Keep-alive does not keep the connection alive

Hendrik Friedel hendrik at friedels.name
Wed Aug 21 21:13:59 CEST 2019 

Hello,

I have a setup in which the Server IP is known, whereas the Client IP is 
changing. Thus, I rely on the Client to connect to the Server. I want 
the Client to keep the connection alive all the time though, so that the 
Server can also initiate a connection to the Server when needed. Both, 
client and server are behind a NAT/Router.
I would think, that the "PersistentKeepalive = 25" on the Client would 
ckeep the connection open. The connection works fine while used. But 
after a while, I cannot connect from the Server to the client anymore.
I would assume that a ping from the Client to the IP of the endpoint 
would help to re-alive the connection - but it does not.

Only after a wg-quick down and up all is fine again.

Below some more information.

Can you help me to find, what I am doing wrong?

Regards,
Hendrik



At the time of the problem "wg" shows on the Client:
interface: wgnet0
   public key: cebXSxxx=
   private key: (hidden)
   listening port: 60147
   fwmark: 0xca6c

peer:  oNjoixxx=
   endpoint: 92.210.7.177:51820
   allowed ips: 0.0.0.0/0
   latest handshake: 1 day, 7 hours, 44 minutes, 19 seconds ago
   transfer: 48.48 GiB received, 1.22 TiB sent
   persistent keepalive: every 25 seconds


and on the Server
  wg
interface: wgnet0
   public key: oNjoijXxxx=
   private key: (hidden)
   listening port: 51820

peer: cebXSxx=
   endpoint: 185.22.142.254:60147
   allowed ips: 10.192.122.3/32
   latest handshake: 1 day, 7 hours, 46 minutes, 5 seconds ago
   transfer: 67.24 MiB received, 651.37 MiB sent

peer: ZiTlYnxx=
   endpoint: 109.41.65.27:5935
   allowed ips: 10.192.122.2/32
   latest handshake: 2 days, 21 hours, 49 minutes, 25 seconds ago
   transfer: 11.98 MiB received, 127.11 MiB sent


Note the "transfer" being different between the two by far. I show the 
peer "ZiTIY" for completeness only. I do not think that it is relevant.











The Client config:
[Interface]
Address = 10.192.122.3/32
PrivateKey = xx=

[Peer]
PublicKey = yy=
Endpoint = Dyn.IP:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

The Server config:
[Interface]
Address = 10.192.122.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wgnet0 -j ACCEPT; iptables -A FORWARD -o 
wgnet0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wgnet0 -j ACCEPT; iptables -D FORWARD 
-o wgnet0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j 
MASQUERADE
ListenPort = 51820
PrivateKey = aa=

[Peer]
PublicKey = bb=
AllowedIPs = 10.192.122.2/32
Endpoint = hidden:41646

[Peer]
PublicKey = cc=
AllowedIPs = 10.192.122.3/32
Endpoint = hidden:60147




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20190821/671c45e6/attachment.html>

More information about the WireGuard mailing list