Thanks David Yes I have seen this and I am setting the keepalive when doing an upgrade. This one is directly connected though.
Regards Michael Knill From: David Kerr <da...@kerr.net> Reply to: AstLinux List <astlinux-users@lists.sourceforge.net> Date: Wednesday, 19 May 2021 at 7:42 am To: AstLinux List <astlinux-users@lists.sourceforge.net> Subject: Re: [Astlinux-users] Wireguard VPN disconnection I've had some recent problems with wireguard disconnecting (or not reconnecting) from a remote system behind NAT. I discovered that setting PersistentKeepalive to something other than zero (I set to 25) helped. I did it at both ends, but might only have been required for the system behind the NAT. David On Tue, May 18, 2021 at 5:32 PM Lonnie Abelbeck <li...@lonnie.abelbeck.com<mailto:li...@lonnie.abelbeck.com>> wrote: reboot You should not do a "service network restart" Lonnie > On May 18, 2021, at 4:27 PM, Michael Knill > <michael.kn...@ipcsolutions.com.au<mailto:michael.kn...@ipcsolutions.com.au>> > wrote: > > Hmm same problem again with two of my sites. > Only one of the two Wireguard VPN's are down. I have tried the following: > arno-iptables-firewall restart > service network restart > pppoe-restart > ip link set dev wg0 down & ip link set dev wg0 up > > All to no avail. Any other ideas before I reboot? > PS there is no failover configured for this site so I don't think MTU is the > issue. > > Regards > Michael Knill > > On 20/3/21, 2:09 pm, "Michael Knill" > <michael.kn...@ipcsolutions.com.au<mailto:michael.kn...@ipcsolutions.com.au>> > wrote: > > Thanks. Guess I will need to test it out. > > Regards > Michael Knill > > On 20/3/21, 2:03 pm, "Lonnie Abelbeck" > <li...@lonnie.abelbeck.com<mailto:li...@lonnie.abelbeck.com>> wrote: > > While playing with the WG MTU, it seemed to work with only setting one > end and the tunnel used the smallest, but I played it safe and set everything > to 1340. > > It would be good to know what the precise answer is. > > Lonnie > > >> On Mar 19, 2021, at 9:57 PM, Michael Knill >> <michael.kn...@ipcsolutions.com.au<mailto:michael.kn...@ipcsolutions.com.au>> >> wrote: >> >> Thanks Lonnie. >> >> PS I was just thinking (dangerous I know). I would need to set it on both >> ends so do you think there would there be any issues with different MTU's at >> each end? >> Ultimately it would be the same eventually but there would be a migration >> period. >> >> Regards >> Michael Knill >> >> On 20/3/21, 1:41 pm, "Lonnie Abelbeck" >> <li...@lonnie.abelbeck.com<mailto:li...@lonnie.abelbeck.com>> wrote: >> >> I haven't seen any issues with a WG MTU of 1340, yet anyway. >> >> Lonnie >> >> >>> On Mar 19, 2021, at 9:29 PM, Michael Knill >>> <michael.kn...@ipcsolutions.com.au<mailto:michael.kn...@ipcsolutions.com.au>> >>> wrote: >>> >>> Thanks Lonnie >>> >>> Hmm that may have something to do with it. Might also be when it fails over >>> to 4G. >>> As most of my VPN's carry voice only, I think a standard MTU of 1340 for >>> all my systems should be fine. What do you think? >>> >>> Regards >>> Michael Knill >>> >>> On 20/3/21, 10:40 am, "Lonnie Abelbeck" >>> <li...@lonnie.abelbeck.com<mailto:li...@lonnie.abelbeck.com>> wrote: >>> >>> Hi Michael, >>> >>> I have not experienced anything like that, WireGuard connectivity is rock >>> solid for me. >>> >>> I don't recall later WireGuard versions having any fixes for what you are >>> describing. >>> >>> Just guessing, the standard MTU for WG is 1420 (1500-80), if you have a >>> PPPoE connection with a MTU of 1492 you might try setting the WG MTU to >>> 1412 (1500-8-80) or lower to test. >>> >>> I'm testing a 4G-LTE/5G fixed wireless internet service from T-Mobile, >>> they use Carrier Grade NAT (CGNAT) for IPv4 which lowers the MTU to 1420 >>> (just like WG) so WG needs a MTU setting of 1340 to work over the CGNAT or >>> else it hangs. >>> >>> Lonnie >>> >>> >>> >>> >>>> On Mar 19, 2021, at 3:42 PM, Michael Knill >>>> <michael.kn...@ipcsolutions.com.au<mailto:michael.kn...@ipcsolutions.com.au>> >>>> wrote: >>>> >>>> Hi Group >>>> >>>> Not sure if anyone else is experiencing this. I'm on 1.3.10 and all my >>>> systems connect via Wireguard VPN to both my softswitches. >>>> Its generally all pretty stable but occasionally one of the VPN’s will be >>>> disconnected and I have tried everything I can think of to bring it back >>>> up but only a reboot has managed to do so at this stage. >>>> Any ideas? >>>> >>>> Regards >>>> Michael Knill >>>> _______________________________________________ >>>> Astlinux-users mailing list >>>> Astlinux-users@lists.sourceforge.net<mailto:Astlinux-users@lists.sourceforge.net> >>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>> >>>> Donations to support AstLinux are graciously accepted via PayPal to >>>> pay...@krisk.org<mailto:pay...@krisk.org>. >>> >>> >>> >>> _______________________________________________ >>> Astlinux-users mailing list >>> >>> Astlinux-users@lists.sourceforge.net<mailto:Astlinux-users@lists.sourceforge.net> >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>> >>> Donations to support AstLinux are graciously accepted via PayPal to >>> pay...@krisk.org<mailto:pay...@krisk.org>. >>> >>> >>> _______________________________________________ >>> Astlinux-users mailing list >>> Astlinux-users@lists.sourceforge.net<mailto:Astlinux-users@lists.sourceforge.net> >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>> >>> Donations to support AstLinux are graciously accepted via PayPal to >>> pay...@krisk.org<mailto:pay...@krisk.org>. >> >> >> >> _______________________________________________ >> Astlinux-users mailing list >> >> Astlinux-users@lists.sourceforge.net<mailto:Astlinux-users@lists.sourceforge.net> >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org<mailto:pay...@krisk.org>. >> >> >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net<mailto:Astlinux-users@lists.sourceforge.net> >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org<mailto:pay...@krisk.org>. > > > > _______________________________________________ > Astlinux-users mailing list > > Astlinux-users@lists.sourceforge.net<mailto:Astlinux-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org<mailto:pay...@krisk.org>. > > > _______________________________________________ > Astlinux-users mailing list > > Astlinux-users@lists.sourceforge.net<mailto:Astlinux-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org<mailto:pay...@krisk.org>. > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net<mailto:Astlinux-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org<mailto:pay...@krisk.org>. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net<mailto:Astlinux-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org<mailto:pay...@krisk.org>.
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
