From Jason at zx2c4.com Tue Jan 4 15:58:04 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Tue, 4 Jan 2022 16:58:04 +0100 Subject: PSA: systemd-networkd v250 adds routes from allowedips by default Message-ID: Hi everyone, Hope you all had a nice new year's. Version 250 of systemd-networkd added support for a `RouteTable` option in the `[WireGuard]` section of a `.netdev` config file. By default, it is "main". When this happens, the allowed IPs from configured peers are added to the system's main routing table using the metric specified by the also added `RouteMetric` option. This is pretty similar to wg-quick(8)'s behavior with its `Table` option in the `[Interface]` section, except that it doesn't do anything fancy for default routes or for routes that overlap with configured endpoints. This means that if you're currently using systemd-networkd v250 with 0.0.0.0/0 or ::/0 or similar in your allowed IPs, those allowed IPs will be automatically added to the main routing table, which might prove problematic for folks who are already manually doing fancy fwmark things with systemd-networkd. If this applies to you, you may want to set `RouteTable=off` explicitly. At the moment, I suspect this mostly affects Arch Linux users who followed fwmark instructions on their wiki. Regards, Jason From toke at toke.dk Tue Jan 4 21:34:35 2022 From: toke at toke.dk (Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?=) Date: Tue, 04 Jan 2022 22:34:35 +0100 Subject: [RFC PATCH 0/4] Introduce per-peer MTU setting In-Reply-To: <20211228234524.633509-1-leon@is.currently.online> References: <20211228234524.633509-1-leon@is.currently.online> Message-ID: <87tuejb2xg.fsf@toke.dk> leon at is.currently.online writes: > From: Leon Schuermann > > This patch series is an attempt to integrate a per-peer MTU setting > into WireGuard. With matching changes to the wireguard-tools, > individual MTU values can be set and retrieved for each registered > peer. > > While Linux supports setting an MTU metric for specific FIB route > entries [which I've only found out after implementing this :)], and > thus allows to lower the MTU for individual peers, this appears to > disable regular path MTU discovery (PMTUD) entirely on the > route. While regular PMTUD does not work over the tunnel link, it > should still be usable on the rest of the route. I'm not sure I understand the use case? Either PMTUD works through the tunnel and you can just let that do its job, or it doesn't and you have to do out-of-band discovery anyway in which case you can just use the FIB route MTU? Or what do you mean by "usable on the rest of the route"? > Furthermore, with the goal of eventually introducing an in-band > per-peer PMTUD mechanism, keeping an internal per-peer MTU value does > not require modifying the FIB and thus potentially interfere with > userspace. What "in-band per-peer PMTUD mechanism"? And why does it need this? -Toke From toke at toke.dk Wed Jan 5 00:14:47 2022 From: toke at toke.dk (Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?=) Date: Wed, 05 Jan 2022 01:14:47 +0100 Subject: [RFC] wiregard RX packet processing. In-Reply-To: References: <20211208173205.zajfvg6zvi4g5kln@linutronix.de> Message-ID: <87mtkbavig.fsf@toke.dk> "Jason A. Donenfeld" writes: > Hi Sebastian, > > Seems like you've identified two things, the use of need_resched, and > potentially surrounding napi_schedule in local_bh_{disable,enable}. > > Regarding need_resched, I pulled that out of other code that seemed to > have the "same requirements", as vaguely conceived. It indeed might > not be right. The intent is to have that worker running at maximum > throughput for extended periods of time, but not preventing other > threads from running elsewhere, so that, e.g., a user's machine > doesn't have a jenky mouse when downloading a file. > > What are the effects of unconditionally calling cond_resched() without > checking for if (need_resched())? Sounds like you're saying none at > all? I believe so: AFAIU, you use need_resched() if you need to do some kind of teardown before the schedule point, like this example I was recently looking at: https://elixir.bootlin.com/linux/latest/source/net/bpf/test_run.c#L73 If you just need to maybe reschedule, you can just call cond_resched() and it'll do what it says on the tin: do a schedule if needed, and return immediately otherwise. > Regarding napi_schedule, I actually wasn't aware that it's requirement > to _only_ ever run from softirq was a strict one. When I switched to > using napi_schedule in this way, throughput really jumped up > significantly. Part of this indeed is from the batching, so that the > napi callback can then handle more packets in one go later. But I > assumed it was something inside of NAPI that was batching and > scheduling it, rather than a mistake on my part to call this from a wq > and not from a softirq. > > What, then, are the effects of surrounding that in > local_bh_{disable,enable} as you've done in the patch? You mentioned > one aspect is that it will "invoke wg_packet_rx_poll() where you see > only one skb." It sounds like that'd be bad for performance, though, > given that the design of napi is really geared toward batching. Heh, I wrote a whole long explanation he about variable batch sizes because you don't control when the NAPI is scheduled, etc... And then I noticed the while loop is calling ptr_ring_consume_bh(), which means that there's already a local_bh_disable/enable pair on every loop invocation. So you already have this :) Which of course raises the question of whether there's anything to gain from *adding* batching to the worker? Something like: #define BATCH_SIZE 8 void wg_packet_decrypt_worker(struct work_struct *work) { struct crypt_queue *queue = container_of(work, struct multicore_worker, work)->ptr; void *skbs[BATCH_SIZE]; bool again; int i; restart: local_bh_disable(); ptr_ring_consume_batched(&queue->ring, skbs, BATCH_SIZE); for (i = 0; i < BATCH_SIZE; i++) { struct sk_buff *skb = skbs[i]; enum packet_state state; if (!skb) break; state = likely(decrypt_packet(skb, PACKET_CB(skb)->keypair)) ? PACKET_STATE_CRYPTED : PACKET_STATE_DEAD; wg_queue_enqueue_per_peer_rx(skb, state); } again = !ptr_ring_empty(&queue->ring); local_bh_enable(); if (again) { cond_resched(); goto restart; } } Another thing that might be worth looking into is whether it makes sense to enable threaded NAPI for Wireguard. See: https://lore.kernel.org/r/20210208193410.3859094-1-weiwan at google.com -Toke From leon at is.currently.online Fri Jan 7 22:13:21 2022 From: leon at is.currently.online (Leon Schuermann) Date: Fri, 07 Jan 2022 23:13:21 +0100 Subject: [RFC PATCH 0/4] Introduce per-peer MTU setting In-Reply-To: <87tuejb2xg.fsf@toke.dk> References: <20211228234524.633509-1-leon@is.currently.online> <87tuejb2xg.fsf@toke.dk> Message-ID: <87tuefry7y.fsf@silicon> Toke H?iland-J?rgensen writes: > I'm not sure I understand the use case? Either PMTUD works through the > tunnel and you can just let that do its job, or it doesn't and you > have to do out-of-band discovery anyway in which case you can just use > the FIB route MTU? For traffic _through_ the WireGuard tunnel, that is correct. As WireGuard in general does not do any funny business with the traffic it forwards, path MTU discovery through the tunnel works just fine. I'll call that end-to-end PMTUD. If this does not work for any reason, one has to fall back onto specifying the MTU in FIB, or some other mechanism. I am however concerned about the link(s) _underneath_ the WireGuard tunnel (where the encrypted + authenticated packets are forwarded), so the endpoint-to-endpoint link. Regular path MTU discovery does not work here. As far as I understand, the reasoning behind this is that even if the WireGuard endpoint does receive ICMP Fragmentation Needed / Packet Too Big messages from a host on the path the tunnel traverses, these messages are not and cannot be authenticated. This means that this information cannot be forwarded to the sender of the original packet, outside of the tunnel. This is a real-word issue I am experiencing in WireGuard setups. For instance, I administer the WireGuard instance of a small student ISP. Clients connect from a variety of networks to this endpoint, such as DSL links (PPPoE) which commonly have 1492 bytes MTU, or connections using Dual-Stack Lite, having 1460 bytes MTU due to the encapsulation overhead. Essentially no residential providers fragment packets, and some do not even send ICMP responses. Sometimes