Invalid handshake initiation after peer reboot: bug?

Eicke Herbertz wolletd at
Mon Aug 24 20:19:37 CEST 2020

Hi Jason,

thanks for your help, you were correct!
It dawned on me the moment I read "real time clock": While OpenWRT
enables network time synchronization by default, our customer blocks all
internet access other than to our VPN server for the devices. That's why
it wasn't reproducible in the office.
After pointing NTP to our server as well, WireGuard is back to it's
instantaneous beauty.

Would it be feasible to distinguish some cases of "Invalid handshake" in
the debug log? Simply reading "replay" somewhere would've helped
probably. I'm using WireGuard for about two years now and this was the
first time I actually had to enable debug logging to understand my
issue, but the debug logging didn't help much.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the WireGuard mailing list