From: "Hendrik Friedel" <hendrik@friedels.name>
To: wireguard@lists.zx2c4.com
Subject: Keep-alive does not keep the connection alive
Date: Wed, 21 Aug 2019 19:13:59 +0000 [thread overview]
Message-ID: <em08a1734c-6242-4687-b8d8-cf84e0b95ec3@ryzen> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 2736 bytes --]
Hello,
I have a setup in which the Server IP is known, whereas the Client IP is
changing. Thus, I rely on the Client to connect to the Server. I want
the Client to keep the connection alive all the time though, so that the
Server can also initiate a connection to the Server when needed. Both,
client and server are behind a NAT/Router.
I would think, that the "PersistentKeepalive = 25" on the Client would
ckeep the connection open. The connection works fine while used. But
after a while, I cannot connect from the Server to the client anymore.
I would assume that a ping from the Client to the IP of the endpoint
would help to re-alive the connection - but it does not.
Only after a wg-quick down and up all is fine again.
Below some more information.
Can you help me to find, what I am doing wrong?
Regards,
Hendrik
At the time of the problem "wg" shows on the Client:
interface: wgnet0
public key: cebXSxxx=
private key: (hidden)
listening port: 60147
fwmark: 0xca6c
peer: oNjoixxx=
endpoint: 92.210.7.177:51820
allowed ips: 0.0.0.0/0
latest handshake: 1 day, 7 hours, 44 minutes, 19 seconds ago
transfer: 48.48 GiB received, 1.22 TiB sent
persistent keepalive: every 25 seconds
and on the Server
wg
interface: wgnet0
public key: oNjoijXxxx=
private key: (hidden)
listening port: 51820
peer: cebXSxx=
endpoint: 185.22.142.254:60147
allowed ips: 10.192.122.3/32
latest handshake: 1 day, 7 hours, 46 minutes, 5 seconds ago
transfer: 67.24 MiB received, 651.37 MiB sent
peer: ZiTlYnxx=
endpoint: 109.41.65.27:5935
allowed ips: 10.192.122.2/32
latest handshake: 2 days, 21 hours, 49 minutes, 25 seconds ago
transfer: 11.98 MiB received, 127.11 MiB sent
Note the "transfer" being different between the two by far. I show the
peer "ZiTIY" for completeness only. I do not think that it is relevant.
The Client config:
[Interface]
Address = 10.192.122.3/32
PrivateKey = xx=
[Peer]
PublicKey = yy=
Endpoint = Dyn.IP:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
The Server config:
[Interface]
Address = 10.192.122.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wgnet0 -j ACCEPT; iptables -A FORWARD -o
wgnet0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wgnet0 -j ACCEPT; iptables -D FORWARD
-o wgnet0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j
MASQUERADE
ListenPort = 51820
PrivateKey = aa=
[Peer]
PublicKey = bb=
AllowedIPs = 10.192.122.2/32
Endpoint = hidden:41646
[Peer]
PublicKey = cc=
AllowedIPs = 10.192.122.3/32
Endpoint = hidden:60147
[-- Attachment #1.2: Type: text/html, Size: 4307 bytes --]
[-- Attachment #2: Type: text/plain, Size: 148 bytes --]
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
next reply other threads:[~2019-08-25 15:37 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-21 19:13 Hendrik Friedel [this message]
[not found] ` <CANH_QeYQ7hyBG1qK9PJB9E77gggW0NYe70vv8m6Dn=fU5zHQbg@mail.gmail.com>
2019-08-25 18:44 ` Re[2]: Keep-alive does not keep the connection alive Hendrik Friedel
2019-08-26 18:02 ` Ivan Labáth
2019-08-28 6:06 ` Re[2]: " Hendrik Friedel
2019-08-28 6:17 ` Laszlo KERTESZ
2019-08-28 6:25 ` Re[2]: " Hendrik Friedel
2019-08-28 6:37 ` Laszlo KERTESZ
2019-08-28 6:54 ` Ivan Labáth
2019-08-28 7:43 ` Laszlo KERTESZ
2019-09-07 10:04 ` Re[2]: " Hendrik Friedel
2019-09-10 9:19 ` Ivan Labáth
2019-09-11 13:28 ` Vincent Wiemann
2019-10-17 19:03 ` Re[2]: " Hendrik Friedel
2019-10-20 20:25 ` Ivan Labáth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=em08a1734c-6242-4687-b8d8-cf84e0b95ec3@ryzen \
--to=hendrik@friedels.name \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).