people use a tunnel inside another tunnel, further decreasing MTU. While reducing the server and client MTUs to the maximum MTU supported by all supported link types technically works, it increases IP, tunnel and transport header overhead. It is thus desirable to be able to specify an individual MTU per WireGuard peer, to use the available MTU on the respective routes. This is also on the WireGuard project's todo [1] and has been discussed before [2]. > what do you mean by "usable on the rest of the route"? Actually, I think I might be wrong here. Initial tests have suggested me that if the route MTU is specified in the FIB, Linux would not take any ICMP Fragmentation Needed / Packet Too Big responses into account. I've tested this again, and it seems to indeed perform proper path MTU discovery even if the route MTU is specified. This is important as a route to the destination host might first go through a WireGuard tunnel to a peer, and then forwarded over paths which might have an even lower MTU. Thus the FIB entry MTU is a viable solution for setting individual peer's route limits, but it might be rather inelegant to modify the route's MTU values in the FIB from within kernel space, which might be needed for an in-band PMTUD mechanism. >> Furthermore, with the goal of eventually introducing an in-band >> per-peer PMTUD mechanism, keeping an internal per-peer MTU value does >> not require modifying the FIB and thus potentially interfere with >> userspace. > > What "in-band per-peer PMTUD mechanism"? And why does it need this? As outlined above, WireGuard cannot utilize the regular ICMP-based PMTUD mechanism over the endpoint-to-endpoint path. It is however not great to default to a low MTU to accomodate for low-MTU links on this path, and very inconvenient to manually adjust the tunnel MTUs. A solution to this issue could be a PMTUD mechanism through the tunnel link itself. It would circumvent the security considerations with ICMP-based PMTUD by relying exclusively on an encrypted + authenticated message exchange. For instance, a naive approach could be to send ICMP echo messages with increasing/decreasing payload size to the peer and discover the usable tunnel MTU based on the (lost) responses. While this can be implemented outside of the WireGuard kernel module, it makes certain assumptions about the tunnel and endpoint configuration, such as the endpoints having an IP assigned, this IP being in the AllowedIPs (not a given), responding to ICMP echo packets, etc. If such a mechanism were to be (optionally) integrated into WireGuard directly, it could have the potential to reduce these kinds of headaches significantly. #+BEGIN_EXAMPLE Here is an illustration of these issues using a hacky Mininet test setup[3], which has the following topology (all traffic from h5 being routed over the tunnel between h1 and h4), with fragmentation disabled: /--- wireguard ---\ / \ / eth eth eth \ h1 <-> h2 <-> h3 <-> h4 <-> h5 The route from h1 to h4 has an MTU of 1500 bytes: mininet> h1 ping -c1 -Mdo -s1472 h4 1480 bytes from 10.0.2.2: icmp_seq=1 ttl=62 time=0.508 ms The route from h1 to h5 (through the WireGuard tunnel, via h4) has an MTU of 1420 bytes: mininet> h1 ping -c1 -Mdo -s1392 h5 1400 bytes from 192.168.1.2: icmp_seq=1 ttl=63 time=7.44 ms When decreasing the MTU of the h2 to h3 link, we can observe that PMTUD works on the route of h1 to h4: mininet> h2 ip link set h2-eth1 mtu 1492 mininet> h3 ip link set h3-eth0 mtu 1492 mininet> h1 ping -c1 -Mdo -s1472 h4 From 10.0.0.2 icmp_seq=1 Frag needed and DF set (mtu = 1492) However, when trying to ping h5 from h1 through the WireGuard tunnel, the packet is silently dropped: mininet> h1 ping -c1 -Mdo -s1392 -W1 h5 PING 192.168.1.2 (192.168.1.2) 1392(1420) bytes of data. --- 192.168.1.2 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms We can change the appropriate FIB entry of the route _through_ the tunnel to make Linux aware of the lower MTU: mininet> h1 ip route change 192.168.1.0/24 dev wg0 mtu 1412 mininet> h1 ping -c1 -Mdo -s1392 -W1 h5 ping: local error: message too long, mtu=1412 mininet> h1 ping -c1 -Mdo -s1384 -W1 h5 1392 bytes from 192.168.1.2: icmp_seq=1 ttl=63 time=10.8 ms When lowering the MTU of the h4 to h5 link even further (not part of the endpoint-to-endpoint link, but the route), PMTUD does work, which is good: mininet> h4 ip link set h4-eth1 mtu 1400 mininet> h5 ip link set h5-eth0 mtu 1400 mininet> h1 ping -c1 -Mdo -s1384 -W1 h5 PING 192.168.1.2 (192.168.1.2) 1384(1412) bytes of data. From 192.168.0.2 icmp_seq=1 Frag needed and DF set (mtu = 1400) #+END_EXAMPLE Let me know if that made things any clearer. :) - Leon [1]: https://www.wireguard.com/todo/#per-peer-pmtu [2]: https://lists.zx2c4.com/pipermail/wireguard/2018-April/002651.html [3]: https://gist.github.com/lschuermann/7e5de6e00358d1312c86e2144d7352b4 From houmie at gmail.com Sun Jan 9 10:02:56 2022 From: houmie at gmail.com (Houman) Date: Sun, 9 Jan 2022 10:02:56 +0000 Subject: Does Bitcode have to remain disabled? Message-ID: Hello, Based on the instructions on Wireguard Github page https://github.com/WireGuard/wireguard-apple#wireguardkit-integration, BitCode has to remain disabled in build settings. The problem is that by disabling BitCode, crashing information won't be as accurate and we won't be able to download the Dsym from the AppStore, which is needed for Crashlytics. Is there a reason why we couldn't enable it? Many Thanks, Houman From henning.reich at gmail.com Mon Jan 10 20:37:35 2022 From: henning.reich at gmail.com (henning.reich at gmail.com) Date: Mon, 10 Jan 2022 21:37:35 +0100 Subject: Question about MTU and Wireguard and the current changes Message-ID: <1e345f21-4564-7df8-1aae-32ba14d42779@qupfer.de> Hi, I run in some connection troubles between two wireguards host (one running fedora 35, one arch linux). If I tried to transfer large files through SSH (SCP or btrfs send/receive thorugh ssh through wireguard tunnel) it stucks after a few byte and nothing transfered anymore. This happens in the last days, so probably an update on one or both machines. I also saw, that there some changes on the MTU thing (If I remember correctly, a per peer MTU is configurable) However. My first try was just set the MTU to a lower number (MTU = 1200) and yes, scp works again. Okay, so I did the good old ping test. "ping -M do -s $SIZE -c 1 172.16.0.2" with $SIZE increasing. And that surprised me. It works until an Size of 36932 Bytes. Checked with wireguard and "MTU = 36932" and yes, scp still working. Can somebody explain, why the old default setting of "65456" doesn't work anymore but the MTU can set to much higher values as typical ones? Thanks Henning From tlhackque at yahoo.com Mon Jan 10 20:56:07 2022 From: tlhackque at yahoo.com (tlhackque) Date: Mon, 10 Jan 2022 15:56:07 -0500 Subject: Question about MTU and Wireguard and the current changes In-Reply-To: <1e345f21-4564-7df8-1aae-32ba14d42779@qupfer.de> References: <1e345f21-4564-7df8-1aae-32ba14d42779@qupfer.de> Message-ID: On 10-Jan-22 15:37, henning.reich at gmail.com wrote: > Hi, > I run in some connection troubles between two wireguards host (one > running fedora 35, one arch linux). If I tried to transfer large files > through SSH (SCP or btrfs send/receive thorugh ssh through wireguard > tunnel) it stucks after a few byte and nothing transfered anymore. > > This happens in the last days, so probably an update on one or both > machines. I also saw, that there some changes on the MTU thing (If I > remember correctly, a per peer MTU is configurable) > > However. My first try was just set the MTU to a lower number (MTU = > 1200) and yes, scp works again. > Okay, so I did the good old ping test. "ping -M do -s $SIZE -c 1 > 172.16.0.2" with $SIZE increasing. And that surprised me. It works > until an Size of 36932 Bytes. Checked with wireguard and "MTU = 36932" > and yes, scp still working. > > Can somebody explain, why the old default setting of "65456" doesn't > work anymore but the MTU can set to much higher values as typical ones? > > Thanks > Henning > Guess: Fragmentation happens somewhere and fragments are blocked at your router/firewall/host.? Blocking fragments is a common, if misguided, "security enhancement". A packet trace would provide the necessary clues in any case. Wireshark is a convenient way to get one. -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: From Jason at zx2c4.com Tue Jan 11 13:49:32 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Tue, 11 Jan 2022 14:49:32 +0100 