Invalid handshake initiation after peer reboot: bug?

Eicke Herbertz wolletd at
Fri Aug 21 22:42:43 CEST 2020


we are currently rolling out some OpenWrt devices that are clients to a
WireGuard VPN. Everything was normal while they were in-house, but since
they are in the customers network, we got issues.

The first connection succeeds, but after a reboot of the client, the
server logs an Invalid handshake initiation. A restart of the servers
WireGuard interfaces makes a connection possible again.

As we strongly suspected issues in the customers network, we waited
without checking at first – and apparently, it takes two to three hours
of invalid handshakes until some, yet unknown, thing happens that
enables the connection without restarting the interface.

Clients are running:
OpenWrt 19.07.3 (r11063-85e04e9f46)
Kernel 4.14.180
WireGuard 1.0.20200506

Server is running Kernel 5.8.2 with in-tree WireGuard.

I am unable to reproduce this in my home and company networks with
identical devices. Several other devices work fine as well. I am not
sure were to look and what to look for.

Any help is appreciated!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the WireGuard mailing list