Ah so it was just wg0 that you cant do this for?
Regards
Michael Knill
On 24/5/21, 9:31 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote:
> On May 23, 2021, at 5:42 PM, Michael Knill
<michael.kn...@ipcsolutions.com.au> wrote:
>
> Just thinking about it, I don't think I ever tried a Reload as I thought
a Restart would effectively do the same thing. Interesting that it appears to
not be the case.
"Restart" always works, destroys wg0 and builds it again, restarts the
firewall, etc., but effects active WG tunnels and some may stall for 20 seconds
during the process.
"Reload" is optimized to not effect active WG tunnels and only apply
add/remove/edits to the peers. Very quick.
> PS is there anything I can do to restart a NIC e.g. drop link and bring
up again? I have had some issues with Wireguard when behind a firewall that
this fixes, albeit possibly breaking other things?
> Note the problem is actually the firewall not Wireguard and dropping the
link clears the firewall translation table so it then works.
Example: toggle "eth0" link
--
ip link set dev eth0 down
sleep 4
ip link set dev eth0 up
--
Test to make sure it works as expected.
In AstLinux pulling the network cable and re-inserting it should always
work, the above should do the same from inside.
Lonnie
> Regards
> Michael Knill
>
> On 24/5/21, 7:42 am, "Michael Knill" <michael.kn...@ipcsolutions.com.au>
wrote:
>
> Thanks Lonnie. I will test this next time
>
> Regards
> Michael Knill
>
> On 23/5/21, 10:29 pm, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com>
wrote:
>
> Hi Michael,
>
> There is a discussion over on the WireGuard mailing list [1], with
a similar situation as you describe.
>
> A reporter suggests the equivalent of AstLinux "Reload WireGuard
VPN" (not Restart) fixes things. Though it would seem a DNS endpoint was
changing and causing loss of WG connection in the [1] discussion. Not exactly
the same as you describe.
>
> Bottom line, to answer your question, it is always "safe" to issue
"Reload WireGuard VPN" via the web interface and not disrupt any active WG
connections. Or from the command line:
> --
> service wireguard reload
> --
>
> Again, NEVER do:
> --
> service network restart
> -- and/or --
> ip link set dev wg0 down && ip link set dev wg0 up
> --
> as that will cause problems only a reboot can fix.
>
>
> Back to your issue, I would take David Kerr's advice and add
"PersistentKeepalive = 25" to the troublesome peer and see if that makes a
difference.
>
>
> Lonnie
>
> [1]
https://lists.zx2c4.com/pipermail/wireguard/2021-May/006761.html
>
>
>
>
>> On May 18, 2021, at 4:27 PM, Michael Knill
<michael.kn...@ipcsolutions.com.au> wrote:
>>
>> Hmm same problem again with two of my sites.
>> Only one of the two Wireguard VPN's are down. I have tried the following:
>> arno-iptables-firewall restart
>> service network restart
>> pppoe-restart
>> ip link set dev wg0 down & ip link set dev wg0 up
>>
>> All to no avail. Any other ideas before I reboot?
>> PS there is no failover configured for this site so I don't think MTU is
the issue.
>>
>> Regards
>> Michael Knill
>>
>> On 20/3/21, 2:09 pm, "Michael Knill" <michael.kn...@ipcsolutions.com.au>
wrote:
>>
>> Thanks. Guess I will need to test it out.
>>
>> Regards
>> Michael Knill
>>
>> On 20/3/21, 2:03 pm, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com>
wrote:
>>
>> While playing with the WG MTU, it seemed to work with only setting
one end and the tunnel used the smallest, but I played it safe and set
everything to 1340.
>>
>> It would be good to know what the precise answer is.
>>
>> Lonnie
>>
>>
>>> On Mar 19, 2021, at 9:57 PM, Michael Knill
<michael.kn...@ipcsolutions.com.au> wrote:
>>>
>>> Thanks Lonnie.
>>>
>>> PS I was just thinking (dangerous I know). I would need to set it on
both ends so do you think there would there be any issues with different MTU's
at each end?
>>> Ultimately it would be the same eventually but there would be a
migration period.
>>>
>>> Regards
>>> Michael Knill
>>>
>>> On 20/3/21, 1:41 pm, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com>
wrote:
>>>
>>> I haven't seen any issues with a WG MTU of 1340, yet anyway.
>>>
>>> Lonnie
>>>
>>>
>>>> On Mar 19, 2021, at 9:29 PM, Michael Knill
<michael.kn...@ipcsolutions.com.au> wrote:
>>>>
>>>> Thanks Lonnie
>>>>
>>>> Hmm that may have something to do with it. Might also be when it fails
over to 4G.
>>>> As most of my VPN's carry voice only, I think a standard MTU of 1340
for all my systems should be fine. What do you think?
>>>>
>>>> Regards
>>>> Michael Knill
>>>>
>>>> On 20/3/21, 10:40 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com>
wrote:
>>>>
>>>> Hi Michael,
>>>>
>>>> I have not experienced anything like that, WireGuard connectivity is
rock solid for me.
>>>>
>>>> I don't recall later WireGuard versions having any fixes for what you
are describing.
>>>>
>>>> Just guessing, the standard MTU for WG is 1420 (1500-80), if you have
a PPPoE connection with a MTU of 1492 you might try setting the WG MTU to 1412
(1500-8-80) or lower to test.
>>>>
>>>> I'm testing a 4G-LTE/5G fixed wireless internet service from T-Mobile,
they use Carrier Grade NAT (CGNAT) for IPv4 which lowers the MTU to 1420 (just
like WG) so WG needs a MTU setting of 1340 to work over the CGNAT or else it
hangs.
>>>>
>>>> Lonnie
>>>>
>>>>
>>>>
>>>>
>>>>> On Mar 19, 2021, at 3:42 PM, Michael Knill
<michael.kn...@ipcsolutions.com.au> wrote:
>>>>>
>>>>> Hi Group
>>>>>
>>>>> Not sure if anyone else is experiencing this. I'm on 1.3.10 and all
my systems connect via Wireguard VPN to both my softswitches.
>>>>> Its generally all pretty stable but occasionally one of the VPN’s
will be disconnected and I have tried everything I can think of to bring it
back up but only a reboot has managed to do so at this stage.
>>>>> Any ideas?
>>>>>
>>>>> Regards
>>>>> Michael Knill
>>>>> _______________________________________________
>>>>> Astlinux-users mailing list
>>>>> Astlinux-users@lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>>>>
>>>>> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Astlinux-users mailing list
>>>> Astlinux-users@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>>>
>>>> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
>>>>
>>>>
>>>> _______________________________________________
>>>> Astlinux-users mailing list
>>>> Astlinux-users@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>>>
>>>> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
>>>
>>>
>>>
>>> _______________________________________________
>>> Astlinux-users mailing list
>>> Astlinux-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>>
>>> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
>>>
>>>
>>> _______________________________________________
>>> Astlinux-users mailing list
>>> Astlinux-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>>
>>> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
>>
>>
>>
>> _______________________________________________
>> Astlinux-users mailing list
>> Astlinux-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>
>> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
>>
>>
>> _______________________________________________
>> Astlinux-users mailing list
>> Astlinux-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>
>> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
>>
>>
>> _______________________________________________
>> Astlinux-users mailing list
>> Astlinux-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>
>> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
>
>
>
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal
to pay...@krisk.org.
>
>
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
>
>
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
