Keep-alive does not keep the connection alive
hendrik at friedels.name
Wed Aug 21 21:13:59 CEST 2019
I have a setup in which the Server IP is known, whereas the Client IP is
changing. Thus, I rely on the Client to connect to the Server. I want
the Client to keep the connection alive all the time though, so that the
Server can also initiate a connection to the Server when needed. Both,
client and server are behind a NAT/Router.
I would think, that the "PersistentKeepalive = 25" on the Client would
ckeep the connection open. The connection works fine while used. But
after a while, I cannot connect from the Server to the client anymore.
I would assume that a ping from the Client to the IP of the endpoint
would help to re-alive the connection - but it does not.
Only after a wg-quick down and up all is fine again.
Below some more information.
Can you help me to find, what I am doing wrong?
At the time of the problem "wg" shows on the Client:
public key: cebXSxxx=
private key: (hidden)
listening port: 60147
allowed ips: 0.0.0.0/0
latest handshake: 1 day, 7 hours, 44 minutes, 19 seconds ago
transfer: 48.48 GiB received, 1.22 TiB sent
persistent keepalive: every 25 seconds
and on the Server
public key: oNjoijXxxx=
private key: (hidden)
listening port: 51820
allowed ips: 10.192.122.3/32
latest handshake: 1 day, 7 hours, 46 minutes, 5 seconds ago
transfer: 67.24 MiB received, 651.37 MiB sent
allowed ips: 10.192.122.2/32
latest handshake: 2 days, 21 hours, 49 minutes, 25 seconds ago
transfer: 11.98 MiB received, 127.11 MiB sent
Note the "transfer" being different between the two by far. I show the
peer "ZiTIY" for completeness only. I do not think that it is relevant.
The Client config:
Address = 10.192.122.3/32
PrivateKey = xx=
PublicKey = yy=
Endpoint = Dyn.IP:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
The Server config:
Address = 10.192.122.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wgnet0 -j ACCEPT; iptables -A FORWARD -o
wgnet0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wgnet0 -j ACCEPT; iptables -D FORWARD
-o wgnet0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j
ListenPort = 51820
PrivateKey = aa=
PublicKey = bb=
AllowedIPs = 10.192.122.2/32
Endpoint = hidden:41646
PublicKey = cc=
AllowedIPs = 10.192.122.3/32
Endpoint = hidden:60147
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the WireGuard