* wireguard looses internet connection intermittently.
@ 2020-02-07 14:52 Kunal Shah
2020-02-08 21:36 ` Jason A. Donenfeld
0 siblings, 1 reply; 4+ messages in thread
From: Kunal Shah @ 2020-02-07 14:52 UTC (permalink / raw)
To: WireGuard
[-- Attachment #1.1: Type: text/plain, Size: 1986 bytes --]
Hello All,
Just started with wireguard and installation went smoothly. I am planning
to setup wireguard on gcp linux server and connect my ubuntu laptop to use
GCP server as vpn server. Primary requirement is to use GCP server as vpn
server while traveling.
I have got partial success with my setup. I am able to browse few sites and
not able to browse few more. They are very popular sites. For example, I am
able to go to www.yahoo.com but gmail.google.com I get error message that
site took too long to respond.
I have opened udp port 51840 inbound to my GCP server.
My client side (ubuntu laptop)
[Interface]
PrivateKey = <ubuntu laptop privkey>
Address = 192.168.1.2
DNS = 8.8.8.8
[Peer]
PublicKey = <gcp server pubkey>ystemctl start wg-quick@wg0
Endpoint = <gcp server's public ip>:51840
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25
My server (GCP)
[Interface]
Address = 192.168.1.1
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j
ACCEPT; iptables -t nat -A POSTROUTING -o ens4 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i
-j ACCEPT; iptables -t nat -D POSTROUTING -o ens4 -j MASQUERADE
ListenPort = 51840
PrivateKey = <gcp server priv key>
[Peer]
PublicKey = <ubuntu laptop public key>
AllowedIPs = 192.168.1.2/32
with this configuration if I start wireguard on both system using systemctl
start wg-quick@wg0 , I am able to ping 192.168.1.1 from 192.168.1.2 without
any packet drop. However, if I browse through chrome or firefox, for few
sites it gives me error like site took too long to respond. On the same
browser if I try few more sites, they work. Same time when it does not work
from browser, if I ping the site, I get the dns resolved and response for
the ping.
I am not able to troubleshoot further., Are there any other logs I can
refer to? Any idea what could have gone wrong? Has anyone faced this issue
before?
Thanks in advanced for the help.
Kunal Shah
[-- Attachment #1.2: Type: text/html, Size: 3929 bytes --]
[-- Attachment #2: Type: text/plain, Size: 148 bytes --]
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: wireguard looses internet connection intermittently.
2020-02-07 14:52 wireguard looses internet connection intermittently Kunal Shah
@ 2020-02-08 21:36 ` Jason A. Donenfeld
2020-02-09 5:25 ` Kunal Shah
0 siblings, 1 reply; 4+ messages in thread
From: Jason A. Donenfeld @ 2020-02-08 21:36 UTC (permalink / raw)
To: kunalv.shah; +Cc: WireGuard mailing list
GCP uses an MTU of 1460 because Google's network does weird things.
That means the MTU for WireGuard should be 1380. On the GCP box, try
adding `MTU=1380` to your config and add this line to PostUp: `
; iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j
TCPMSS --clamp-mss-to-pmtu`
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: wireguard looses internet connection intermittently.
2020-02-08 21:36 ` Jason A. Donenfeld
@ 2020-02-09 5:25 ` Kunal Shah
2020-02-09 6:47 ` Kunal Shah
0 siblings, 1 reply; 4+ messages in thread
From: Kunal Shah @ 2020-02-09 5:25 UTC (permalink / raw)
To: Jason A. Donenfeld; +Cc: WireGuard mailing list
[-- Attachment #1.1: Type: text/plain, Size: 1090 bytes --]
Hi Jason,
Thanks for your response. After the changes you suggested, It still gives
me the same problem. Now my GCP server wireguard configuration looks like
this.
[Interface]
Address = 192.168.1.1
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j
ACCEPT; iptables -t nat -A POSTROUTING -o ens4 -j MASQUERADEi;iptables -t
mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
--clamp-mss-to-pmtu
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i
-j ACCEPT; iptables -t nat -D POSTROUTING -o ens4 -j MASQUERADE
ListenPort = 51840
PrivateKey = <private key>
MTU=1380
[Peer]
PublicKey = <public key>
AllowedIPs = 192.168.1.2/32
On Sun, 9 Feb 2020 at 03:06, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> GCP uses an MTU of 1460 because Google's network does weird things.
> That means the MTU for WireGuard should be 1380. On the GCP box, try
> adding `MTU=1380` to your config and add this line to PostUp: `
> ; iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j
> TCPMSS --clamp-mss-to-pmtu`
>
[-- Attachment #1.2: Type: text/html, Size: 1852 bytes --]
[-- Attachment #2: Type: text/plain, Size: 148 bytes --]
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: wireguard looses internet connection intermittently.
2020-02-09 5:25 ` Kunal Shah
@ 2020-02-09 6:47 ` Kunal Shah
0 siblings, 0 replies; 4+ messages in thread
From: Kunal Shah @ 2020-02-09 6:47 UTC (permalink / raw)
To: Jason A. Donenfeld; +Cc: WireGuard mailing list
[-- Attachment #1.1: Type: text/plain, Size: 1426 bytes --]
I think I found the problem, there is a typo in my iptable command. While
editing with vi, I may have added additional i in the end of MASQUERADE. I
removed it and restarted it. Now I am monitoring for issues.
On Sun, 9 Feb 2020 at 10:55, Kunal Shah <kunalv.shah@gmail.com> wrote:
> Hi Jason,
>
> Thanks for your response. After the changes you suggested, It still gives
> me the same problem. Now my GCP server wireguard configuration looks like
> this.
>
> [Interface]
> Address = 192.168.1.1
> SaveConfig = true
> PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j
> ACCEPT; iptables -t nat -A POSTROUTING -o ens4 -j MASQUERADEi;iptables -t
> mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
> --clamp-mss-to-pmtu
> PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i
> -j ACCEPT; iptables -t nat -D POSTROUTING -o ens4 -j MASQUERADE
> ListenPort = 51840
> PrivateKey = <private key>
> MTU=1380
>
> [Peer]
> PublicKey = <public key>
> AllowedIPs = 192.168.1.2/32
>
> On Sun, 9 Feb 2020 at 03:06, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
>> GCP uses an MTU of 1460 because Google's network does weird things.
>> That means the MTU for WireGuard should be 1380. On the GCP box, try
>> adding `MTU=1380` to your config and add this line to PostUp: `
>> ; iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j
>> TCPMSS --clamp-mss-to-pmtu`
>>
>
[-- Attachment #1.2: Type: text/html, Size: 2433 bytes --]
[-- Attachment #2: Type: text/plain, Size: 148 bytes --]
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-02-14 10:58 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-07 14:52 wireguard looses internet connection intermittently Kunal Shah
2020-02-08 21:36 ` Jason A. Donenfeld
2020-02-09 5:25 ` Kunal Shah
2020-02-09 6:47 ` Kunal Shah
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).