<div dir="ltr"><div class="markdown-here-wrapper" style=""><p style="margin:0px 0px 1.2em!important">happened again, link was up a few moments ago, and then no ping …</p>
<pre style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;font-size:1em;line-height:1.2em;margin:1.2em 0px"><code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);border-radius:3px;display:inline;background-color:rgb(248,248,248);white-space:pre;overflow:auto;border-radius:3px;border:1px solid rgb(204,204,204);padding:0.5em 0.7em;display:block!important">[delandtj@rt01 ~]$ sudo wg 
interface: wg0
  public key: Stillthesame=
  private key: Stillthesame=
  listening port: 23123

peer: Stillthesame=
  endpoint: xxx.xxx.xxx.126:17059    #### changed port 
  allowed ips: <a href="http://192.168.251.1/32">192.168.251.1/32</a>
  latest handshake: 1 hour, 58 minutes, 4 seconds ago
  bandwidth: 161.04 MiB received, 5.38 MiB sent
</code></pre><p style="margin:0px 0px 1.2em!important">Then, with </p>
<pre style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;font-size:1em;line-height:1.2em;margin:1.2em 0px"><code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);border-radius:3px;display:inline;background-color:rgb(248,248,248);white-space:pre;overflow:auto;border-radius:3px;border:1px solid rgb(204,204,204);padding:0.5em 0.7em;display:block!important">[delandtj@rt01 ~]$ sudo wg setconf wg0 wg/
conf        Dockerfile  priv        pub         
[delandtj@rt01 ~]$ sudo wg setconf wg0 wg/conf 
[delandtj@rt01 ~]$ sudo wg 
interface: wg0
  public key: REDACTED=
  private key: REDACTED=
  listening port: 23123

peer: REDACTED=
  endpoint: xxx.xxx.xxx.126:51820
  allowed ips: <a href="http://192.168.251.1/32">192.168.251.1/32</a>
[delandtj@rt01 ~]$ ping -c1 192.168.251.1
PING 192.168.251.1 (192.168.251.1) 56(84) bytes of data.
64 bytes from <a href="http://192.168.251.1">192.168.251.1</a>: icmp_seq=1 ttl=64 time=27.3 ms

--- 192.168.251.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 27.333/27.333/27.333/0.000 ms
</code></pre><p style="margin:0px 0px 1.2em!important">and ping was back</p>
<p style="margin:0px 0px 1.2em!important">it took 24-ish hours to happen, but not having touched the tunnel, nor the set-up, I can definitely confirm this happening…</p>
<pre style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;font-size:1em;line-height:1.2em;margin:1.2em 0px"><code style="font-size:0.85em;font-family:Consolas,Inconsolata,Courier,monospace;margin:0px 0.15em;padding:0px 0.3em;white-space:pre-wrap;border:1px solid rgb(234,234,234);border-radius:3px;display:inline;background-color:rgb(248,248,248);white-space:pre;overflow:auto;border-radius:3px;border:1px solid rgb(204,204,204);padding:0.5em 0.7em;display:block!important">[delandtj@rt01 ~]$ cat wg/conf 
[Interface]
PrivateKey = REDACTED=
ListenPort = 23123

[Peer]
PublicKey = REDACTED=
EndPoint = xxx.xxx.xxx.126:51820
AllowedIPs =  <a href="http://192.168.251.1/32">192.168.251.1/32</a>

### and server :
[root@Firewall001 ~]# cat /etc/zcomp/wireguard/wg.conf 
[Interface]
ListenPort = 51820
PrivateKey = REDACTED=

