> Ah so it was just wg0 that you cant do this for? There is only wg0 for the standard WG configuration.
Not sure what you are asking. Lonnie > On May 23, 2021, at 8:25 PM, Michael Knill > <michael.kn...@ipcsolutions.com.au> wrote: > > Ah so it was just wg0 that you cant do this for? > > Regards > Michael Knill > > On 24/5/21, 9:31 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote: > > >> On May 23, 2021, at 5:42 PM, Michael Knill >> <michael.kn...@ipcsolutions.com.au> wrote: >> >> Just thinking about it, I don't think I ever tried a Reload as I thought a >> Restart would effectively do the same thing. Interesting that it appears to >> not be the case. > > "Restart" always works, destroys wg0 and builds it again, restarts the > firewall, etc., but effects active WG tunnels and some may stall for 20 > seconds during the process. > > "Reload" is optimized to not effect active WG tunnels and only apply > add/remove/edits to the peers. Very quick. > > >> PS is there anything I can do to restart a NIC e.g. drop link and bring up >> again? I have had some issues with Wireguard when behind a firewall that >> this fixes, albeit possibly breaking other things? >> Note the problem is actually the firewall not Wireguard and dropping the >> link clears the firewall translation table so it then works. > > Example: toggle "eth0" link > -- > ip link set dev eth0 down > sleep 4 > ip link set dev eth0 up > -- > Test to make sure it works as expected. > > In AstLinux pulling the network cable and re-inserting it should always > work, the above should do the same from inside. > > > Lonnie > > > >> Regards >> Michael Knill >> >> On 24/5/21, 7:42 am, "Michael Knill" <michael.kn...@ipcsolutions.com.au> >> wrote: >> >> Thanks Lonnie. I will test this next time >> >> Regards >> Michael Knill >> >> On 23/5/21, 10:29 pm, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote: >> >> Hi Michael, >> >> There is a discussion over on the WireGuard mailing list [1], with a >> similar situation as you describe. >> >> A reporter suggests the equivalent of AstLinux "Reload WireGuard VPN" >> (not Restart) fixes things. Though it would seem a DNS endpoint was >> changing and causing loss of WG connection in the [1] discussion. Not >> exactly the same as you describe. >> >> Bottom line, to answer your question, it is always "safe" to issue >> "Reload WireGuard VPN" via the web interface and not disrupt any active WG >> connections. Or from the command line: >> -- >> service wireguard reload >> -- >> >> Again, NEVER do: >> -- >> service network restart >> -- and/or -- >> ip link set dev wg0 down && ip link set dev wg0 up >> -- >> as that will cause problems only a reboot can fix. >> >> >> Back to your issue, I would take David Kerr's advice and add >> "PersistentKeepalive = 25" to the troublesome peer and see if that makes a >> difference. >> >> >> Lonnie >> >> [1] https://lists.zx2c4.com/pipermail/wireguard/2021-May/006761.html >> >> >> >> >>> On May 18, 2021, at 4:27 PM, Michael Knill >>> <michael.kn...@ipcsolutions.com.au> wrote: >>> >>> Hmm same problem again with two of my sites. >>> Only one of the two Wireguard VPN's are down. I have tried the following: >>> arno-iptables-firewall restart >>> service network restart >>> pppoe-restart >>> ip link set dev wg0 down & ip link set dev wg0 up >>> >>> All to no avail. Any other ideas before I reboot? >>> PS there is no failover configured for this site so I don't think MTU is >>> the issue. >>> >>> Regards >>> Michael Knill >>> >>> On 20/3/21, 2:09 pm, "Michael Knill" <michael.kn...@ipcsolutions.com.au> >>> wrote: >>> >>> Thanks. Guess I will need to test it out. >>> >>> Regards >>> Michael Knill >>> >>> On 20/3/21, 2:03 pm, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote: >>> >>> While playing with the WG MTU, it seemed to work with only setting one >>> end and the tunnel used the smallest, but I played it safe and set >>> everything to 1340. >>> >>> It would be good to know what the precise answer is. >>> >>> Lonnie >>> >>> >>>> On Mar 19, 2021, at 9:57 PM, Michael Knill >>>> <michael.kn...