Yes, but test for sure. Lonnie
> On May 23, 2021, at 8:37 PM, Michael Knill > <michael.kn...@ipcsolutions.com.au> wrote: > > You mentioned to not do 'ip link set dev wg0 down && ip link set dev wg0' up > as that will cause problems only a reboot can fix. > But its ok to do: > ip link set dev eth0 down > sleep 4 > ip link set dev eth0 up > ? > > Just confirming. > > Regards > Michael Knill > > On 24/5/21, 11:30 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote: > >> Ah so it was just wg0 that you cant do this for? > > There is only wg0 for the standard WG configuration. > > Not sure what you are asking. > > Lonnie > > >> On May 23, 2021, at 8:25 PM, Michael Knill >> <michael.kn...@ipcsolutions.com.au> wrote: >> >> Ah so it was just wg0 that you cant do this for? >> >> Regards >> Michael Knill >> >> On 24/5/21, 9:31 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote: >> >> >>> On May 23, 2021, at 5:42 PM, Michael Knill >>> <michael.kn...@ipcsolutions.com.au> wrote: >>> >>> Just thinking about it, I don't think I ever tried a Reload as I thought a >>> Restart would effectively do the same thing. Interesting that it appears to >>> not be the case. >> >> "Restart" always works, destroys wg0 and builds it again, restarts the >> firewall, etc., but effects active WG tunnels and some may stall for 20 >> seconds during the process. >> >> "Reload" is optimized to not effect active WG tunnels and only apply >> add/remove/edits to the peers. Very quick. >> >> >>> PS is there anything I can do to restart a NIC e.g. drop link and bring up >>> again? I have had some issues with Wireguard when behind a firewall that >>> this fixes, albeit possibly breaking other things? >>> Note the problem is actually the firewall not Wireguard and dropping the >>> link clears the firewall translation table so it then works. >> >> Example: toggle "eth0" link >> -- >> ip link set dev eth0 down >> sleep 4 >> ip link set dev eth0 up >> -- >> Test to make sure it works as expected. >> >> In AstLinux pulling the network cable and re-inserting it should always >> work, the above should do the same from inside. >> >> >> Lonnie >> >> >> >>> Regards >>> Michael Knill >>> >>> On 24/5/21, 7:42 am, "Michael Knill" <michael.kn...@ipcsolutions.com.au> >>> wrote: >>> >>> Thanks Lonnie. I will test this next time >>> >>> Regards >>> Michael Knill >>> >>> On 23/5/21, 10:29 pm, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote: >>> >>> Hi Michael, >>> >>> There is a discussion over on the WireGuard mailing list [1], with a >>> similar situation as you describe. >>> >>> A reporter suggests the equivalent of AstLinux "Reload WireGuard VPN" >>> (not Restart) fixes things. Though it would seem a DNS endpoint was >>> changing and causing loss of WG connection in the [1] discussion. Not >>> exactly the same as you describe. >>> >>> Bottom line, to answer your question, it is always "safe" to issue >>> "Reload WireGuard VPN" via the web interface and not disrupt any active WG >>> connections. Or from the command line: >>> -- >>> service wireguard reload >>> -- >>> >>> Again, NEVER do: >>> -- >>> service network restart >>> -- and/or -- >>> ip link set dev wg0 down && ip link set dev wg0 up >>> -- >>> as that will cause problems only a reboot can fix. >>> >>> >>> Back to your issue, I would take David Kerr's advice and add >>> "PersistentKeepalive = 25" to the troublesome peer and see if that makes a >>> difference. >>> >>> >>> Lonnie >>> >>> [1] https://lists.zx2c4.com/pipermail/wireguard/2021-May/006761.html >>> >>> >>> >>> >>>> On May 18, 2021, at 4:27 PM, Michael Knill >>>> <michael.kn...@ipcsolutions.com.au> wrote: >>>> >>>> Hmm same problem again with two of my sites. >>>> Only one of the two Wireguard VPN's are down. I have tried the following: >>>> arno-iptables-firewall restart >>>> service network restart >>>> pppoe-restart >>>> ip link set dev wg0 down & ip link set dev wg0 up >>>> >>>> All to no avail. Any other ideas before I reboot? >>>> PS there is no failover configured for this site so I don't think MTU is >>>> the issue. >>>> >>>> Regards >>>> Michael Knill >>>> >>>> On 20/3/21, 2:09 pm, "Michael Knill" <michael.kn...@ipcsolutions.com.au> >>>> wrote: >>>> >>>> Thanks. Guess I will need to test it out. >>>> >>>> Regards >>>> Michael Knill >>>> >>>> On 20/3/21, 2:03 pm, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote: >>>> >>>> While playing with the WG MTU, it seemed to work with only setting one >>>> end and the tunnel used the smallest, but I played it safe and set >>>> everything to 1340. >>>> >>>> It would be good to know what the precise answer is. >>>> >>>> Lonnie >>>> >>>> >>>>> On Mar 19, 2021, at 9:57 PM, Michael Knill >>>>> <michael.kn...@ipcsolutions.com.au> wrote: >>>>> >>>>> Thanks Lonnie. >>>>> >>>>> PS I was just thinking (dangerous I know). I would need to set it on both >>>>> ends so do you think there would there be any issues with different MTU's >>>>> at each end? >>>>> Ultimately it would be the same eventually but there would be a migration >>>>> period. >>>>> >>>>> Regards >>>>> Michael Knill >>>>> >>>>> On 20/3/21, 1:41 pm, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote: >>>>> >>>>> I haven't seen any issues with a WG MTU of 1340, yet anyway. >>>>> >>>>> Lonnie >>>>> >>>>> >>>>>> On Mar 19, 2021, at 9:29 PM, Michael Knill >>>>>> <michael.kn...