[Peer]
PublicKey = REDACTED=
AllowedIPs =  <a href="http://192.168.251.2/32">192.168.251.2/32</a>, <a href="http://192.168.64.0/24">192.168.64.0/24</a>
</code></pre><p style="margin:0px 0px 1.2em!important">Jan</p>
<div title="MDH:aGFwcGVuZWQgYWdhaW4sIGxpbmsgd2FzIHVwIGEgZmV3IG1vbWVudHMgYWdvLCBhbmQgdGhlbiBu
byBwaW5nIC4uLjxkaXY+PGJyPjxkaXY+YGBgPC9kaXY+PGRpdj48ZGl2PltkZWxhbmR0akBydDAx
IH5dJCBzdWRvIHdnJm5ic3A7PC9kaXY+PGRpdj5pbnRlcmZhY2U6IHdnMDwvZGl2PjxkaXY+Jm5i
c3A7IHB1YmxpYyBrZXk6IFN0aWxsdGhlc2FtZT08L2Rpdj48ZGl2PiZuYnNwOyBwcml2YXRlIGtl
eTombmJzcDtTdGlsbHRoZXNhbWU9PC9kaXY+PGRpdj4mbmJzcDsgbGlzdGVuaW5nIHBvcnQ6IDIz
MTIzPC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj5wZWVyOiZuYnNwO1N0aWxsdGhlc2FtZT08L2Rp
dj48ZGl2PiZuYnNwOyBlbmRwb2ludDogeHh4Lnh4eC54eHguMTI2OjE3MDU5ICZuYnNwOyAmbmJz
cDsjIyMjIGNoYW5nZWQgcG9ydCZuYnNwOzwvZGl2PjxkaXY+Jm5ic3A7IGFsbG93ZWQgaXBzOiAx
OTIuMTY4LjI1MS4xLzMyPC9kaXY+PGRpdj4mbmJzcDsgbGF0ZXN0IGhhbmRzaGFrZTogMSBob3Vy
LCA1OCBtaW51dGVzLCA0IHNlY29uZHMgYWdvPC9kaXY+PGRpdj4mbmJzcDsgYmFuZHdpZHRoOiAx
NjEuMDQgTWlCIHJlY2VpdmVkLCA1LjM4IE1pQiBzZW50PC9kaXY+PC9kaXY+PGRpdj5gYGA8L2Rp
dj48L2Rpdj48ZGl2Pjxicj48L2Rpdj48ZGl2PlRoZW4sIHdpdGgmbmJzcDs8L2Rpdj48ZGl2Pjxi
cj48L2Rpdj48ZGl2PmBgYDwvZGl2PjxkaXY+PGRpdj5bZGVsYW5kdGpAcnQwMSB+XSQgc3VkbyB3
ZyBzZXRjb25mIHdnMCB3Zy88L2Rpdj48ZGl2PmNvbmYgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i
c3A7RG9ja2VyZmlsZSAmbmJzcDtwcml2ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwO3B1YiAm
bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsmbmJzcDs8L2Rpdj48ZGl2PltkZWxhbmR0akBydDAx
IH5dJCBzdWRvIHdnIHNldGNvbmYgd2cwIHdnL2NvbmYmbmJzcDs8L2Rpdj48ZGl2PltkZWxhbmR0
akBydDAxIH5dJCBzdWRvIHdnJm5ic3A7PC9kaXY+PGRpdj5pbnRlcmZhY2U6IHdnMDwvZGl2Pjxk
aXY+Jm5ic3A7IHB1YmxpYyBrZXk6IFJFREFDVEVEPTwvZGl2PjxkaXY+Jm5ic3A7IHByaXZhdGUg
a2V5OiZuYnNwO1JFREFDVEVEPTwvZGl2PjxkaXY+Jm5ic3A7IGxpc3RlbmluZyBwb3J0OiAyMzEy
MzwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+cGVlcjombmJzcDtSRURBQ1RFRD08L2Rpdj48ZGl2
PiZuYnNwOyBlbmRwb2ludDogeHh4Lnh4eC54eHguMTI2OjUxODIwPC9kaXY+PGRpdj4mbmJzcDsg
YWxsb3dlZCBpcHM6IDE5Mi4xNjguMjUxLjEvMzI8L2Rpdj48ZGl2PltkZWxhbmR0akBydDAxIH5d
JCBwaW5nIC1jMSAxOTIuMTY4LjI1MS4xPC9kaXY+PGRpdj5QSU5HIDE5Mi4xNjguMjUxLjEgKDE5
Mi4xNjguMjUxLjEpIDU2KDg0KSBieXRlcyBvZiBkYXRhLjwvZGl2PjxkaXY+NjQgYnl0ZXMgZnJv
bSAxOTIuMTY4LjI1MS4xOiBpY21wX3NlcT0xIHR0bD02NCB0aW1lPTI3LjMgbXM8L2Rpdj48ZGl2
Pjxicj48L2Rpdj48ZGl2Pi0tLSAxOTIuMTY4LjI1MS4xIHBpbmcgc3RhdGlzdGljcyAtLS08L2Rp
dj48ZGl2PjEgcGFja2V0cyB0cmFuc21pdHRlZCwgMSByZWNlaXZlZCwgMCUgcGFja2V0IGxvc3Ms