Subject: [PATCH crypto 0/2] smaller blake2s code size on m68k and other small platforms In-Reply-To: References: Message-ID: <20220111134934.324663-1-Jason@zx2c4.com> Hi, Geert emailed me this afternoon concerned about blake2s codesize on m68k and other small systems. We identified two extremely effective ways of chopping down the size. One of them moves some wireguard-specific things into wireguard proper. The other one adds a slower codepath for CONFIG_CC_OPTIMIZE_FOR_SIZE configurations. I really don't like that slower codepath, but since it is configuration gated, at least it stays out of the way except for people who know they need a tiny kernel image Thanks, Jason Jason A. Donenfeld (2): lib/crypto: blake2s-generic: reduce code size on small systems lib/crypto: blake2s: move hmac construction into wireguard drivers/net/wireguard/noise.c | 45 ++++++++++++++++++++++++++++++----- include/crypto/blake2s.h | 3 --- lib/crypto/blake2s-generic.c | 30 +++++++++++++---------- lib/crypto/blake2s-selftest.c | 31 ------------------------ lib/crypto/blake2s.c | 37 ---------------------------- 5 files changed, 57 insertions(+), 89 deletions(-) -- 2.34.1 From Jason at zx2c4.com Tue Jan 11 13:49:33 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Tue, 11 Jan 2022 14:49:33 +0100 Subject: [PATCH crypto 1/2] lib/crypto: blake2s-generic: reduce code size on small systems In-Reply-To: <20220111134934.324663-1-Jason@zx2c4.com> References: <20220111134934.324663-1-Jason@zx2c4.com> Message-ID: <20220111134934.324663-2-Jason@zx2c4.com> Re-wind the loops entirely on kernels optimized for code size. This is really not good at all performance-wise. But on m68k, it shaves off 4k of code size, which is apparently important. Cc: Geert Uytterhoeven Cc: Herbert Xu Cc: Ard Biesheuvel Signed-off-by: Jason A. Donenfeld --- lib/crypto/blake2s-generic.c | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/lib/crypto/blake2s-generic.c b/lib/crypto/blake2s-generic.c index 75ccb3e633e6..990f000e22ee 100644 --- a/lib/crypto/blake2s-generic.c +++ b/lib/crypto/blake2s-generic.c @@ -46,7 +46,7 @@ void blake2s_compress_generic(struct blake2s_state *state, const u8 *block, { u32 m[16]; u32 v[16]; - int i; + int i, j; WARN_ON(IS_ENABLED(DEBUG) && (nblocks > 1 && inc != BLAKE2S_BLOCK_SIZE)); @@ -86,17 +86,23 @@ void blake2s_compress_generic(struct blake2s_state *state, const u8 *block, G(r, 6, v[2], v[ 7], v[ 8], v[13]); \ G(r, 7, v[3], v[ 4], v[ 9], v[14]); \ } while (0) - ROUND(0); - ROUND(1); - ROUND(2); - ROUND(3); - ROUND(4); - ROUND(5); - ROUND(6); - ROUND(7); - ROUND(8); - ROUND(9); - + if (IS_ENABLED(CONFIG_CC_OPTIMIZE_FOR_SIZE)) { + for (i = 0; i < 10; ++i) { + for (j = 0; j < 8; ++j) + G(i, j, v[j % 4], v[((j + (j / 4)) % 4) + 4], v[((j + 2 * (j / 4)) % 4) + 8], v[((j + 3 * (j / 4)) % 4) + 12]); + } + } else { + ROUND(0); + ROUND(1); + ROUND(2); + ROUND(3); + ROUND(4); + ROUND(5); + ROUND(6); + ROUND(7); + ROUND(8); + ROUND(9); + } #undef G #undef ROUND -- 2.34.1 From Jason at zx2c4.com Tue Jan 11 13:49:34 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Tue, 11 Jan 2022 14:49:34 +0100 Subject: [PATCH crypto 2/2] lib/crypto: blake2s: move hmac construction into wireguard In-Reply-To: <20220111134934.324663-1-Jason@zx2c4.com> References: <20220111134934.324663-1-Jason@zx2c4.com> Message-ID: <20220111134934.324663-3-Jason@zx2c4.com> Basically nobody should use blake2s in an HMAC construction; it already has a keyed variant. But for unfortunately historical reasons, Noise, used by WireGuard, uses HKDF quite strictly, which means we have to use this. Because this really shouldn't be used by others, this commit moves it into wireguard's noise.c locally, so that kernels that aren't using WireGuard don't get this superfluous code baked in. On m68k systems, this shaves off ~314 bytes. Cc: Geert Uytterhoeven Cc: Herbert Xu Cc: Ard Biesheuvel Cc: netdev at vger.kernel.org Cc: wireguard at lists.zx2c4.com Signed-off-by: Jason A. Donenfeld --- drivers/net/wireguard/noise.c | 45 ++++++++++++++++++++++++++++++----- include/crypto/blake2s.h | 3 --- lib/crypto/blake2s-selftest.c | 31 ------------------------ lib/crypto/blake2s.c | 37 ---------------------------- 4 files changed, 39 insertions(+), 77 deletions(-) diff --git a/drivers/net/wireguard/noise.c b/drivers/net/wireguard/noise.c index c0cfd9b36c0b..720952b92e78 100644 --- a/drivers/net/wireguard/noise.c +++ b/drivers/net/wireguard/noise.c @@ -302,6 +302,41 @@ void wg_noise_set_static_identity_private_key( static_identity->static_public, private_key); } +static void hmac(u8 *out, const u8 *in, const u8 *key, const size_t inlen, const size_t keylen) +{ + struct blake2s_state state; + u8 x_key[BLAKE2S_BLOCK_SIZE] __aligned(__alignof__(u32)) = { 0 }; + u8 i_hash[BLAKE2S_HASH_SIZE] __aligned(__alignof__(u32)); + int i; + + if (keylen > BLAKE2S_BLOCK_SIZE) { + blake2s_init(&state, BLAKE2S_HASH_SIZE); + blake2s_update(&state, key, keylen); + blake2s_final(&state, x_key); + } else + memcpy(x_key, key, keylen); + + for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) + x_key[i] ^= 0x36; + + blake2s_init(&state, BLAKE2S_HASH_SIZE); + blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); + blake2s_update(&state, in, inlen); + blake2s_final(&state, i_hash); + + for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) + x_key[i] ^= 0x5c ^ 0x36; + + blake2s_init(&state, BLAKE2S_HASH_SIZE); + blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); + blake2s_update(&state, i_hash, BLAKE2S_HASH_SIZE); + blake2s_final(&state, i_hash); + + memcpy(out, i_hash, BLAKE2S_HASH_SIZE); + memzero_explicit(x_key, BLAKE2S_BLOCK_SIZE); + memzero_explicit(i_hash, BLAKE2S_HASH_SIZE); +} + /* This is Hugo Krawczyk's HKDF: * - https://eprint.iacr.org/2010/264.pdf * - https://tools.ietf.org/html/rfc5869 @@ -322,14 +357,14 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data, ((third_len || third_dst) && (!second_len || !second_dst)))); /* Extract entropy from data into secret */ - blake2s256_hmac(secret, data, chaining_key, data_len, NOISE_HASH_LEN); + hmac(secret, data, chaining_key, data_len, NOISE_HASH_LEN); if (!first_dst || !first_len) goto out; /* Expand first key: key = secret, data = 0x1 */ output[0] = 1; - blake2s256_hmac(output, output, secret, 1, BLAKE2S_HASH_SIZE); + hmac(output, output, secret, 1, BLAKE2S_HASH_SIZE); memcpy(first_dst, output, first_len); if (!second_dst || !second_len) @@ -337,8 +372,7 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data, /* Expand second key: key = secret, data = first-key || 0x2 */ output[BLAKE2S_HASH_SIZE] = 2; - blake2s256_hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, - BLAKE2S_HASH_SIZE); + hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, BLAKE2S_HASH_SIZE); memcpy(second_dst, output, second_len); if (!third_dst || !third_len) @@ -346,8 +380,7 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data, /* Expand third key: key = secret, data = second-key || 0x3 */ output[BLAKE2S_HASH_SIZE] = 3; - blake2s256_hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, - BLAKE2S_HASH_SIZE); + hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, BLAKE2S_HASH_SIZE); memcpy(third_dst, output, third_len); out: diff --git a/include/crypto/blake2s.h b/include/crypto/blake2s.h index bc3fb59442ce..4e30e1799e61 100644 --- a/include/crypto/blake2s.h +++ b/include/crypto/blake2s.h @@ -101,7 +101,4 @@ static inline void blake2s(u8 *out, const u8 *in, const u8 *key, blake2s_final(&state, out); } -void blake2s256_hmac(u8 *out, const u8 *in, const u8 *key, const size_t inlen, - const size_t keylen); - #endif /* _CRYPTO_BLAKE2S_H */ diff --git a/lib/crypto/blake2s-selftest.c b/lib/crypto/blake2s-selftest.c index 5d9ea53be973..409e4b728770 100644 --- a/lib/crypto/blake2s-selftest.c +++ b/lib/crypto/blake2s-selftest.c @@ -15,7 +15,6 @@ * #include * * #include - * #include * * #define BLAKE2S_TESTVEC_COUNT 256 * @@ -58,16 +57,6 @@ * } * printf("};\n\n"); * - * printf("static const u8 blake2s_hmac_testvecs[][BLAKE2S_HASH_SIZE] __initconst = {\n"); - * - * HMAC(EVP_blake2s256(), key, sizeof(key), buf, sizeof(buf), hash, NULL); - * print_vec(hash, BLAKE2S_OUTBYTES); - * - * HMAC(EVP_blake2s256(), buf, sizeof(buf), key, sizeof(key), hash, NULL); - * print_vec(hash, BLAKE2S_OUTBYTES); - * - * printf("};\n"); - * * return 0; *} */ @@ -554,15 +543,6 @@ static const u8 blake2s_testvecs[][BLAKE2S_HASH_SIZE] __initconst = { 0xd6, 0x98, 0x6b, 0x07, 0x10, 0x65, 0x52, 0x65, }, }; -static const u8 blake2s_hmac_testvecs[][BLAKE2S_HASH_SIZE] __initconst = { - { 0xce, 0xe1, 0x57, 0x69, 0x82, 0xdc, 0xbf, 0x43, 0xad, 0x56, 0x4c, 0x70, - 0xed, 0x68, 0x16, 0x96, 0xcf, 0xa4, 0x73, 0xe8, 0xe8, 0xfc, 0x32, 0x79, - 0x08, 0x0a, 0x75, 0x82, 0xda, 0x3f, 0x05, 0x11, }, - { 0x77, 0x2f, 0x0c, 0x71, 0x41, 0xf4, 0x4b, 0x2b, 0xb3, 0xc6, 0xb6, 0xf9, - 0x60, 0xde, 0xe4, 0x52, 0x38, 0x66, 0xe8, 0xbf, 0x9b, 0x96, 0xc4, 0x9f, - 0x60, 0xd9, 0x24, 0x37, 0x99, 0xd6, 0xec, 0x31, }, -}; - bool __init blake2s_selftest(void) { u8 key[BLAKE2S_KEY_SIZE]; @@ -607,16 +587,5 @@ bool __init blake2s_selftest(void) } } - if (success) { - blake2s256_hmac(hash, buf, key, sizeof(buf), sizeof(key)); - success &= !memcmp(hash, blake2s_hmac_testvecs[0], BLAKE2S_HASH_SIZE); - - blake2s256_hmac(hash, key, buf, sizeof(key), sizeof(buf)); - success &= !memcmp(hash, blake2s_hmac_testvecs[1], BLAKE2S_HASH_SIZE); - - if (!success) - pr_err("blake2s256_hmac self-test: FAIL\n"); - } - return success; } diff --git a/lib/crypto/blake2s.c b/lib/crypto/blake2s.c index 93f2ae051370..9364f79937b8 100644 --- a/lib/crypto/blake2s.c +++ b/lib/crypto/blake2s.c @@ -30,43 +30,6 @@ void blake2s_final(struct blake2s_state *state, u8 *out) } EXPORT_SYMBOL(blake2s_final); -void blake2s256_hmac(u8 *out, const u8 *in, const u8 *key, const size_t inlen, - const size_t keylen) -{ - struct blake2s_state state; - u8 x_key[BLAKE2S_BLOCK_SIZE] __aligned(__alignof__(u32)) = { 0 }; - u8 i_hash[BLAKE2S_HASH_SIZE] __aligned(__alignof__(u32)); - int i; - - if (keylen > BLAKE2S_BLOCK_SIZE) { - blake2s_init(&state, BLAKE2S_HASH_SIZE); - blake2s_update(&state, key, keylen); - blake2s_final(&state, x_key); - } else - memcpy(x_key, key, keylen); - - for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) - x_key[i] ^= 0x36; - - blake2s_init(&state, BLAKE2S_HASH_SIZE); - blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); - blake2s_update(&state, in, inlen); - blake2s_final(&state, i_hash); - - for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) - x_key[i] ^= 0x5c ^ 0x36; - - blake2s_init(&state, BLAKE2S_HASH_SIZE); - blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); - blake2s_update(&state, i_hash, BLAKE2S_HASH_SIZE); - blake2s_final(&state, i_hash); - - memcpy(out, i_hash, BLAKE2S_HASH_SIZE); - memzero_explicit(x_key, BLAKE2S_BLOCK_SIZE); - memzero_explicit(i_hash, BLAKE2S_HASH_SIZE); -} -EXPORT_SYMBOL(blake2s256_hmac); - static int __init blake2s_mod_init(void) { if (!IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) && -- 2.34.1 From ardb at kernel.org Tue Jan 11 14:43:52 2022 From: ardb at kernel.org (Ard Biesheuvel) Date: Tue, 11 Jan 2022 15:43:52 +0100 Subject: [PATCH crypto 2/2] lib/crypto: blake2s: move hmac construction into wireguard In-Reply-To: <20220111134934.324663-3-Jason@zx2c4.com> References: <20220111134934.324663-1-Jason@zx2c4.com> <20220111134934.324663-3-Jason@zx2c4.com> Message-ID: On Tue, 11 Jan 2022 at 14:49, Jason A. Donenfeld wrote: > > Basically nobody should use blake2s in an HMAC construction; it already > has a keyed variant. But for unfortunately historical reasons, Noise, -ly > used by WireGuard, uses HKDF quite strictly, which means we have to use > this. Because this really shouldn't be used by others, this commit moves > it into wireguard's noise.c locally, so that kernels that aren't using > WireGuard don't get this superfluous code baked in. On m68k systems, > this shaves off ~314 bytes. > > Cc: Geert Uytterhoeven > Cc: Herbert Xu > Cc: Ard Biesheuvel > Cc: netdev at vger.kernel.org > Cc: wireguard at lists.zx2c4.com > Signed-off-by: Jason A. Donenfeld Acked-by: Ard Biesheuvel > --- > drivers/net/wireguard/noise.c | 45 ++++++++++++++++++++++++++++++----- > include/crypto/blake2s.h | 3 --- > lib/crypto/blake2s-selftest.c | 31 ------------------------ > lib/crypto/blake2s.c | 37 ---------------------------- > 4 files changed, 39 insertions(+), 77 deletions(-) > > diff --git a/drivers/net/wireguard/noise.c b/drivers/net/wireguard/noise.c > index c0cfd9b36c0b..720952b92e78 100644 > --- a/drivers/net/wireguard/noise.c > +++ b/drivers/net/wireguard/noise.c > @@ -302,6 +302,41 @@ void wg_noise_set_static_identity_private_key( > static_identity->static_public, private_key); > } > > +static void hmac(u8 *out, const u8 *in, const u8 *key, const size_t inlen, const size_t keylen) > +{ > + struct blake2s_state state; > + u8 x_key[BLAKE2S_BLOCK_SIZE] __aligned(__alignof__(u32)) = { 0 }; > + u8 i_hash[BLAKE2S_HASH_SIZE] __aligned(__alignof__(u32)); > + int i; > + > + if (keylen > BLAKE2S_BLOCK_SIZE) { > + blake2s_init(&state, BLAKE2S_HASH_SIZE); > + blake2s_update(&state, key, keylen); > + blake2s_final(&state, x_key); > + } else > + memcpy(x_key, key, keylen); > + > + for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) > + x_key[i] ^= 0x36; > + > + blake2s_init(&state, BLAKE2S_HASH_SIZE); > + blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); > + blake2s_update(&state, in, inlen); > + blake2s_final(&state, i_hash); > + > + for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) > + x_key[i] ^= 0x5c ^ 0x36; > + > + blake2s_init(&state, BLAKE2S_HASH_SIZE); > + blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); > + blake2s_update(&state, i_hash, BLAKE2S_HASH_SIZE); > + blake2s_final(&state, i_hash); > + > + memcpy(out, i_hash, BLAKE2S_HASH_SIZE); > + memzero_explicit(x_key, BLAKE2S_BLOCK_SIZE); > + memzero_explicit(i_hash, BLAKE2S_HASH_SIZE); > +} > + > /* This is Hugo Krawczyk's HKDF: > * - https://eprint.iacr.org/2010/264.pdf > * - https://tools.ietf.org/html/rfc5869 > @@ -322,14 +357,14 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data, > ((third_len || third_dst) && (!second_len || !second_dst)))); > > /* Extract entropy from data into secret */ > - blake2s256_hmac(secret, data, chaining_key, data_len, NOISE_HASH_LEN); > + hmac(secret, data, chaining_key, data_len, NOISE_HASH_LEN); > > if (!first_dst || !first_len) > goto out; > > /* Expand first key: key = secret, data = 0x1 */ > output[0] = 1; > - blake2s256_hmac(output, output, secret, 1, BLAKE2S_HASH_SIZE); > + hmac(output, output, secret, 1, BLAKE2S_HASH_SIZE); > memcpy(first_dst, output, first_len); > > if (!second_dst || !second_len) > @@ -337,8 +372,7 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data, > > /* Expand second key: key = secret, data = first-key || 0x2 */ > output[BLAKE2S_HASH_SIZE] = 2; > - blake2s256_hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, > - BLAKE2S_HASH_SIZE); > + hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, BLAKE2S_HASH_SIZE); > memcpy(second_dst, output, second_len); > > if (!third_dst || !third_len) > @@ -346,8 +380,7 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data, > > /* Expand third key: key = secret, data = second-key || 0x3 */ > output[BLAKE2S_HASH_SIZE] = 3; > - blake2s256_hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, > - BLAKE2S_HASH_SIZE); > + hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, BLAKE2S_HASH_SIZE); > memcpy(third_dst, output, third_len); > > out: > diff --git a/include/crypto/blake2s.h b/include/crypto/blake2s.h > index bc3fb59442ce..4e30e1799e61 100644 > --- a/include/crypto/blake2s.h > +++ b/include/crypto/blake2s.h > @@ -101,7 +101,4 @@ static inline void blake2s(u8 *out, const u8 *in, const u8 *key, > blake2s_final(&state, out); > } > > -void blake2s256_hmac(u8 *out, const u8 *in, const u8 *key, const size_t inlen, > - const size_t keylen); > - > #endif /* _CRYPTO_BLAKE2S_H */ > diff --git a/lib/crypto/blake2s-selftest.c b/lib/crypto/blake2s-selftest.c > index 5d9ea53be973..409e4b728770 100644 > --- a/lib/crypto/blake2s-selftest.c > +++ b/lib/crypto/blake2s-selftest.c > @@ -15,7 +15,6 @@ > * #include > * > * #include > - * #include > * > * #define BLAKE2S_TESTVEC_COUNT 256 > * > @@ -58,16 +57,6 @@ > * } > * printf("};\n\n"); > * > - * printf("static const u8 blake2s_hmac_testvecs[][BLAKE2S_HASH_SIZE] __initconst = {\n"); > - * > - * HMAC(EVP_blake2s256(), key, sizeof(key), buf, sizeof(buf), hash, NULL); > - * print_vec(hash, BLAKE2S_OUTBYTES); > - * > - * HMAC(EVP_blake2s256(), buf, sizeof(buf), key, sizeof(key), hash, NULL); > - * print_vec(hash, BLAKE2S_OUTBYTES); > - * > - * printf("};\n"); > - * > * return 0; > *} > */ > @@ -554,15 +543,6 @@ static const u8 blake2s_testvecs[][BLAKE2S_HASH_SIZE] __initconst = { > 0xd6, 0x98, 0x6b, 0x07, 0x10, 0x65, 0x52, 0x65, }, > }; > > -static const u8 blake2s_hmac_testvecs[][BLAKE2S_HASH_SIZE] __initconst = { > - { 0xce, 0xe1, 0x57, 0x69, 0x82, 0xdc, 0xbf, 0x43, 0xad, 0x56, 0x4c, 0x70, > - 0xed, 0x68, 0x16, 0x96, 0xcf, 0xa4, 0x73, 0xe8, 