Hi Pavel, I also have a VM in OCI, albeit with Oracle Linux and not Ubuntu. It's working without issues. Your PresharedKeys could be at fault based on how you obfuscated them. However, I would look at all the other iptables rules that Oracle made in the VM. They are long and complicated and I believe at some point I just nuked them all.
You might also want to install Wireshark on the client and make a capture when you're having the problem. You can also remove the fd42:42:42:2/128 references and see if that solves the problem. I can imagine switching from ipv4 to ipv6 could cause such a hiccup and I don't actually have ipv6 setup in my config. I'd also ensure you're not using Oracle's NAT feature for your VM as theirs is not a NAT you can run Wireguard behind. Hopefully one of these suggestions will help! Best regards, Alan On Mon, Jun 27, 2022 at 4:07 AM Pavel Yegorov <[email protected]> wrote: > > Hey folks! > > I really need some advice, cause I just don't know how to deal with my > problem. > > So, I have a WG "server" on ubuntu 18.04.6 LTS, hosted in the oracle > free tier. I've installed wireguard using well-known > https://github.com/angristan/wireguard-install script. Then I've > generated several configs for my desktops, phones, etc. It connects > and runs perfectly, but sometimes it just freezes for no reason. > There's no connectivity issues or something like that. Logs on client > side says something like that: > > 2022-06-21 03:01:01.845: [TUN] [win] Keypair 17 created for peer 1 > 2022-06-21 03:01:01.846: [TUN] [win] Sending keepalive packet to peer > 1 (SERVER_IP:SERVER_PORT) > 2022-06-21 03:03:01.822: [TUN] [win] Sending handshake initiation to > peer 1 (SERVER_IP:SERVER_PORT) > 2022-06-21 03:03:01.884: [TUN] [win] Receiving handshake response from > peer 1 (SERVER_IP:SERVER_PORT) > 2022-06-21 03:03:01.884: [TUN] [win] Keypair 16 destroyed for peer 1 > 2022-06-21 03:03:01.884: [TUN] [win] Keypair 18 created for peer 1 > 2022-06-21 03:03:01.884: [TUN] [win] Sending keepalive packet to peer > 1 (SERVER_IP:SERVER_PORT) > 2022-06-21 03:05:02.058: [TUN] [win] Sending handshake initiation to > peer 1 (SERVER_IP:SERVER_PORT) > 2022-06-21 03:05:02.106: [TUN] [win] Receiving handshake response from > peer 1 (SERVER_IP:SERVER_PORT) > 2022-06-21 03:05:02.106: [TUN] [win] Keypair 17 destroyed for peer 1 > 2022-06-21 03:05:02.106: [TUN] [win] Keypair 19 created for peer 1 > 2022-06-21 03:05:02.106: [TUN] [win] Sending keepalive packet to peer > 1 (SERVER_IP:SERVER_PORT) > 2022-06-21 03:06:21.302: [TUN] [win] Retrying handshake with peer 1 > (SERVER_IP:SERVER_PORT) because we stopped hearing back after 15 > seconds > 2022-06-21 03:06:21.302: [TUN] [win] Sending handshake initiation to > peer 1 (SERVER_IP:SERVER_PORT) > 2022-06-21 03:06:26.423: [TUN] [win] Handshake for peer 1 > (SERVER_IP:SERVER_PORT) did not complete after 5 seconds, retrying > (try 2) > 2022-06-21 03:06:26.423: [TUN] [win] Sending handshake initiation to > peer 1 (SERVER_IP:SERVER_PORT) > 2022-06-21 03:06:31.471: [TUN] [win] Handshake for peer 1 > (SERVER_IP:SERVER_PORT) did not complete after 5 seconds, retrying > (try 3) > 2022-06-21 03:06:31.473: [TUN] [win] Sending handshake initiation to > peer 1 (SERVER_IP:SERVER_PORT) > 2022-06-21 03:06:36.517: [TUN] [win] Handshake for peer 1 > (SERVER_IP:SERVER_PORT) did not complete after 5 seconds, retrying > (try 4) > > If I reconnect WG client, it immediately connects and everything is ok. > > Any advices? I tried to experiment with PersistentKeepAlive param (on > both sides!) that doesn't change anything. > > My server cfg: > > [Interface] > Address = 10.66.66.1/24,fd42:42:42::1/64 > ListenPort = SERVER_PORT > PrivateKey = M?????Uyg4r3mo= > > PostUp = iptables -I FORWARD -i ens3 -o wg0 -j ACCEPT; iptables -I > FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j > MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A > POSTROUTING -o ens3 -j MASQUERADE; sudo iptables -I INPUT -i ens3 -p > udp --dport SERVER_PORT -m state --state NEW,ESTABLISHED -j ACCEPT > PostDown = iptables -D FORWARD -i ens3 -o wg0 -j ACCEPT; iptables -D > FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j > MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D > POSTROUTING -o ens3 -j MASQUERADE; sudo iptables -D INPUT -i ens3 -p > udp --dport SERVER_PORT -m state --state NEW,ESTABLISHED -j ACCEPT > > ### Client iphone > [Peer] > PublicKey = 0+V???????4HnM= > PresharedKey = s???????amJCxJyqcE= > AllowedIPs = 10.66.66.2/32,fd42:42:42::2/128 > > ### Client mac > [Peer] > PublicKey = Tet4??????mI= > PresharedKey = Ld???r8= > AllowedIPs = 10.66.66.3/32,fd42:42:42::3/128 > > My client cfg > > [Interface] > PrivateKey = 4Bp????= > Address = 10.66.66.2/32,fd42:42:42::2/128 > DNS = 8.8.8.8,1.1.1.1 > > [Peer] > PublicKey = 5R?????c= > PresharedKey = sY????E= > Endpoint = SERVER_IP:SERVER_PORT > AllowedIPs = 0.0.0.0/0,::/0 > > some stats > > root@oraclevpn:~# wg show all > interface: wg0 > public key: 5R?????c= > private key: (hidden) > listening port: SERVER_PORT > > peer: 0+?????nM= > preshared key: (hidden) > endpoint: 666.666.666.666:11111 > allowed ips: 10.66.66.2/32, fd42:42:42::2/128 > latest handshake: 2 minutes, 2 seconds ago > transfer: 533.52 MiB received, 5.18 GiB sent > > > -- > Pavel Yegorov