@ipcsolutions.com.au> wrote: >>>> >>>> Thanks Lonnie. >>>> >>>> PS I was just thinking (dangerous I know). I would need to set it on both >>>> ends so do you think there would there be any issues with different MTU's >>>> at each end? >>>> Ultimately it would be the same eventually but there would be a migration >>>> period. >>>> >>>> Regards >>>> Michael Knill >>>> >>>> On 20/3/21, 1:41 pm, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote: >>>> >>>> I haven't seen any issues with a WG MTU of 1340, yet anyway. >>>> >>>> Lonnie >>>> >>>> >>>>> On Mar 19, 2021, at 9:29 PM, Michael Knill >>>>> <michael.kn...@ipcsolutions.com.au> wrote: >>>>> >>>>> Thanks Lonnie >>>>> >>>>> Hmm that may have something to do with it. Might also be when it fails >>>>> over to 4G. >>>>> As most of my VPN's carry voice only, I think a standard MTU of 1340 for >>>>> all my systems should be fine. What do you think? >>>>> >>>>> Regards >>>>> Michael Knill >>>>> >>>>> On 20/3/21, 10:40 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote: >>>>> >>>>> Hi Michael, >>>>> >>>>> I have not experienced anything like that, WireGuard connectivity is rock >>>>> solid for me. >>>>> >>>>> I don't recall later WireGuard versions having any fixes for what you are >>>>> describing. >>>>> >>>>> Just guessing, the standard MTU for WG is 1420 (1500-80), if you have a >>>>> PPPoE connection with a MTU of 1492 you might try setting the WG MTU to >>>>> 1412 (1500-8-80) or lower to test. >>>>> >>>>> I'm testing a 4G-LTE/5G fixed wireless internet service from T-Mobile, >>>>> they use Carrier Grade NAT (CGNAT) for IPv4 which lowers the MTU to 1420 >>>>> (just like WG) so WG needs a MTU setting of 1340 to work over the CGNAT >>>>> or else it hangs. >>>>> >>>>> Lonnie >>>>> >>>>> >>>>> >>>>> >>>>>> On Mar 19, 2021, at 3:42 PM, Michael Knill >>>>>> <michael.kn...@ipcsolutions.com.au> wrote: >>>>>> >>>>>> Hi Group >>>>>> >>>>>> Not sure if anyone else is experiencing this. I'm on 1.3.10 and all my >>>>>> systems connect via Wireguard VPN to both my softswitches. >>>>>> Its generally all pretty stable but occasionally one of the VPN’s will >>>>>> be disconnected and I have tried everything I can think of to bring it >>>>>> back up but only a reboot has managed to do so at this stage. >>>>>> Any ideas? >>>>>> >>>>>> Regards >>>>>> Michael Knill >>>>>> _______________________________________________ >>>>>> Astlinux-users mailing list >>>>>> Astlinux-users@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>>>> >>>>>> Donations to support AstLinux are graciously accepted via PayPal to >>>>>> pay...@krisk.org. >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Astlinux-users mailing list >>>>> Astlinux-users@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>>> >>>>> Donations to support AstLinux are graciously accepted via PayPal to >>>>> pay...@krisk.org. >>>>> >>>>> >>>>> _______________________________________________ >>>>> Astlinux-users mailing list >>>>> Astlinux-users@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>>> >>>>> Donations to support AstLinux are graciously accepted via PayPal to >>>>> pay...@krisk.org. >>>> >>>> >>>> >>>> _______________________________________________ >>>> Astlinux-users mailing list >>>> Astlinux-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>> >>>> Donations to support AstLinux are graciously accepted via PayPal to >>>> pay...@krisk.org. >>>> >>>> >>>> _______________________________________________ >>>> Astlinux-users mailing list >>>> Astlinux-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>> >>>> Donations to support AstLinux are graciously accepted via PayPal to >>>> pay...@krisk.org. >>> >>> >>> >>> _______________________________________________ >>> Astlinux-users mailing list >>> Astlinux-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>> >>> Donations to support AstLinux are graciously accepted via PayPal to >>> pay...@krisk.org. >>> >>> >>> _______________________________________________ >>> Astlinux-users mailing list >>> Astlinux-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>> >>> Donations to support AstLinux are graciously accepted via PayPal to >>> pay...@krisk.org. >>> >>> >>> _______________________________________________ >>> Astlinux-users mailing list >>> Astlinux-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>> >>> Donations to support AstLinux are graciously accepted via PayPal to >>> pay...@krisk.org. >> >> >> >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. >> >> >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. >> >> >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
