Troubleshooting WireGuard connections

Riccardo Berto riccardo at
Sat Apr 14 00:36:25 CEST 2018

I didn't think about using tcpdump by checking the default interface, 
thanks for the suggestion!

I updated to the April 2018 snapshot on every peer.

I removed the server endpoints and since I was there, switched the 
server port to 51820, the protocol "default" one. It still works for the 
laptop but not on the 2 Raspberry Pis. When I run `ping` from 
one of them and `tcpdump -i ens3 'port 51820'` on the server, I promptly 
get this message:

00:20:36.146370 IP (tos 0x0, ttl 52, id 16258, offset 0, flags [none], 
proto UDP (17), length 176) > rcrd-online.51820: [udp 
sum ok] UDP, length 148

and it stops there, with no ping answers. When I stop the ping command 
with Ctrl-C, after a few moments I get:

00:20:36.146853 IP (tos 0x88, ttl 64, id 12226, offset 0, flags [none], 
proto UDP (17), length 120)
     rcrd-online.51820 > [bad 
udp cksum 0x8ebc -> 0xabb8!] UDP, length 92

and then STDOUT returns silent... Inexorably waiting for some other 
packet that never arrives...

Trying `ping` from the laptop (that has always worked with 0 
issues) works correctly but tcpdump on the server shows a bad UDP 
checksum, not sure if this is expected behavior.

More information about the WireGuard mailing list