On Tue, Jan 8, 2019 at 3:20 AM Muhammad Naseer Bhatti <[email protected]> wrote: > Facing a strange issue with single and sometimes with double NAT with client > running Wireguard with the server on Public IP address. If client remains > idle for long time (more than 15 minutes) NAT table in the route is dropped > for that port combination (at the ISP side) since there is no activity, and > Wireguard does not re-establishes the connection or tries to refresh. I am > not sure why Keep alives set to 30 seconds not working either since if Keep > Alives are set this should not happen. > This should not be the case, if keep-alive is enabled. But note that it is off by default, e.g. man page
The use of persistent-keepalive is optional and is by default off; setting it to 0 or "off" disables it. Otherwise it reprŠµsents, in seconds, between 1 and 65535 inclusive, how often to send an authenticated empty packet to the peer, for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds; however, most users will not need this. What does this command (replace <INTERFACE> with yours) say: wg show <INTERFACE> persistent-keepalive > Is this the desired behavior or am I missing something here? > Do a packet dump/capture and observe that there is indeed traffic (keep-alives) going from the client (wireshark, tcpdump, etc). If you use iptables, you can check packet count going through wg interface. Cheers, Kalin. _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