IHRpbWUgMG1zPC9kaXY+PGRpdj5ydHQgbWluL2F2Zy9tYXgvbWRldiA9IDI3LjMzMy8yNy4zMzMv
MjcuMzMzLzAuMDAwIG1zPC9kaXY+PC9kaXY+PGRpdj5gYGA8L2Rpdj48ZGl2Pjxicj48L2Rpdj48
ZGl2PmFuZCBwaW5nIHdhcyBiYWNrPC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj5pdCB0b29rIDI0
LWlzaCBob3VycyB0byBoYXBwZW4sIGJ1dCBub3QgaGF2aW5nIHRvdWNoZWQgdGhlIHR1bm5lbCwg
bm9yIHRoZSBzZXQtdXAsIEkgY2FuIGRlZmluaXRlbHkgY29uZmlybSB0aGlzIGhhcHBlbmluZy4u
LjwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+YGBgPC9kaXY+PGRpdj48ZGl2PltkZWxhbmR0akBy
dDAxIH5dJCBjYXQgd2cvY29uZiZuYnNwOzwvZGl2PjxkaXY+W0ludGVyZmFjZV08L2Rpdj48ZGl2
PlByaXZhdGVLZXkgPSBSRURBQ1RFRD08L2Rpdj48ZGl2Pkxpc3RlblBvcnQgPSAyMzEyMzwvZGl2
PjxkaXY+PGJyPjwvZGl2PjxkaXY+W1BlZXJdPC9kaXY+PGRpdj5QdWJsaWNLZXkgPSZuYnNwO1JF
REFDVEVEPTwvZGl2PjxkaXY+RW5kUG9pbnQgPSB4eHgueHh4Lnh4eC4xMjY6NTE4MjA8L2Rpdj48
ZGl2PkFsbG93ZWRJUHMgPSAmbmJzcDsxOTIuMTY4LjI1MS4xLzMyPC9kaXY+PC9kaXY+PGRpdj48
YnI+PC9kaXY+PGRpdj4jIyMgYW5kIHNlcnZlciA6PC9kaXY+PGRpdj48ZGl2Pltyb290QEZpcmV3
YWxsMDAxIH5dIyBjYXQgL2V0Yy96Y29tcC93aXJlZ3VhcmQvd2cuY29uZiZuYnNwOzwvZGl2Pjxk
aXY+W0ludGVyZmFjZV08L2Rpdj48ZGl2Pkxpc3RlblBvcnQgPSA1MTgyMDwvZGl2PjxkaXY+UHJp
dmF0ZUtleSA9IFJFREFDVEVEPTwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+W1BlZXJdPC9kaXY+
PGRpdj5QdWJsaWNLZXkgPSZuYnNwO1JFREFDVEVEPTwvZGl2PjxkaXY+QWxsb3dlZElQcyA9ICZu
YnNwOzE5Mi4xNjguMjUxLjIvMzIsIDE5Mi4xNjguNjQuMC8yNDwvZGl2PjxkaXY+PGJyPjwvZGl2
PjxkaXY+YGBgPC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj5KYW48L2Rpdj48ZGl2Pjxicj48L2Rp
dj48L2Rpdj48ZGl2Pjxicj48L2Rpdj4=" style="height:0;width:0;max-height:0;max-width:0;overflow:hidden;font-size:0em;padding:0;margin:0">​</div></div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Jul 7, 2016 at 6:38 PM Jason A. Donenfeld <<a href="mailto:Jason@zx2c4.com">Jason@zx2c4.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Thu, Jul 7, 2016 at 5:00 PM, Bruno Wolff III <<a href="mailto:bruno@wolff.to" target="_blank">bruno@wolff.to</a>> wrote:<br>
> On Thu, Jul 07, 2016 at 14:45:22 +0000,<br>
>  Jan De Landtsheer <<a href="mailto:jan@incubaid.com" target="_blank">jan@incubaid.com</a>> wrote:<br>
>><br>
>><br>
>> nope, Start with basics, use pub ip to pub ip<br>
>> BTW, can a client run behind NAT ? (I assume not, as AFAICT both need to<br>
>> listen on a port)<br>
><br>
><br>
> The one behind nat can hold the tunnel open so the other end can always<br>
> reach it.<br>
<br>
This is the thrust of the issue -- holding the tunnel open when<br>
there's no traffic. This needs to be addressed. Started new thread to<br>
discuss this.<br>
</blockquote></div>