0xe8, 0xfc, 0x32, 0x79, > - 0x08, 0x0a, 0x75, 0x82, 0xda, 0x3f, 0x05, 0x11, }, > - { 0x77, 0x2f, 0x0c, 0x71, 0x41, 0xf4, 0x4b, 0x2b, 0xb3, 0xc6, 0xb6, 0xf9, > - 0x60, 0xde, 0xe4, 0x52, 0x38, 0x66, 0xe8, 0xbf, 0x9b, 0x96, 0xc4, 0x9f, > - 0x60, 0xd9, 0x24, 0x37, 0x99, 0xd6, 0xec, 0x31, }, > -}; > - > bool __init blake2s_selftest(void) > { > u8 key[BLAKE2S_KEY_SIZE]; > @@ -607,16 +587,5 @@ bool __init blake2s_selftest(void) > } > } > > - if (success) { > - blake2s256_hmac(hash, buf, key, sizeof(buf), sizeof(key)); > - success &= !memcmp(hash, blake2s_hmac_testvecs[0], BLAKE2S_HASH_SIZE); > - > - blake2s256_hmac(hash, key, buf, sizeof(key), sizeof(buf)); > - success &= !memcmp(hash, blake2s_hmac_testvecs[1], BLAKE2S_HASH_SIZE); > - > - if (!success) > - pr_err("blake2s256_hmac self-test: FAIL\n"); > - } > - > return success; > } > diff --git a/lib/crypto/blake2s.c b/lib/crypto/blake2s.c > index 93f2ae051370..9364f79937b8 100644 > --- a/lib/crypto/blake2s.c > +++ b/lib/crypto/blake2s.c > @@ -30,43 +30,6 @@ void blake2s_final(struct blake2s_state *state, u8 *out) > } > EXPORT_SYMBOL(blake2s_final); > > -void blake2s256_hmac(u8 *out, const u8 *in, const u8 *key, const size_t inlen, > - const size_t keylen) > -{ > - struct blake2s_state state; > - u8 x_key[BLAKE2S_BLOCK_SIZE] __aligned(__alignof__(u32)) = { 0 }; > - u8 i_hash[BLAKE2S_HASH_SIZE] __aligned(__alignof__(u32)); > - int i; > - > - if (keylen > BLAKE2S_BLOCK_SIZE) { > - blake2s_init(&state, BLAKE2S_HASH_SIZE); > - blake2s_update(&state, key, keylen); > - blake2s_final(&state, x_key); > - } else > - memcpy(x_key, key, keylen); > - > - for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) > - x_key[i] ^= 0x36; > - > - blake2s_init(&state, BLAKE2S_HASH_SIZE); > - blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); > - blake2s_update(&state, in, inlen); > - blake2s_final(&state, i_hash); > - > - for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) > - x_key[i] ^= 0x5c ^ 0x36; > - > - blake2s_init(&state, BLAKE2S_HASH_SIZE); > - blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); > - blake2s_update(&state, i_hash, BLAKE2S_HASH_SIZE); > - blake2s_final(&state, i_hash); > - > - memcpy(out, i_hash, BLAKE2S_HASH_SIZE); > - memzero_explicit(x_key, BLAKE2S_BLOCK_SIZE); > - memzero_explicit(i_hash, BLAKE2S_HASH_SIZE); > -} > -EXPORT_SYMBOL(blake2s256_hmac); > - > static int __init blake2s_mod_init(void) > { > if (!IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) && > -- > 2.34.1 > From bigeasy at linutronix.de Tue Jan 11 15:40:31 2022 From: bigeasy at linutronix.de (Sebastian Andrzej Siewior) Date: Tue, 11 Jan 2022 16:40:31 +0100 Subject: [RFC] wiregard RX packet processing. In-Reply-To: References: <20211208173205.zajfvg6zvi4g5kln@linutronix.de> Message-ID: On 2021-12-20 18:29:49 [+0100], Jason A. Donenfeld wrote: > Hi Sebastian, > > Seems like you've identified two things, the use of need_resched, and > potentially surrounding napi_schedule in local_bh_{disable,enable}. > > Regarding need_resched, I pulled that out of other code that seemed to > have the "same requirements", as vaguely conceived. It indeed might > not be right. The intent is to have that worker running at maximum > throughput for extended periods of time, but not preventing other > threads from running elsewhere, so that, e.g., a user's machine > doesn't have a jenky mouse when downloading a file. > > What are the effects of unconditionally calling cond_resched() without > checking for if (need_resched())? Sounds like you're saying none at > all? I stand to be corrected but "if need_resched() cond_resched())" is not something one should do. If you hold a lock and need to drop it first and und you don't want to drop the lock if there is no need for scheduling then there is cond_resched_lock() for instance. If you need to do something more complex (say set a marker if you drop the lock) then okay _but_ in this case you do more than just the "if ?" from above. cond_resched() gets optimized away on a preemptible kernel. The side effect is that you have always a branch (to cond_resched()) including a possible RCU section (urgently needed quiescent state). > Regarding napi_schedule, I actually wasn't aware that it's requirement > to _only_ ever run from softirq was a strict one. When I switched to > using napi_schedule in this way, throughput really jumped up > significantly. Part of this indeed is from the batching, so that the > napi callback can then handle more packets in one go later. But I > assumed it was something inside of NAPI that was batching and > scheduling it, rather than a mistake on my part to call this from a wq > and not from a softirq. There is no strict requirement to do napi_schedule() from hard-IRQ but it makes sense actually. So napi_schedule() invokes __raise_softirq_irqoff() which only ors a bit in the softirq state. Nothing else. The only reason that the softirq is invoked in a deterministic way is that irq_exit() has this "if (local_softirq_pending()) invoke_softirq()" check before returing (to interrupted user/ kernel code). So if you use it in a worker (for instance) the NAPI call is delayed until the next IRQ (due to irq_exit() part) or a random local_bh_enable() user. > What, then, are the effects of surrounding that in > local_bh_{disable,enable} as you've done in the patch? You mentioned > one aspect is that it will "invoke wg_packet_rx_poll() where you see > only one skb." It sounds like that'd be bad for performance, though, > given that the design of napi is really geared toward batching. As Toke H?iland-J?rgensen wrote in the previous reply, I missed the BH disable/ enable in ptr_ring_consume_bh(). So what happens is that ptr_ring_consume_bh() gives you one skb, you do wg_queue_enqueue_per_peer_rx() which raises NAPI then the following ptr_ring_consume_bh() (that local_bh_enable() to be exact) invokes the NAPI callback (I guess wg_packet_rx_poll() but as I wrote earlier, I didn't figure out how the skbs move from here to the other queue for that callback). So there is probably no batching assuming that one skb is processed in the NAPI callback. > Jason Sebastian From Jason at zx2c4.com Tue Jan 11 18:10:35 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Tue, 11 Jan 2022 19:10:35 +0100 Subject: [PATCH crypto v2 0/2] reduce code size from blake2s on m68k and other small platforms In-Reply-To: <20220111134934.324663-1-Jason@zx2c4.com> References: <20220111134934.324663-1-Jason@zx2c4.com> Message-ID: <20220111181037.632969-1-Jason@zx2c4.com> Hi, Geert emailed me this afternoon concerned about blake2s codesize on m68k and other small systems. We identified two effective ways of chopping down the size. One of them moves some wireguard-specific things into wireguard proper. The other one adds a slower codepath for small machines to blake2s. This worked, and was v1 of this patchset, but I wasn't so much of a fan. Then someone pointed out that the generic C SHA-1 implementation is still unrolled, which is a *lot* of extra code. Simply rerolling that saves about as much as v1 did. So, we instead do that in this v2 patchset. SHA-1 is being phased out, and soon it won't be included at all (hopefully). And nothing performance-oriented has anything to do with it anyway. The result of these two patches mitigates Geert's feared code size increase for 5.17. Thanks, Jason Jason A. Donenfeld (2): lib/crypto: blake2s: move hmac construction into wireguard lib/crypto: sha1: re-roll loops to reduce code size drivers/net/wireguard/noise.c | 45 +++++++++++-- include/crypto/blake2s.h | 3 - lib/crypto/blake2s-selftest.c | 31 --------- lib/crypto/blake2s.c | 37 ----------- lib/sha1.c | 117 ++++++++-------------------------- 5 files changed, 64 insertions(+), 169 deletions(-) -- 2.34.1 From Jason at zx2c4.com Tue Jan 11 18:10:36 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Tue, 11 Jan 2022 19:10:36 +0100 Subject: [PATCH crypto v2 1/2] lib/crypto: blake2s: move hmac construction into wireguard In-Reply-To: <20220111181037.632969-1-Jason@zx2c4.com> References: <20220111134934.324663-1-Jason@zx2c4.com> <20220111181037.632969-1-Jason@zx2c4.com> Message-ID: <20220111181037.632969-2-Jason@zx2c4.com> Basically nobody should use blake2s in an HMAC construction; it already has a keyed variant. But unfortunately for historical reasons, Noise, used by WireGuard, uses HKDF quite strictly, which means we have to use this. Because this really shouldn't be used by others, this commit moves it into wireguard's noise.c locally, so that kernels that