WireGuard Archive on lore.kernel.org
 help / color / Atom feed
* Keep-alive does not keep the connection alive
@ 2019-08-21 19:13 Hendrik Friedel
       [not found] ` <CANH_QeYQ7hyBG1qK9PJB9E77gggW0NYe70vv8m6Dn=fU5zHQbg@mail.gmail.com>
  0 siblings, 1 reply; 14+ messages in thread
From: Hendrik Friedel @ 2019-08-21 19:13 UTC (permalink / raw)
  To: wireguard

[-- Attachment #1.1: Type: text/plain, Size: 2736 bytes --]

Hello,

I have a setup in which the Server IP is known, whereas the Client IP is 
changing. Thus, I rely on the Client to connect to the Server. I want 
the Client to keep the connection alive all the time though, so that the 
Server can also initiate a connection to the Server when needed. Both, 
client and server are behind a NAT/Router.
I would think, that the "PersistentKeepalive = 25" on the Client would 
ckeep the connection open. The connection works fine while used. But 
after a while, I cannot connect from the Server to the client anymore.
I would assume that a ping from the Client to the IP of the endpoint 
would help to re-alive the connection - but it does not.

Only after a wg-quick down and up all is fine again.

Below some more information.

Can you help me to find, what I am doing wrong?

Regards,
Hendrik



At the time of the problem "wg" shows on the Client:
interface: wgnet0
   public key: cebXSxxx=
   private key: (hidden)
   listening port: 60147
   fwmark: 0xca6c

peer:  oNjoixxx=
   endpoint: 92.210.7.177:51820
   allowed ips: 0.0.0.0/0
   latest handshake: 1 day, 7 hours, 44 minutes, 19 seconds ago
   transfer: 48.48 GiB received, 1.22 TiB sent
   persistent keepalive: every 25 seconds


and on the Server
  wg
interface: wgnet0
   public key: oNjoijXxxx=
   private key: (hidden)
   listening port: 51820

peer: cebXSxx=
   endpoint: 185.22.142.254:60147
   allowed ips: 10.192.122.3/32
   latest handshake: 1 day, 7 hours, 46 minutes, 5 seconds ago
   transfer: 67.24 MiB received, 651.37 MiB sent

peer: ZiTlYnxx=
   endpoint: 109.41.65.27:5935
   allowed ips: 10.192.122.2/32
   latest handshake: 2 days, 21 hours, 49 minutes, 25 seconds ago
   transfer: 11.98 MiB received, 127.11 MiB sent


Note the "transfer" being different between the two by far. I show the 
peer "ZiTIY" for completeness only. I do not think that it is relevant.











The Client config:
[Interface]
Address = 10.192.122.3/32
PrivateKey = xx=

[Peer]
PublicKey = yy=
Endpoint = Dyn.IP:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

The Server config:
[Interface]
Address = 10.192.122.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wgnet0 -j ACCEPT; iptables -A FORWARD -o 
wgnet0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wgnet0 -j ACCEPT; iptables -D FORWARD 
-o wgnet0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j 
MASQUERADE
ListenPort = 51820
PrivateKey = aa=

[Peer]
PublicKey = bb=
AllowedIPs = 10.192.122.2/32
Endpoint = hidden:41646

[Peer]
PublicKey = cc=
AllowedIPs = 10.192.122.3/32
Endpoint = hidden:60147





[-- Attachment #1.2: Type: text/html, Size: 4307 bytes --]

<html><head><style>#x8cab70c1932b41039c428c4731604d81{
	font-family:'Segoe UI';
	font-size:12pt;
}</style>

