issues too, but has not identified a reproducible pattern.
> What I've seen, however, is that WG packets start flowing when the other end
> of the connection pings back, so in my setup with a central VPN server I
> make it ping all the peers' WG IP adress periodically:
>
> #!/bin/sh
> ifconfig wg1 | \
> grep wgaip | \
> awk '{print $2} ' | \
> grep /32$ | \
> sed 's/\/32//' | \
> sort | while read x; do
> ping -w 1 -c 1 $x 2>&1
> done
>
> and then each peer also pings the server's WG IP periodically.
i think that this is a different issue than the one paul has. are
you aware that the "wgpka" option exists? (documented in ifconfig(8)).
that might solve your problem.