aren't using WireGuard don't get this superfluous code baked in. On m68k systems, this shaves off ~314 bytes. Cc: Geert Uytterhoeven Cc: Herbert Xu Acked-by: Ard Biesheuvel Signed-off-by: Jason A. Donenfeld --- drivers/net/wireguard/noise.c | 45 ++++++++++++++++++++++++++++++----- include/crypto/blake2s.h | 3 --- lib/crypto/blake2s-selftest.c | 31 ------------------------ lib/crypto/blake2s.c | 37 ---------------------------- 4 files changed, 39 insertions(+), 77 deletions(-) diff --git a/drivers/net/wireguard/noise.c b/drivers/net/wireguard/noise.c index c0cfd9b36c0b..720952b92e78 100644 --- a/drivers/net/wireguard/noise.c +++ b/drivers/net/wireguard/noise.c @@ -302,6 +302,41 @@ void wg_noise_set_static_identity_private_key( static_identity->static_public, private_key); } +static void hmac(u8 *out, const u8 *in, const u8 *key, const size_t inlen, const size_t keylen) +{ + struct blake2s_state state; + u8 x_key[BLAKE2S_BLOCK_SIZE] __aligned(__alignof__(u32)) = { 0 }; + u8 i_hash[BLAKE2S_HASH_SIZE] __aligned(__alignof__(u32)); + int i; + + if (keylen > BLAKE2S_BLOCK_SIZE) { + blake2s_init(&state, BLAKE2S_HASH_SIZE); + blake2s_update(&state, key, keylen); + blake2s_final(&state, x_key); + } else + memcpy(x_key, key, keylen); + + for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) + x_key[i] ^= 0x36; + + blake2s_init(&state, BLAKE2S_HASH_SIZE); + blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); + blake2s_update(&state, in, inlen); + blake2s_final(&state, i_hash); + + for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) + x_key[i] ^= 0x5c ^ 0x36; + + blake2s_init(&state, BLAKE2S_HASH_SIZE); + blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); + blake2s_update(&state, i_hash, BLAKE2S_HASH_SIZE); + blake2s_final(&state, i_hash); + + memcpy(out, i_hash, BLAKE2S_HASH_SIZE); + memzero_explicit(x_key, BLAKE2S_BLOCK_SIZE); + memzero_explicit(i_hash, BLAKE2S_HASH_SIZE); +} + /* This is Hugo Krawczyk's HKDF: * - https://eprint.iacr.org/2010/264.pdf * - https://tools.ietf.org/html/rfc5869 @@ -322,14 +357,14 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data, ((third_len || third_dst) && (!second_len || !second_dst)))); /* Extract entropy from data into secret */ - blake2s256_hmac(secret, data, chaining_key, data_len, NOISE_HASH_LEN); + hmac(secret, data, chaining_key, data_len, NOISE_HASH_LEN); if (!first_dst || !first_len) goto out; /* Expand first key: key = secret, data = 0x1 */ output[0] = 1; - blake2s256_hmac(output, output, secret, 1, BLAKE2S_HASH_SIZE); + hmac(output, output, secret, 1, BLAKE2S_HASH_SIZE); memcpy(first_dst, output, first_len); if (!second_dst || !second_len) @@ -337,8 +372,7 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data, /* Expand second key: key = secret, data = first-key || 0x2 */ output[BLAKE2S_HASH_SIZE] = 2; - blake2s256_hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, - BLAKE2S_HASH_SIZE); + hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, BLAKE2S_HASH_SIZE); memcpy(second_dst, output, second_len); if (!third_dst || !third_len) @@ -346,8 +380,7 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data, /* Expand third key: key = secret, data = second-key || 0x3 */ output[BLAKE2S_HASH_SIZE] = 3; - blake2s256_hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, - BLAKE2S_HASH_SIZE); + hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, BLAKE2S_HASH_SIZE); memcpy(third_dst, output, third_len); out: diff --git a/include/crypto/blake2s.h b/include/crypto/blake2s.h index bc3fb59442ce..4e30e1799e61 100644 --- a/include/crypto/blake2s.h +++ b/include/crypto/blake2s.h @@ -101,7 +101,4 @@ static inline void blake2s(u8 *out, const u8 *in, const u8 *key, blake2s_final(&state, out); } -void blake2s256_hmac(u8 *out, const u8 *in, const u8 *key, const size_t inlen, - const size_t keylen); - #endif /* _CRYPTO_BLAKE2S_H */ diff --git a/lib/crypto/blake2s-selftest.c b/lib/crypto/blake2s-selftest.c index 5d9ea53be973..409e4b728770 100644 --- a/lib/crypto/blake2s-selftest.c +++ b/lib/crypto/blake2s-selftest.c @@ -15,7 +15,6 @@ * #include * * #include - * #include * * #define BLAKE2S_TESTVEC_COUNT 256 * @@ -58,16 +57,6 @@ * } * printf("};\n\n"); * - * printf("static const u8 blake2s_hmac_testvecs[][BLAKE2S_HASH_SIZE] __initconst = {\n"); - * - * HMAC(EVP_blake2s256(), key, sizeof(key), buf, sizeof(buf), hash, NULL); - * print_vec(hash, BLAKE2S_OUTBYTES); - * - * HMAC(EVP_blake2s256(), buf, sizeof(buf), key, sizeof(key), hash, NULL); - * print_vec(hash, BLAKE2S_OUTBYTES); - * - * printf("};\n"); - * * return 0; *} */ @@ -554,15 +543,6 @@ static const u8 blake2s_testvecs[][BLAKE2S_HASH_SIZE] __initconst = { 0xd6, 0x98, 0x6b, 0x07, 0x10, 0x65, 0x52, 0x65, }, }; -static const u8 blake2s_hmac_testvecs[][BLAKE2S_HASH_SIZE] __initconst = { - { 0xce, 0xe1, 0x57, 0x69, 0x82, 0xdc, 0xbf, 0x43, 0xad, 0x56, 0x4c, 0x70, - 0xed, 0x68, 0x16, 0x96, 0xcf, 0xa4, 0x73, 0xe8, 0xe8, 0xfc, 0x32, 0x79, - 0x08, 0x0a, 0x75, 0x82, 0xda, 0x3f, 0x05, 0x11, }, - { 0x77, 0x2f, 0x0c, 0x71, 0x41, 0xf4, 0x4b, 0x2b, 0xb3, 0xc6, 0xb6, 0xf9, - 0x60, 0xde, 0xe4, 0x52, 0x38, 0x66, 0xe8, 0xbf, 0x9b, 0x96, 0xc4, 0x9f, - 0x60, 0xd9, 0x24, 0x37, 0x99, 0xd6, 0xec, 0x31, }, -}; - bool __init blake2s_selftest(void) { u8 key[BLAKE2S_KEY_SIZE]; @@ -607,16 +587,5 @@ bool __init blake2s_selftest(void) } } - if (success) { - blake2s256_hmac(hash, buf, key, sizeof(buf), sizeof(key)); - success &= !memcmp(hash, blake2s_hmac_testvecs[0], BLAKE2S_HASH_SIZE); - - blake2s256_hmac(hash, key, buf, sizeof(key), sizeof(buf)); - success &= !memcmp(hash, blake2s_hmac_testvecs[1], BLAKE2S_HASH_SIZE); - - if (!success) - pr_err("blake2s256_hmac self-test: FAIL\n"); - } - return success; } diff --git a/lib/crypto/blake2s.c b/lib/crypto/blake2s.c index 93f2ae051370..9364f79937b8 100644 --- a/lib/crypto/blake2s.c +++ b/lib/crypto/blake2s.c @@ -30,43 +30,6 @@ void blake2s_final(struct blake2s_state *state, u8 *out) } EXPORT_SYMBOL(blake2s_final); -void blake2s256_hmac(u8 *out, const u8 *in, const u8 *key, const size_t inlen, - const size_t keylen) -{ - struct blake2s_state state; - u8 x_key[BLAKE2S_BLOCK_SIZE] __aligned(__alignof__(u32)) = { 0 }; - u8 i_hash[BLAKE2S_HASH_SIZE] __aligned(__alignof__(u32)); - int i; - - if (keylen > BLAKE2S_BLOCK_SIZE) { - blake2s_init(&state, BLAKE2S_HASH_SIZE); - blake2s_update(&state, key, keylen); - blake2s_final(&state, x_key); - } else - memcpy(x_key, key, keylen); - - for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) - x_key[i] ^= 0x36; - - blake2s_init(&state, BLAKE2S_HASH_SIZE); - blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); - blake2s_update(&state, in, inlen); - blake2s_final(&state, i_hash); - - for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) - x_key[i] ^= 0x5c ^ 0x36; - - blake2s_init(&state, BLAKE2S_HASH_SIZE); - blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); - blake2s_update(&state, i_hash, BLAKE2S_HASH_SIZE); - blake2s_final(&state, i_hash); - - memcpy(out, i_hash, BLAKE2S_HASH_SIZE); - memzero_explicit(x_key, BLAKE2S_BLOCK_SIZE); - memzero_explicit(i_hash, BLAKE2S_HASH_SIZE); -} -EXPORT_SYMBOL(blake2s256_hmac); - static int __init blake2s_mod_init(void) { if (!IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) && -- 2.34.1 From Jason at zx2c4.com Tue Jan 11 18:10:37 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Tue, 11 Jan 2022 19:10:37 +0100 Subject: [PATCH crypto v2 2/2] lib/crypto: sha1: re-roll loops to reduce code size In-Reply-To: <20220111181037.632969-1-Jason@zx2c4.com> References: <20220111134934.324663-1-Jason@zx2c4.com> <20220111181037.632969-1-Jason@zx2c4.com> Message-ID: <20220111181037.632969-3-Jason@zx2c4.com> With SHA-1 no longer being used for anything performance oriented, and also soon to be phased out entirely, we can make up for the space added by unrolled BLAKE2s by simply re-rolling SHA-1. Since SHA-1 is so much more complex, re-rolling it more or less takes care of the code size added by BLAKE2s. And eventually, hopefully we'll see SHA-1 removed entirely from most small kernel builds. Cc: Geert Uytterhoeven Cc: Herbert Xu Cc: Ard Biesheuvel Signed-off-by: Jason A. Donenfeld --- lib/sha1.c | 117 ++++++++++++----------------------------------------- 1 file changed, 25 insertions(+), 92 deletions(-) diff --git a/lib/sha1.c b/lib/sha1.c index 9bd1935a1472..f2acfa294e64 100644 --- a/lib/sha1.c +++ b/lib/sha1.