<style id="css_styles">
blockquote.cite { margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc }
blockquote.cite2 {margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc; margin-top: 3px; padding-top: 0px; }
a img { border: 0px; }
li[style='text-align: center;'], li[style='text-align: right;'] {  list-style-position: inside;}
body { font-family: Segoe UI; font-size: 12pt;   }
</style>
</head>
<body>Hello,<div><br /></div><div>I have a setup in which the Server IP is known, whereas the Client IP is changing. Thus, I rely on the Client to connect to the Server. I want the Client to keep the connection alive all the time though, so that the Server can also initiate a connection to the Server when needed. Both, client and server are behind a NAT/Router.</div><div>I would think, that the "PersistentKeepalive = 25" on the Client would ckeep the connection open. The connection works fine while used. But after a while, I cannot connect from the Server to the client anymore.</div><div>I would assume that a ping from the Client to the IP of the endpoint would help to re-alive the connection - but it does not.</div><div><br /></div><div>Only after a wg-quick down and up all is fine again.</div><div><br /></div><div>Below some more information.</div><div><br /></div><div>Can you help me to find, what I am doing wrong?</div><div><br /></div><div>Regards,</div><div>Hendrik</div><div><br /></div><div><br /></div><div><br /></div><div>At the time of the problem "wg" shows on the Client:</div><div>interface: wgnet0<br />  public key: cebXSxxx=<br />  private key: (hidden)<br />  listening port: 60147<br />  fwmark: 0xca6c<br /><br />peer:  oNjoixxx=<br />  endpoint: 92.210.7.177:51820<br />  allowed ips: 0.0.0.0/0<br />  latest handshake: 1 day, 7 hours, 44 minutes, 19 seconds ago<br />  transfer: 48.48 GiB received, 1.22 TiB sent<br />  persistent keepalive: every 25 seconds<br /></div><div><br /></div><div><br /></div><div>and on the Server</div><div> wg<br />interface: wgnet0<br />  public key: oNjoijXxxx=</div><div>  private key: (hidden)<br />  listening port: 51820<br /><br />peer: cebXSxx=<br />  endpoint: 185.22.142.254:60147<br />  allowed ips: 10.192.122.3/32<br />  latest handshake: 1 day, 7 hours, 46 minutes, 5 seconds ago<br />  transfer: 67.24 MiB received, 651.37 MiB sent<br /><br />peer: ZiTlYnxx=<br />  endpoint: 109.41.65.27:5935<br />  allowed ips: 10.192.122.2/32<br />  latest handshake: 2 days, 21 hours, 49 minutes, 25 seconds ago<br />  transfer: 11.98 MiB received, 127.11 MiB sent<br /></div><div><br /></div><div><br /></div><div>Note the "transfer" being different between the two by far. I show the peer "ZiTIY" for completeness only. I do not think that it is relevant.</div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div>The Client config:</div><div>[Interface]</div><div>Address = 10.192.122.3/32</div><div>PrivateKey = xx=</div><div><br /></div><div>[Peer]</div><div>PublicKey = yy=</div><div>Endpoint = Dyn.IP:51820</div><div>AllowedIPs = 0.0.0.0/0</div><div>PersistentKeepalive = 25</div><div><br /></div><div>The Server config:</div><div>[Interface]</div><div>Address = 10.192.122.1/24</div><div>SaveConfig = true</div><div>PostUp = iptables -A FORWARD -i wgnet0 -j ACCEPT; iptables -A FORWARD -o wgnet0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE</div><div>PostDown = iptables -D FORWARD -i wgnet0 -j ACCEPT; iptables -D FORWARD -o wgnet0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE</div><div>ListenPort = 51820</div><div>PrivateKey = aa=</div><div><br /></div><div>[Peer]</div><div>PublicKey = bb=</div><div>AllowedIPs = 10.192.122.2/32</div><div>Endpoint = hidden:41646</div><div><br /></div><div>[Peer]</div><div>PublicKey = cc=</div><div>AllowedIPs = 10.192.122.3/32</div><div>Endpoint = hidden:60147</div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div></body></html>

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 14+ messages in thread

end of thread, back to index

Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-21 19:13 Keep-alive does not keep the connection alive Hendrik Friedel
     [not found] ` <CANH_QeYQ7hyBG1qK9PJB9E77gggW0NYe70vv8m6Dn=fU5zHQbg@mail.gmail.com>
2019-08-25 18:44   ` Re[2]: " Hendrik Friedel
2019-08-26 18:02     ` Ivan Labáth
2019-08-28  6:06       ` Re[2]: " Hendrik Friedel
2019-08-28  6:17       ` Laszlo KERTESZ
2019-08-28  6:25         ` Re[2]: " Hendrik Friedel
2019-08-28  6:37           ` Laszlo KERTESZ
2019-08-28  6:54           ` Ivan Labáth
2019-08-28  7:43             ` Laszlo KERTESZ
2019-09-07 10:04             ` Re[2]: " Hendrik Friedel
2019-09-10  9:19               ` Ivan Labáth
2019-09-11 13:28                 ` Vincent Wiemann
2019-10-17 19:03                 ` Re[2]: " Hendrik Friedel
2019-10-20 20:25                   ` Ivan Labáth

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com
	public-inbox-index wireguard

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git