Hello Josh, > OnApr 23, 2019, at 5:49 AM, Joshua Grimm <[email protected]> > wrote: > > Hey Guys, > > I have used Wireguard for quite some time now and I'm facing a problem. > > every other day one wireguard link stops working. It just stops > accepting traffic: > > root@bladerunner-2:~# ping -c 1 10.0.1.1 > PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data. > > --- 10.0.1.1 ping statistics --- > 1 packets transmitted, 0 received, 100% packet loss, time 0ms > > wg tells me that the link is up and handshakes are still working: > > peer: Q7pO6XUeBKi2dtSZOIyXjpkyUESbvGHfSF7cu1KmD1g= > endpoint: redacted:51820 > allowed ips: 0.0.0.0/0 > latest handshake: 11 seconds ago > transfer: 162.67 GiB received, 8.32 GiB sent > persistent keepalive: every 1 minute > > if I restart the link with > > systemctl restart wg-quick@wg0 > > it works again. > > Here is the relevent part of my config: > > [Interface] > Address = 10.0.1.3 > PrivateKey = redacted > ListenPort = 51820 > Table = off > FwMark = 1234 > > [Peer] > PublicKey = redacted > AllowedIps = 0.0.0.0/0 > Endpoint = redacted:51820 > PersistentKeepalive=60
I’m guessing this is to infrequent for a NAT timer. Try 20 secs and see if it’s any better. > I tried running wireguard in this debug mode with > > echo "module wireguard +p" >/sys/kernel/debug/dynamic_debug/control > > the only messages I get are: > > [677569.105551] wireguard: wg0: Sending handshake initiation to peer 1 > (redacted:51820) > [677569.116744] wireguard: wg0: Receiving handshake response from peer 1 > (redacted:51820) > [677569.116761] wireguard: wg0: Keypair 28551 destroyed for peer 1 > [677569.116765] wireguard: wg0: Keypair 28554 created for peer 1 > [677569.116775] wireguard: wg0: Sending keepalive packet to peer 1 > (redacted:51820) > [677585.105603] wireguard: wg0: Retrying handshake with peer 1 > (redacted:51820) because we stopped hearing back after 15 seconds > [677585.105644] wireguard: wg0: Sending handshake initiation to peer 1 > (redacted:51820) > [677585.112877] wireguard: wg0: Receiving handshake response from peer 1 > (redacted:51820) > [677585.112893] wireguard: wg0: Keypair 28553 destroyed for peer 1 > [677585.112898] wireguard: wg0: Keypair 28555 created for peer 1 > [677585.112907] wireguard: wg0: Sending keepalive packet to peer 1 > (redacted:51820) > Maybe someone familiar with the code can tell us if "Receiving handshake response from peer 1” might be better phrased, "listening for response from peer 1"? --FC > Here are some more details: > > this is a 6 node network with one node acting as gateway, I set the > routes via PreUp/PostUp and remove them via PreDown/PostDown. > > root@bladerunner-2:~# uname -a > Linux bladerunner-2 4.4.0-145-generic #171-Ubuntu SMP Tue Mar 26 > 12:43:40 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux > > root@bladerunner-2:~# ip link show wg0 > 3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state > UNKNOWN mode DEFAULT group default qlen 1 > link/none > > root@bladerunner-2:~# dpkg -l | grep wireguard > ii wireguard-dkms > 0.0.20190406-wg1~xenial all fast, modern, > secure kernel VPN tunnel (DKMS version) > ii wireguard-tools > 0.0.20190406-wg1~xenial amd64 fast, modern, > secure kernel VPN tunnel (userland utilities) > > Please help me debugging this Issue, I'm a big fan of Wireguard and > would love to use it with mode projects > > Have a nice Day, > Joshi > _______________________________________________ > WireGuard mailing list > [email protected] > https://lists.zx2c4.com/mailman/listinfo/wireguard _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
