Troubleshooting WireGuard connections

Riccardo Berto riccardo at rcrdbrt.com
Thu Apr 12 11:09:26 CEST 2018 

WireGuard doesn't always work with my devices.
I ran out of options for troubleshooting it so I'm writing here, hoping 
for a stable solution. I see it's not a strict devel-only mailing list 
but if I'm off-topic I apologize in advance and I'll fade-out in the 
background, waiting for better times.

Here's my problem: WireGuard "sometimes" works. I have a client that 
always talks with the server without problems (the laptop, 10.0.0.4), it 
always pings and trasfers data correctly. It just works as expected. I 
have 2 others (Raspberry Pis: 10.0.0.2, 10.0.0.3) that don't work most 
of the time. I tried enabling the PersistentKeepalive feature on those 
and the WireGuard interface has some low traffic due to it but no chance 
of pinging or having traffic with them 99 times out of 100. "tcpdump -i 
wg0" shows ping requests, from both sides, but no answers.
In the rare occasions they work, I can ping everyone from every client, 
as expected with my configuration files.

Also, with all the devices I tried both the new systemd-networkd's 
WireGuard implementation and systemd's wg-quick at wg0.service method, as 
well as testing manually with wg-quick. The systemd version is 238.
Archlinux is running on every node and I'm using the latest publicly 
available WireGuard snapshot as of writing this, 20180304.


#####################################
# Server config (VPS on vultr.com): #
#####################################
[Interface]
Address = 10.0.0.1/24
SaveConfig = true
ListenPort = 21
PrivateKey = ------------

[Peer]
PublicKey = ------------
AllowedIPs = 10.0.0.3/32
Endpoint = Client1:51820
PersistentKeepalive = 30

[Peer]
PublicKey = ------------
AllowedIPs = 10.0.0.4/32
Endpoint = Client3:51821

[Peer]
PublicKey = ------------
AllowedIPs = 10.0.0.2/32
Endpoint = Client2:21
PersistentKeepalive = 30


#####################################
# Client 1 config (Raspberry Pi 3): #
#####################################
[Interface]
Address = 10.0.0.3/24
ListenPort = 51820
PrivateKey = ------------

[Peer]
PublicKey = ------------
AllowedIPs = 10.0.0.1/24
Endpoint = VPS:21


#####################################
# Client 2 config (Raspberry Pi 3): #
#####################################
[Interface]
Address = 10.0.0.2/24
PrivateKey = ------------
ListenPort = 21

[Peer]
PublicKey = ------------
AllowedIPs = 10.0.0.1/24
Endpoint = VPS:21


##############################################
# Client 3 config (personal laptop, x86_64): #
##############################################
[Interface]
Address = 10.0.0.4/24
ListenPort = 51821
PrivateKey = ------------

[Peer]
PublicKey = ------------
AllowedIPs = 10.0.0.0/24
Endpoint = VPS:21



Any help is appreciated.

More information about the WireGuard mailing list