WireGuard Archive on lore.kernel.org
 help / color / Atom feed
From: "Hendrik Friedel" <hendrik@friedels.name>
To: "Laszlo KERTESZ" <laszlo.kertesz@gmail.com>,
	"Ivan Labáth" <labawi-wg@matrix-dream.net>
Cc: wireguard@lists.zx2c4.com
Subject: Re[2]: Keep-alive does not keep the connection alive
Date: Wed, 28 Aug 2019 06:25:15 +0000
Message-ID: <em05f3a9de-8e41-4353-affa-3fb52e65cda8@ryzen> (raw)
In-Reply-To: <CANcuY=oE9L_sm1b_JJV4_fv+ABLx9ZbTeXXzijkiLw-b=CxkMQ@mail.gmail.com>

[-- Attachment #1.1: Type: text/plain, Size: 3469 bytes --]

Hello,

that seems not to be the intended behaviour:
If I understand correctly, the current behaviour is:

At tunnel start the IP is resolved
This IP is used for ever, namingly for re-connects.


The probably intended behaviour would be:

At tunnel start and at any re-connect the IP is resolved.


Do you agree that this behaviour should be changed?
Apart from that: Can you suggest an automatable workaround?

Regards,
Hendrik

------ Originalnachricht ------
Von: "Laszlo KERTESZ" <laszlo.kertesz@gmail.com>
An: "Ivan Labáth" <labawi-wg@matrix-dream.net>
Cc: "Hendrik Friedel" <hendrik@friedels.name>; wireguard@lists.zx2c4.com
Gesendet: 28.08.2019 08:17:32
Betreff: Re: Keep-alive does not keep the connection alive

>I too use a server with dynamic ip. And the clients (Android, Linux) 
>tend to lose connectivity permanently if the server's ip changes. With 
>or without keepalive.
>
>The dynamic ip's dns entries are updated almost instantly when the ip 
>changes so this is not dns related. Wireguard does not try to re 
>establish connection, it keeps using the server ip acquired at the 
>tunnel's start. Only way around this is restarting the interface.
>
>On Mon, Aug 26, 2019, 21:08 Ivan Labáth <labawi-wg@matrix-dream.net> 
>wrote:
>>Hello,
>>
>>I notice you are using dynamic ips for server.
>>On the client, is the server peer ip correct?
>>
>>Regards,
>>Ivan
>>
>>On Sun, Aug 25, 2019 at 06:44:53PM +0000, Hendrik Friedel wrote:
>> > Hello,
>> >
>> > thanks for your reply.
>> > It is linux (Kernel 5.x) in both cases.
>> >
>> > Regards,
>> > Hendrik
>> >
>> > ------ Originalnachricht ------
>> > Von: "Vasili Pupkin" <diggest@gmail.com>
>> > An: "Hendrik Friedel" <hendrik@friedels.name>
>> > Cc: wireguard@lists.zx2c4.com
>> > Gesendet: 25.08.2019 17:59:59
>> > Betreff: Re: Keep-alive does not keep the connection alive
>> >
>> > >What OS is running on client side? I have this issue on Win7 
>>client,
>> > >can explain it further, it has nothing to do with keepalives 
>>though,
>> > >it is a bug in tun adapter implementation
>> > >
>> > >On Sun, Aug 25, 2019 at 6:38 PM Hendrik Friedel 
>><hendrik@friedels.name> wrote:
>> > >>  I have a setup in which the Server IP is known, whereas the 
>>Client IP is changing. Thus, I rely on the Client to connect to the 
>>Server. I want the Client to keep the connection alive all the time 
>>though, so that the Server can also initiate a connection to the 
>>Server when needed. Both, client and server are behind a NAT/Router.
>> > >>  I would think, that the "PersistentKeepalive = 25" on the Client 
>>would ckeep the connection open. The connection works fine while used. 
>>But after a while, I cannot connect from the Server to the client 
>>anymore.
>> > >>  I would assume that a ping from the Client to the IP of the 
>>endpoint would help to re-alive the connection - but it does not.
>> > >>
>> > >>  Only after a wg-quick down and up all is fine again.
>> > >>
>> > >>  Below some more information.
>> > >>
>> > >>  Can you help me to find, what I am doing wrong?
>> >
>> > _______________________________________________
>> > WireGuard mailing list
>> > WireGuard@lists.zx2c4.com
>> > https://lists.zx2c4.com/mailman/listinfo/wireguard
>>_______________________________________________
>>WireGuard mailing list
>>WireGuard@lists.zx2c4.com
>>https://lists.zx2c4.com/mailman/listinfo/wireguard

