Hello The server needs a peer section for the client, listing the clients public key and the addresses the cliets is alowed to use ( on its interface). Hope this helps
> On 12 Jan 2023, at 01:40, Venkatakrishna S <venk...@instasafe.com> wrote: > > I came across a weird problem when I connect and disconnect > continuously. The handshakes are failing and the wireguard(server) is > generating and destroying key pairs continuously for the client. I > have added the wireguard logs ,client and server configuration below. > Checked the iptable input rules for the client , those are correct. > But the wireguard traffic is blocked. Tried with persistent-keepalive > enabled and disabled. The same conf below works if I do not connect > and disconnect continuously within a short span of time. It starts > working after I stop the wireguard on my client and remove the peer on > the server. Need help as I'm unable to figure out the root cause. > Thanks in advance! > > Server conf : > # interface_server start Created by wrapper @ 2022-12-28 > 17:02:22.645524175 +0000 UTC > [Interface] > Address = 10.0.0.48/26 > ListenPort = 443 > PrivateKey = <privateKey> > PostUp = sysctl -w net.ipv4.ip_forward=1; iptables -t nat -A > POSTROUTING -o eth0 -j MASQUERADE; > PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; > SaveConfig = false > # interface_server end > > > Client conf : > > PrivateKey = <privatekey> > Address = 10.0.0.41/32 > DNS = 8.8.8.8, 8.8.4.4 > [Peer] > PublicKey = <public key> > AllowedIPs = <ip1>, <ip2> , <ip3> , 8.8.8.8/32, 8.8.4.4/32 > Endpoint = endpointip:443 > > > Server Wireguard logs : > > [Wed Jan 11 11:42:21 2023] wireguard: wg0: Sending handshake response > to peer 247 (ip:port) > [Wed Jan 11 11:42:21 2023] wireguard: wg0: Keypair 12666 destroyed for peer > 247 > [Wed Jan 11 11:42:21 2023] wireguard: wg0: Keypair 12667 created for peer 247 > [Wed Jan 11 11:42:26 2023] wireguard: wg0: Receiving handshake > initiation from peer 247 (ip:port) > [Wed Jan 11 11:42:26 2023] wireguard: wg0: Sending handshake response > to peer 247 (ip:port) > [Wed Jan 11 11:42:26 2023] wireguard: wg0: Keypair 12667 destroyed for peer > 247 > [Wed Jan 11 11:42:26 2023] wireguard: wg0: Keypair 12668 created for peer 247 > [Wed Jan 11 11:42:31 2023] wireguard: wg0: Receiving handshake > initiation from peer 247 (ip:port) > [Wed Jan 11 11:42:31 2023] wireguard: wg0: Sending handshake response > to peer 247 (ip:port) > [Wed Jan 11 11:42:31 2023] wireguard: wg0: Keypair 12668 destroyed for peer > 247 > [Wed Jan 11 11:42:31 2023] wireguard: wg0: Keypair 12669 created for peer 247 > [Wed Jan 11 11:42:36 2023] wireguard: wg0: Receiving handshake > initiation from peer 247 (ip:port) > [Wed Jan 11 11:42:36 2023] wireguard: wg0: Sending handshake response > to peer 247 (ip:port) > [Wed Jan 11 11:42:36 2023] wireguard: wg0: Keypair 12669 destroyed for peer > 247 > [Wed Jan 11 11:42:36 2023] wireguard: wg0: Keypair 12670 created for peer 247 > [Wed Jan 11 11:42:41 2023] wireguard: wg0: Receiving handshake > initiation from peer 247 (ip:port) > [Wed Jan 11 11:42:41 2023] wireguard: wg0: Sending handshake response > to peer 247 (ip:port) > [Wed Jan 11 11:42:41 2023] wireguard: wg0: Keypair 12670 destroyed for peer > 247 > [Wed Jan 11 11:42:41 2023] wireguard: wg0: Keypair 12671 created for peer 247 > [Wed Jan 11 11:42:46 2023] wireguard: wg0: Receiving handshake > initiation from peer 247 (ip:port) > [Wed Jan 11 11:42:46 2023] wireguard: wg0: Sending handshake response > to peer 247 (ip:port) > [Wed Jan 11 11:42:46 2023] wireguard: wg0: Keypair 12671 destroyed for peer > 247 > [Wed Jan 11 11:42:46 2023] wireguard: wg0: Keypair 12672 created for peer 247 > [Wed Jan 11 11:42:51 2023] wireguard: wg0: Receiving handshake > initiation from peer 247 (ip:port) > [Wed Jan 11 11:42:51 2023] wireguard: wg0: Sending handshake response > to peer 247 (ip:port) > [Wed Jan 11 11:42:51 2023] wireguard: wg0: Keypair 12672 destroyed for peer > 247 > [Wed Jan 11 11:42:51 2023] wireguard: wg0: Keypair 12673 created for peer 247 > > > Client Logs : > > 2023-01-11 17:10:28.493: [TUN] [ZTNATunnelService] Sending handshake > initiation to peer 7 (endpoint:port) > 2023-01-11 17:10:33.601: [TUN] [ZTNATunnelService] Handshake for peer > 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2) > 2023-01-11 17:10:33.601: [TUN] [ZTNATunnelService] Sending handshake > initiation to peer 7 (endpoint:port) > 2023-01-11 17:10:38.616: [TUN] [ZTNATunnelService] Handshake for peer > 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2) > 2023-01-11 17:10:38.616: [TUN] [ZTNATunnelService] Sending handshake > initiation to peer 7 (endpoint:port) > 2023-01-11 17:10:43.637: [TUN] [ZTNATunnelService] Handshake for peer > 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2) > 2023-01-11 17:10:43.637: [TUN] [ZTNATunnelService] Sending handshake > initiation to peer 7 (endpoint:port) > 2023-01-11 17:10:48.699: [TUN] [ZTNATunnelService] Handshake for peer > 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2) > 2023-01-11 17:10:48.699: [TUN] [ZTNATunnelService] Sending handshake > initiation to peer 7 (endpoint:port) > 2023-01-11 17:10:53.781: [TUN] [ZTNATunnelService] Handshake for peer > 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2) > 2023-01-11 17:10:53.781: [TUN] [ZTNATunnelService] Sending handshake > initiation to peer 7 (endpoint:port) > 2023-01-11 17:10:58.835: [TUN] [ZTNATunnelService] Handshake for peer > 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2) > 2023-01-11 17:10:58.835: [TUN] [ZTNATunnelService] Sending handshake > initiation to peer 7 (endpoint:port) > 2023-01-11 17:11:03.922: [TUN] [ZTNATunnelService] Handshake for peer > 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2) > 2023-01-11 17:11:03.922: [TUN] [ZTNATunnelService] Sending handshake > initiation to peer 7 (endpoint:port) > 2023-01-11 17:11:08.968: [TUN] [ZTNATunnelService] Handshake for peer > 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2) > 2023-01-11 17:11:08.968: [TUN] [ZTNATunnelService] Sending handshake > initiation to peer 7 (endpoint:port) > 2023-01-11 17:11:14.079: [TUN] [ZTNATunnelService] Handshake for peer > 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2) > 2023-01-11 17:11:14.079: [TUN] [ZTNATunnelService] Sending handshake > initiation to peer 7 (endpoint:port) > 2023-01-11 17:11:19.183: [TUN] [ZTNATunnelService] Handshake for peer > 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2) > 2023-01-11 17:11:19.183: [TUN] [ZTNATunnelService] Sending handshake > initiation to peer 7 (endpoint:port) > 2023-01-11 17:11:24.196: [TUN] [ZTNATunnelService] Handshake for peer > 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2) > 2023-01-11 17:11:24.196: [TUN] [ZTNATunnelService] Sending handshake > initiation to peer 7 (endpoint:port) > 2023-01-11 17:11:29.345: [TUN] [ZTNATunnelService] Handshake for peer > 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2) > 2023-01-11 17:11:29.345: [TUN] [ZTNATunnelService] Sending handshake > initiation to peer 7 (endpoint:port) > 2023-01-11 17:11:34.360: [TUN] [ZTNATunnelService] Sending handshake > initiation to peer 7 (endpoint:port) > 2023-01-11 17:11:39.376: [TUN] [ZTNATunnelService] Handshake for peer > 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2) > 2023-01-11 17:11:39.376: [TUN] [ZTNATunnelService] Sending handshake > initiation to peer 7 (endpoint:port) > 2023-01-11 17:11:44.537: [TUN] [ZTNATunnelService] Handshake for peer > 7 (endpoint:port) did not complete after 5 seconds, retrying (try 2) > 2023-01-11 17:11:44.537: [TUN] [ZTNATunnelService] Sending handshake > initiation to peer 7 (endpoint:port)