wireguard looses internet connection intermittently.
Kunal Shah
kunalv.shah at gmail.com
Sun Feb 9 07:47:44 CET 2020
I think I found the problem, there is a typo in my iptable command. While
editing with vi, I may have added additional i in the end of MASQUERADE. I
removed it and restarted it. Now I am monitoring for issues.
On Sun, 9 Feb 2020 at 10:55, Kunal Shah <kunalv.shah at gmail.com> wrote:
> Hi Jason,
>
> Thanks for your response. After the changes you suggested, It still gives
> me the same problem. Now my GCP server wireguard configuration looks like
> this.
>
> [Interface]
> Address = 192.168.1.1
> SaveConfig = true
> PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j
> ACCEPT; iptables -t nat -A POSTROUTING -o ens4 -j MASQUERADEi;iptables -t
> mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
> --clamp-mss-to-pmtu
> PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i
> -j ACCEPT; iptables -t nat -D POSTROUTING -o ens4 -j MASQUERADE
> ListenPort = 51840
> PrivateKey = <private key>
> MTU=1380
>
> [Peer]
> PublicKey = <public key>
> AllowedIPs = 192.168.1.2/32
>
> On Sun, 9 Feb 2020 at 03:06, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
>
>> GCP uses an MTU of 1460 because Google's network does weird things.
>> That means the MTU for WireGuard should be 1380. On the GCP box, try
>> adding `MTU=1380` to your config and add this line to PostUp: `
>> ; iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j
>> TCPMSS --clamp-mss-to-pmtu`
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20200209/c02113e2/attachment.html>
More information about the WireGuard
mailing list