@ipcsolutions.com.au> wrote: >>>>>> >>>>>> Thanks Lonnie >>>>>> >>>>>> Hmm that may have something to do with it. Might also be when it fails >>>>>> over to 4G. >>>>>> As most of my VPN's carry voice only, I think a standard MTU of 1340 for >>>>>> all my systems should be fine. What do you think? >>>>>> >>>>>> Regards >>>>>> Michael Knill >>>>>> >>>>>> On 20/3/21, 10:40 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> >>>>>> wrote: >>>>>> >>>>>> Hi Michael, >>>>>> >>>>>> I have not experienced anything like that, WireGuard connectivity is >>>>>> rock solid for me. >>>>>> >>>>>> I don't recall later WireGuard versions having any fixes for what you >>>>>> are describing. >>>>>> >>>>>> Just guessing, the standard MTU for WG is 1420 (1500-80), if you have a >>>>>> PPPoE connection with a MTU of 1492 you might try setting the WG MTU to >>>>>> 1412 (1500-8-80) or lower to test. >>>>>> >>>>>> I'm testing a 4G-LTE/5G fixed wireless internet service from T-Mobile, >>>>>> they use Carrier Grade NAT (CGNAT) for IPv4 which lowers the MTU to 1420 >>>>>> (just like WG) so WG needs a MTU setting of 1340 to work over the CGNAT >>>>>> or else it hangs. >>>>>> >>>>>> Lonnie >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> On Mar 19, 2021, at 3:42 PM, Michael Knill >>>>>>> <michael.kn...@ipcsolutions.com.au> wrote: >>>>>>> >>>>>>> Hi Group >>>>>>> >>>>>>> Not sure if anyone else is experiencing this. I'm on 1.3.10 and all my >>>>>>> systems connect via Wireguard VPN to both my softswitches. >>>>>>> Its generally all pretty stable but occasionally one of the VPN’s will >>>>>>> be disconnected and I have tried everything I can think of to bring it >>>>>>> back up but only a reboot has managed to do so at this stage. >>>>>>> Any ideas? >>>>>>> >>>>>>> Regards >>>>>>> Michael Knill >>>>>>> _______________________________________________ >>>>>>> Astlinux-users mailing list >>>>>>> Astlinux-users@lists.sourceforge.net >>>>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>>>>> >>>>>>> Donations to support AstLinux are graciously accepted via PayPal to >>>>>>> pay...@krisk.org. >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Astlinux-users mailing list >>>>>> Astlinux-users@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>>>> >>>>>> Donations to support AstLinux are graciously accepted via PayPal to >>>>>> pay...@krisk.org. >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Astlinux-users mailing list >>>>>> Astlinux-users@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>>>> >>>>>> Donations to support AstLinux are graciously accepted via PayPal to >>>>>> pay...@krisk.org. >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Astlinux-users mailing list >>>>> Astlinux-users@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>>> >>>>> Donations to support AstLinux are graciously accepted via PayPal to >>>>> pay...@krisk.org. >>>>> >>>>> >>>>> _______________________________________________ >>>>> Astlinux-users mailing list >>>>> Astlinux-users@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>>> >>>>> Donations to support AstLinux are graciously accepted via PayPal to >>>>> pay...@krisk.org. >>>> >>>> >>>> >>>> _______________________________________________ >>>> Astlinux-users mailing list >>>> Astlinux-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>> >>>> Donations to support AstLinux are graciously accepted via PayPal to >>>> pay...@krisk.org. >>>> >>>> >>>> _______________________________________________ >>>> Astlinux-users mailing list >>>> Astlinux-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>> >>>> Donations to support AstLinux are graciously accepted via PayPal to >>>> pay...@krisk.org. >>>> >>>> >>>> _______________________________________________ >>>> Astlinux-users mailing list >>>> Astlinux-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>> >>>> Donations to support AstLinux are graciously accepted via PayPal to >>>> pay...@krisk.org. >>> >>> >>> >>> _______________________________________________ >>> Astlinux-users mailing list >>> Astlinux-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>> >>> Donations to support AstLinux are graciously accepted via PayPal to >>> pay...@krisk.org. >>> >>> >>> _______________________________________________ >>> Astlinux-users mailing list >>> Astlinux-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>> >>> Donations to support AstLinux are graciously accepted via PayPal to >>> pay...@krisk.org. >>> >>> >>> _______________________________________________ >>> Astlinux-users mailing list >>> Astlinux-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>> >>> Donations to support AstLinux are graciously accepted via PayPal to >>> pay...@krisk.org. >> >> >> >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. >> >> >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