[-- Attachment #1.2: Type: text/html, Size: 5865 bytes --]

<html><head><style id="css_styles" type="text/css">blockquote.cite { margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc }
blockquote.cite2 {margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc; margin-top: 3px; padding-top: 0px; }
a img { border: 0px; }
li[style='text-align: center;'], li[style='text-align: right;'] {  list-style-position: inside;}
body { font-family: Segoe UI; font-size: 12pt;   }</style></head><body><div>Hello,</div><div><br /></div><div>that seems not to be the intended behaviour:</div><div>If I understand correctly, the current behaviour is:</div><div><br /></div><div>At tunnel start the IP is resolved</div><div>This IP is used for ever, namingly for re-connects.</div><div><br /></div><div><br /></div><div>The probably intended behaviour would be:</div><div><br /></div><div>At tunnel start and at any re-connect the IP is resolved.</div><div><br /></div><div><br /></div><div>Do you agree that this behaviour should be changed? </div><div>Apart from that: Can you suggest an automatable workaround?</div><div><br /></div><div>Regards,</div><div>Hendrik</div>
<div><br /></div>
<div>------ Originalnachricht ------</div>
<div>Von: "Laszlo KERTESZ" &lt;<a href="mailto:laszlo.kertesz@gmail.com">laszlo.kertesz@gmail.com</a>&gt;</div>
<div>An: "Ivan Labáth" &lt;<a href="mailto:labawi-wg@matrix-dream.net">labawi-wg@matrix-dream.net</a>&gt;</div>
<div>Cc: "Hendrik Friedel" &lt;<a href="mailto:hendrik@friedels.name">hendrik@friedels.name</a>&gt;; <a href="mailto:wireguard@lists.zx2c4.com">wireguard@lists.zx2c4.com</a></div>
<div>Gesendet: 28.08.2019 08:17:32</div>
<div>Betreff: Re: Keep-alive does not keep the connection alive</div><div><br /></div>
<div id="x67c9270ef9284da"><blockquote cite="CANcuY=oE9L_sm1b_JJV4_fv+ABLx9ZbTeXXzijkiLw-b=CxkMQ@mail.gmail.com" type="cite" class="cite2">
<div dir="auto">I too use a server with dynamic ip. And the clients (Android, Linux) tend to lose connectivity permanently if the server's ip changes. With or without keepalive.<div dir="auto"><br /></div><div dir="auto">The dynamic ip's dns entries are updated almost instantly when the ip changes so this is not dns related. Wireguard does not try to re establish connection, it keeps using the server ip acquired at the tunnel's start. Only way around this is restarting the interface. </div></div><br /><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Aug 26, 2019, 21:08 Ivan Labáth &lt;<a href="mailto:labawi-wg@matrix-dream.net">labawi-wg@matrix-dream.net</a>&gt; wrote:<br /></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br />
<br />
I notice you are using dynamic ips for server.<br />
On the client, is the server peer ip correct?<br />
<br />
Regards,<br />
Ivan<br />
<br />
On Sun, Aug 25, 2019 at 06:44:53PM +0000, Hendrik Friedel wrote:<br />
&gt; Hello,<br />
&gt; <br />
&gt; thanks for your reply.<br />
&gt; It is linux (Kernel 5.x) in both cases.<br />
&gt; <br />
&gt; Regards,<br />
&gt; Hendrik<br />
&gt; <br />
&gt; ------ Originalnachricht ------<br />
&gt; Von: "Vasili Pupkin" &lt;<a href="mailto:diggest@gmail.com" rel="noreferrer">diggest@gmail.com</a>&gt;<br />
&gt; An: "Hendrik Friedel" &lt;<a href="mailto:hendrik@friedels.name" rel="noreferrer">hendrik@friedels.name</a>&gt;<br />
&gt; Cc: <a href="mailto:wireguard@lists.zx2c4.com" rel="noreferrer">wireguard@lists.zx2c4.com</a><br />
&gt; Gesendet: 25.08.2019 17:59:59<br />
&gt; Betreff: Re: Keep-alive does not keep the connection alive<br />
&gt; <br />
&gt; &gt;What OS is running on client side? I have this issue on Win7 client,<br />
&gt; &gt;can explain it further, it has nothing to do with keepalives though,<br />
&gt; &gt;it is a bug in tun adapter implementation<br />
&gt; &gt;<br />
&gt; &gt;On Sun, Aug 25, 2019 at 6:38 PM Hendrik Friedel &lt;<a href="mailto:hendrik@friedels.name" rel="noreferrer">hendrik@friedels.name</a>&gt; wrote:<br />
&gt; &gt;&gt;  I have a setup in which the Server IP is known, whereas the Client IP is changing. Thus, I rely on the Client to connect to the Server. I want the Client to keep the connection alive all the time though, so that the Server can also initiate a connection to the Server when needed. Both, client and server are behind a NAT/Router.<br />
&gt; &gt;&gt;  I would think, that the "PersistentKeepalive = 25" on the Client would ckeep the connection open. The connection works fine while used. But after a while, I cannot connect from the Server to the client anymore.<br />
&gt; &gt;&gt;  I would assume that a ping from the Client to the IP of the endpoint would help to re-alive the connection - but it does not.<br />
&gt; &gt;&gt;<br />
&gt; &gt;&gt;  Only after a wg-quick down and up all is fine again.<br />
&gt; &gt;&gt;<br />
&gt; &gt;&gt;  Below some more information.<br />
&gt; &gt;&gt;<br />
&gt; &gt;&gt;  Can you help me to find, what I am doing wrong?<br />
&gt; <br />
&gt; _______________________________________________<br />
&gt; WireGuard mailing list<br />
&gt; <a href="mailto:WireGuard@lists.zx2c4.com" rel="noreferrer">WireGuard@lists.zx2c4.com</a><br />
&gt; <a href="https://lists.zx2c4.com/mailman/listinfo/wireguard" rel="noreferrer noreferrer">https://lists.zx2c4.com/mailman/listinfo/wireguard</a><br />
_______________________________________________<br />
WireGuard mailing list<br />
<a href="mailto:WireGuard@lists.zx2c4.com" rel="noreferrer">WireGuard@lists.zx2c4.com</a><br />
<a href="https://lists.zx2c4.com/mailman/listinfo/wireguard" rel="noreferrer noreferrer">https://lists.zx2c4.com/mailman/listinfo/wireguard</a><br />
</blockquote></div>
</blockquote></div>
</body></html>

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

  reply index

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-21 19:13 Hendrik Friedel
     [not found] ` <CANH_QeYQ7hyBG1qK9PJB9E77gggW0NYe70vv8m6Dn=fU5zHQbg@mail.gmail.com>
2019-08-25 18:44   ` Re[2]: " Hendrik Friedel
2019-08-26 18:02     ` Ivan Labáth
2019-08-28  6:06       ` Re[2]: " Hendrik Friedel
2019-08-28  6:17       ` Laszlo KERTESZ
2019-08-28  6:25         ` Hendrik Friedel [this message]
2019-08-28  6:37           ` Re[2]: " Laszlo KERTESZ
2019-08-28  6:54           ` Ivan Labáth
2019-08-28  7:43             ` Laszlo KERTESZ
2019-09-07 10:04             ` Re[2]: " Hendrik Friedel
2019-09-10  9:19               ` Ivan Labáth
2019-09-11 13:28                 ` Vincent Wiemann
2019-10-17 19:03                 ` Re[2]: " Hendrik Friedel
2019-10-20 20:25                   ` Ivan Labáth

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=em05f3a9de-8e41-4353-affa-3fb52e65cda8@ryzen \
    --to=hendrik@friedels.name \
    --cc=labawi-wg@matrix-dream.net \
    --cc=laszlo.kertesz@gmail.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com zx2c4-wireguard@archiver.kernel.org
	public-inbox-index wireguard

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/ public-inbox