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -83,109 +84,41 @@ */ void sha1_transform(__u32 *digest, const char *data, __u32 *array) { - __u32 A, B, C, D, E; + u32 d[5]; + unsigned int i = 0; - A = digest[0]; - B = digest[1]; - C = digest[2]; - D = digest[3]; - E = digest[4]; + memcpy(d, digest, sizeof(d)); /* Round 1 - iterations 0-16 take their input from 'data' */ - T_0_15( 0, A, B, C, D, E); - T_0_15( 1, E, A, B, C, D); - T_0_15( 2, D, E, A, B, C); - T_0_15( 3, C, D, E, A, B); - T_0_15( 4, B, C, D, E, A); - T_0_15( 5, A, B, C, D, E); - T_0_15( 6, E, A, B, C, D); - T_0_15( 7, D, E, A, B, C); - T_0_15( 8, C, D, E, A, B); - T_0_15( 9, B, C, D, E, A); - T_0_15(10, A, B, C, D, E); - T_0_15(11, E, A, B, C, D); - T_0_15(12, D, E, A, B, C); - T_0_15(13, C, D, E, A, B); - T_0_15(14, B, C, D, E, A); - T_0_15(15, A, B, C, D, E); + for (; i < 16; ++i) + T_0_15(i, d[(-6 - i) % 5], d[(-5 - i) % 5], + d[(-4 - i) % 5], d[(-3 - i) % 5], d[(-2 - i) % 5]); /* Round 1 - tail. Input from 512-bit mixing array */ - T_16_19(16, E, A, B, C, D); - T_16_19(17, D, E, A, B, C); - T_16_19(18, C, D, E, A, B); - T_16_19(19, B, C, D, E, A); + for (; i < 20; ++i) + T_16_19(i, d[(-6 - i) % 5], d[(-5 - i) % 5], + d[(-4 - i) % 5], d[(-3 - i) % 5], d[(-2 - i) % 5]); /* Round 2 */ - T_20_39(20, A, B, C, D, E); - T_20_39(21, E, A, B, C, D); - T_20_39(22, D, E, A, B, C); - T_20_39(23, C, D, E, A, B); - T_20_39(24, B, C, D, E, A); - T_20_39(25, A, B, C, D, E); - T_20_39(26, E, A, B, C, D); - T_20_39(27, D, E, A, B, C); - T_20_39(28, C, D, E, A, B); - T_20_39(29, B, C, D, E, A); - T_20_39(30, A, B, C, D, E); - T_20_39(31, E, A, B, C, D); - T_20_39(32, D, E, A, B, C); - T_20_39(33, C, D, E, A, B); - T_20_39(34, B, C, D, E, A); - T_20_39(35, A, B, C, D, E); - T_20_39(36, E, A, B, C, D); - T_20_39(37, D, E, A, B, C); - T_20_39(38, C, D, E, A, B); - T_20_39(39, B, C, D, E, A); + for (; i < 40; ++i) + T_20_39(i, d[(-6 - i) % 5], d[(-5 - i) % 5], + d[(-4 - i) % 5], d[(-3 - i) % 5], d[(-2 - i) % 5]); /* Round 3 */ - T_40_59(40, A, B, C, D, E); - T_40_59(41, E, A, B, C, D); - T_40_59(42, D, E, A, B, C); - T_40_59(43, C, D, E, A, B); - T_40_59(44, B, C, D, E, A); - T_40_59(45, A, B, C, D, E); - T_40_59(46, E, A, B, C, D); - T_40_59(47, D, E, A, B, C); - T_40_59(48, C, D, E, A, B); - T_40_59(49, B, C, D, E, A); - T_40_59(50, A, B, C, D, E); - T_40_59(51, E, A, B, C, D); - T_40_59(52, D, E, A, B, C); - T_40_59(53, C, D, E, A, B); - T_40_59(54, B, C, D, E, A); - T_40_59(55, A, B, C, D, E); - T_40_59(56, E, A, B, C, D); - T_40_59(57, D, E, A, B, C); - T_40_59(58, C, D, E, A, B); - T_40_59(59, B, C, D, E, A); + for (; i < 60; ++i) + T_40_59(i, d[(-6 - i) % 5], d[(-5 - i) % 5], + d[(-4 - i) % 5], d[(-3 - i) % 5], d[(-2 - i) % 5]); /* Round 4 */ - T_60_79(60, A, B, C, D, E); - T_60_79(61, E, A, B, C, D); - T_60_79(62, D, E, A, B, C); - T_60_79(63, C, D, E, A, B); - T_60_79(64, B, C, D, E, A); - T_60_79(65, A, B, C, D, E); - T_60_79(66, E, A, B, C, D); - T_60_79(67, D, E, A, B, C); - T_60_79(68, C, D, E, A, B); - T_60_79(69, B, C, D, E, A); - T_60_79(70, A, B, C, D, E); - T_60_79(71, E, A, B, C, D); - T_60_79(72, D, E, A, B, C); - T_60_79(73, C, D, E, A, B); - T_60_79(74, B, C, D, E, A); - T_60_79(75, A, B, C, D, E); - T_60_79(76, E, A, B, C, D); - T_60_79(77, D, E, A, B, C); - T_60_79(78, C, D, E, A, B); - T_60_79(79, B, C, D, E, A); - - digest[0] += A; - digest[1] += B; - digest[2] += C; - digest[3] += D; - digest[4] += E; + for (; i < 80; ++i) + T_60_79(i, d[(-6 - i) % 5], d[(-5 - i) % 5], + d[(-4 - i) % 5], d[(-3 - i) % 5], d[(-2 - i) % 5]); + + digest[0] += d[0]; + digest[1] += d[1]; + digest[2] += d[2]; + digest[3] += d[3]; + digest[4] += d[4]; } EXPORT_SYMBOL(sha1_transform); -- 2.34.1 From Jason at zx2c4.com Tue Jan 11 22:05:04 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Tue, 11 Jan 2022 23:05:04 +0100 Subject: [PATCH crypto v3 0/2] reduce code size from blake2s on m68k and other small platforms In-Reply-To: <20220111181037.632969-1-Jason@zx2c4.com> References: <20220111181037.632969-1-Jason@zx2c4.com> Message-ID: <20220111220506.742067-1-Jason@zx2c4.com> Hi, Geert emailed me this afternoon concerned about blake2s codesize on m68k and other small systems. We identified two effective ways of chopping down the size. One of them moves some wireguard-specific things into wireguard proper. The other one adds a slower codepath for small machines to blake2s. This worked, and was v1 of this patchset, but I wasn't so much of a fan. Then someone pointed out that the generic C SHA-1 implementation is still unrolled, which is a *lot* of extra code. Simply rerolling that saves about as much as v1 did. So, we instead do that in this patchset. SHA-1 is being phased out, and soon it won't be included at all (hopefully). And nothing performance-oriented has anything to do with it anyway. The result of these two patches mitigates Geert's feared code size increase for 5.17. v3 improves on v2 by making the re-rolling of SHA-1 much simpler, resulting in even larger code size reduction and much better performance. The reason I'm sending yet a third version in such a short amount of time is because the trick here feels obvious and substantial enough that I'd hate for Geert to waste time measuring the impact of the previous commit. Thanks, Jason Jason A. Donenfeld (2): lib/crypto: blake2s: move hmac construction into wireguard lib/crypto: sha1: re-roll loops to reduce code size drivers/net/wireguard/noise.c | 45 ++++++++++++++--- include/crypto/blake2s.h | 3 -- lib/crypto/blake2s-selftest.c | 31 ------------ lib/crypto/blake2s.c | 37 -------------- lib/sha1.c | 95 ++++++----------------------------- 5 files changed, 53 insertions(+), 158 deletions(-) -- 2.34.1 From Jason at zx2c4.com Tue Jan 11 22:05:05 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Tue, 11 Jan 2022 23:05:05 +0100 Subject: [PATCH crypto v3 1/2] lib/crypto: blake2s: move hmac construction into wireguard In-Reply-To: <20220111220506.742067-1-Jason@zx2c4.com> References: <20220111181037.632969-1-Jason@zx2c4.com> <20220111220506.742067-1-Jason@zx2c4.com> Message-ID: <20220111220506.742067-2-Jason@zx2c4.com> Basically nobody should use blake2s in an HMAC construction; it already has a keyed variant. But unfortunately for historical reasons, Noise, used by WireGuard, uses HKDF quite strictly, which means we have to use this. Because this really shouldn't be used by others, this commit moves it into wireguard's noise.c locally, so that kernels that aren't using WireGuard don't get this superfluous code baked in. On m68k systems, this shaves off ~314 bytes. Cc: Geert Uytterhoeven Cc: Herbert Xu Acked-by: Ard Biesheuvel Signed-off-by: Jason A. Donenfeld --- drivers/net/wireguard/noise.c | 45 ++++++++++++++++++++++++++++++----- include/crypto/blake2s.h | 3 --- lib/crypto/blake2s-selftest.c | 31 ------------------------ lib/crypto/blake2s.c | 37 ---------------------------- 4 files changed, 39 insertions(+), 77 deletions(-) diff --git a/drivers/net/wireguard/noise.c b/drivers/net/wireguard/noise.c index c0cfd9b36c0b..720952b92e78 100644 --- a/drivers/net/wireguard/noise.c +++ b/drivers/net/wireguard/noise.c @@ -302,6 +302,41 @@ void wg_noise_set_static_identity_private_key( static_identity->static_public, private_key); } +static void hmac(u8 *out, const u8 *in, const u8 *key, const size_t inlen, const size_t keylen) +{ + struct blake2s_state state; + u8 x_key[BLAKE2S_BLOCK_SIZE] __aligned(__alignof__(u32)) = { 0 }; + u8 i_hash[BLAKE2S_HASH_SIZE] __aligned(__alignof__(u32)); + int i; + + if (keylen > BLAKE2S_BLOCK_SIZE) { + blake2s_init(&state, BLAKE2S_HASH_SIZE); + blake2s_update(&state, key, keylen); + blake2s_final(&state, x_key); + } else + memcpy(x_key, key, keylen); + + for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) + x_key[i] ^= 0x36; + + blake2s_init(&state, BLAKE2S_HASH_SIZE); + blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); + blake2s_update(&state, in, inlen); + blake2s_final(&state, i_hash); + + for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) + x_key[i] ^= 0x5c ^ 0x36; + + blake2s_init(&state, BLAKE2S_HASH_SIZE); + blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); + blake2s_update(&state, i_hash, BLAKE2S_HASH_SIZE); + blake2s_final(&state, i_hash); + + memcpy(out, i_hash, BLAKE2S_HASH_SIZE); + memzero_explicit(x_key, BLAKE2S_BLOCK_SIZE); + memzero_explicit(i_hash, BLAKE2S_HASH_SIZE); +} + /* This is Hugo Krawczyk's HKDF: * - https://eprint.iacr.org/2010/264.pdf * - https://tools.ietf.org/html/rfc5869 @@ -322,14 +357,14 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data, ((third_len || third_dst) && (!second_len || !second_dst)))); /* Extract entropy from data into secret */ - blake2s256_hmac(secret, data, chaining_key, data_len, NOISE_HASH_LEN); + hmac(secret, data, chaining_key, data_len, NOISE_HASH_LEN); if (!first_dst || !first_len) goto out; /* Expand first key: key = secret, data = 0x1 */ output[0] = 1; - blake2s256_hmac(output, output, secret, 1, BLAKE2S_HASH_SIZE); + hmac(output, output, secret, 1, BLAKE2S_HASH_SIZE); memcpy(first_dst, output, first_len); if (!second_dst || !second_len) @@ -337,8 +372,7 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data, /* Expand second key: key = secret, data = first-key || 0x2 */ output[BLAKE2S_HASH_SIZE] = 2; - blake2s256_hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, - BLAKE2S_HASH_SIZE); + hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, BLAKE2S_HASH_SIZE); memcpy(second_dst, output, second_len); if (!third_dst || !third_len) @@ -346,8 +380,7 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data, /* Expand third key: key = secret, data = second-key || 0x3 */ output[BLAKE2S_HASH_SIZE] = 3; - blake2s256_hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, - BLAKE2S_HASH_SIZE); + hmac(output, output, secret, BLAKE2S_HASH_SIZE + 1, BLAKE2S_HASH_SIZE); memcpy(third_dst, output, third_len); out: diff --git a/include/crypto/blake2s.h b/include/crypto/blake2s.h index bc3fb59442ce..4e30e1799e61 100644 --- a/include/crypto/blake2s.h +++ b/include/crypto/blake2s.h @@ -101,7 +101,4 @@ static inline void blake2s(u8 *out, const u8 *in, const u8 *key, blake2s_final(&state, out); } -void blake2s256_hmac(u8 *out, const u8 *in, const u8 *key, const size_t inlen, - const size_t keylen); - #endif /* _CRYPTO_BLAKE2S_H */ diff --git a/lib/crypto/blake2s-selftest.c b/lib/crypto/blake2s-selftest.c index 5d9ea53be973..409e4b728770 100644 --- a/lib/crypto/blake2s-selftest.c +++ b/lib/crypto/blake2s-selftest.c @@ -15,7 +15,6 @@ * #include * * #include - * #include * * #define BLAKE2S_TESTVEC_COUNT 256 * @@ -58,16 +57,6 @@ * } * printf("};\n\n"); * - * printf("static const u8 blake2s_hmac_testvecs[][BLAKE2S_HASH_SIZE] __initconst = {\n"); - * - * HMAC(EVP_blake2s256(), key, sizeof(key), buf, sizeof(buf), hash, NULL); - * print_vec(hash, BLAKE2S_OUTBYTES); - * - * HMAC(EVP_blake2s256(), buf, sizeof(buf), key, sizeof(key), hash, NULL); - * print_vec(hash, BLAKE2S_OUTBYTES); - * - * printf("};\n"); - * * return 0; *} */ @@ -554,15 +543,6 @@ static const u8 blake2s_testvecs[][BLAKE2S_HASH_SIZE] __initconst = { 0xd6, 0x98, 0x6b, 0x07, 0x10, 0x65, 0x52, 0x65, }, }; -static const u8 blake2s_hmac_testvecs[][BLAKE2S_HASH_SIZE] __initconst = { - { 0xce, 0xe1, 0x57, 0x69, 0x82, 0xdc, 0xbf, 0x43, 0xad, 0x56, 0x4c, 0x70, - 0xed, 0x68, 0x16, 0x96, 0xcf, 0xa4, 0x73, 0xe8, 0xe8, 0xfc, 0x32, 0x79, - 0x08, 0x0a, 0x75, 0x82, 0xda, 0x3f, 0x05, 0x11, }, - { 0x77, 0x2f, 0x0c, 0x71, 0x41, 0xf4, 0x4b, 0x2b, 0xb3, 0xc6, 0xb6, 0xf9, - 0x60, 0xde, 0xe4, 0x52, 0x38, 0x66, 0xe8, 0xbf, 0x9b, 0x96, 0xc4, 0x9f, - 0x60, 0xd9, 0x24, 0x37, 0x99, 0xd6, 0xec, 0x31, }, -}; - bool __init blake2s_selftest(void) { u8 key[BLAKE2S_KEY_SIZE]; @@ -607,16 +587,5 @@ bool __init blake2s_selftest(void) } } - if (success) { - blake2s256_hmac(hash, buf, key, sizeof(buf), sizeof(key)); - success &= !memcmp(hash, blake2s_hmac_testvecs[0], BLAKE2S_HASH_SIZE); - - blake2s256_hmac(hash, key, buf, sizeof(key), sizeof(buf)); - success &= !memcmp(hash, blake2s_hmac_testvecs[1], BLAKE2S_HASH_SIZE); - - if (!success) - pr_err("blake2s256_hmac self-test: FAIL\n"); - } - return success; } diff --git a/lib/crypto/blake2s.c b/lib/crypto/blake2s.c index 93f2ae051370..9364f79937b8 100644 --- a/lib/crypto/blake2s.c +++ b/lib/crypto/blake2s.c @@ -30,43 +30,6 @@ void blake2s_final(struct blake2s_state *state, u8 *out) } EXPORT_SYMBOL(blake2s_final); -void blake2s256_hmac(u8 *out, const u8 *in, const u8 *key, const size_t inlen, - const size_t keylen) -{ - struct blake2s_state state; - u8 x_key[BLAKE2S_BLOCK_SIZE] __aligned(__alignof__(u32)) = { 0 }; - u8 i_hash[BLAKE2S_HASH_SIZE] __aligned(__alignof__(u32)); - int i; - - if (keylen > BLAKE2S_BLOCK_SIZE) { - blake2s_init(&state, BLAKE2S_HASH_SIZE); - blake2s_update(&state, key, keylen); - blake2s_final(&state, x_key); - } else - memcpy(x_key, key, keylen); - - for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) - x_key[i] ^= 0x36; - - blake2s_init(&state, BLAKE2S_HASH_SIZE); - blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); - blake2s_update(&state, in, inlen); - blake2s_final(&state, i_hash); - - for (i = 0; i < BLAKE2S_BLOCK_SIZE; ++i) - x_key[i] ^= 0x5c ^ 0x36; - - blake2s_init(&state, BLAKE2S_HASH_SIZE); - blake2s_update(&state, x_key, BLAKE2S_BLOCK_SIZE); - blake2s_update(&state, i_hash, BLAKE2S_HASH_SIZE); - blake2s_final(&state, i_hash); - - memcpy(out, i_hash, BLAKE2S_HASH_SIZE); - memzero_explicit(x_key, BLAKE2S_BLOCK_SIZE); - memzero_explicit(i_hash, BLAKE2S_HASH_SIZE); -} -EXPORT_SYMBOL(blake2s256_hmac); - static int __init blake2s_mod_init(void) { if (!IS_ENABLED(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS) && -- 2.34.1 From Jason at zx2c4.com Tue Jan 11 22:05:06 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Tue, 11 Jan 2022 23:05:06 +0100 Subject: [PATCH crypto v3 2/2] lib/crypto: sha1: re-roll loops to reduce code size In-Reply-To: <20220111220506.742067-1-Jason@zx2c4.com> References: <20220111181037.632969-1-Jason@zx2c4.com> <20220111220506.742067-1-Jason@zx2c4.com> Message-ID: <20220111220506.742067-3-Jason@zx2c4.com> With SHA-1 no longer being used for anything performance oriented, and also soon to be phased out entirely, we can make up for the space added by unrolled BLAKE2s by simply re-rolling SHA-1. Since SHA-1 is so much more complex, re-rolling it more or less takes care of the code size added by BLAKE2s. And eventually, hopefully we'll see SHA-1 removed entirely from most small kernel builds. Cc: Geert Uytterhoeven Cc: Herbert Xu Cc: Ard Biesheuvel Signed-off-by: Jason A. Donenfeld --- lib/sha1.c | 95 ++++++++---------------------------------------------- 1 file changed, 14 insertions(+), 81 deletions(-) diff --git a/lib/sha1.c b/lib/sha1.c index 9bd1935a1472..0494766fc574 100644 --- a/lib/sha1.c +++ b/lib/sha1.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -55,7 +56,8 @@ #define SHA_ROUND(t, input, fn, constant, A, B, C, D, E) do { \ __u32 TEMP = input(t); setW(t, TEMP); \ E += TEMP + rol32(A,5) + (fn) + (constant); \ - B = ror32(B, 2); } while (0) + B = ror32(B, 2); \ + TEMP = E; E = D; D = C; C = B; B = A; A = TEMP; } while (0) #define T_0_15(t, A, B, C, D, E) SHA_ROUND(t, SHA_SRC, (((C^D)&B)^D) , 0x5a827999, A, B, C, D, E ) #define T_16_19(t, A, B, C, D, E) SHA_ROUND(t, SHA_MIX, (((C^D)&B)^D) , 0x5a827999, A, B, C, D, E ) @@ -84,6 +86,7 @@ void sha1_transform(__u32 *digest, const char *data, __u32 *array) { __u32 A, B, C, D, E; + unsigned int i = 0; A = digest[0]; B = digest[1]; @@ -92,94 +95,24 @@ void sha1_transform(__u32 *digest, const char *data, __u32 *array) E = digest[4]; /* Round 1 - iterations 0-16 take their input from 'data' */ - T_0_15( 0, A, B, C, D, E); - T_0_15( 1, E, A, B, C, D); - T_0_15( 2, D, E, A, B, C); - T_0_15( 3, C, D, E, A, B); - T_0_15( 4, B, C, D, E, A); - T_0_15( 5, A, B, C, D, E); - T_0_15( 6, E, A, B, C, D); - T_0_15( 7, D, E, A, B, C); - T_0_15( 8, C, D, E, A, B); - T_0_15( 9, B, C, D, E, A); - T_0_15(10, A, B, C, D, E); - T_0_15(11, E, A, B, C, D); - T_0_15(12, D, E, A, B, C); - T_0_15(13, C, D, E, A, B); - T_0_15(14, B, C, D, E, A); - T_0_15(15, A, B, C, D, E); + for (; i < 16; ++i) + T_0_15(i, A, B, C, D, E); /* Round 1 - tail. Input from 512-bit mixing array */ - T_16_19(16, E, A, B, C, D); - T_16_19(17, D, E, A, B, C); - T_16_19(18, C, D, E, A, B); - T_16_19(19, B, C, D, E, A); + for (; i < 20; ++i) + T_16_19(i, A, B, C, D, E); /* Round 2 */ - T_20_39(20, A, B, C, D, E); - T_20_39(21, E, A, B, C, D); - T_20_39(22, D, E, A, B, C); - T_20_39(23, C, D, E, A, B); - T_20_39(24, B, C, D, E, A); - T_20_39(25, A, B, C, D, E); - T_20_39(26, E, A, B, C, D); - T_20_39(27, D, E, A, B, C); - T_20_39(28, C, D, E, A, B); - T_20_39(29, B, C, D, E, A); - T_20_39(30, A, B, C, D, E); - T_20_39(31, E, A, B, C, D); - T_20_39(32, D, E, A, B, C); - T_20_39(33, C, D, E, A, B); - T_20_39(34, B, C, D, E, A); - T_20_39(35, A, B, C, D, E); - T_20_39(36, E, A, B, C, D); - T_20_39(37, D, E, A, B, C); - T_20_39(38, C, D, E, A, B); - T_20_39(39, B, C, D, E, A); + for (; i < 40; ++i) + T_20_39(i, A, B, C, D, E); /* Round 3 */ - T_40_59(40, A, B, C, D, E); - T_40_59(41, E, A, B, C, D); - T_40_59(42, D, E, A, B, C); - T_40_59(43, C, D, E, A, B); - T_40_59(44, B, C, D, E, A); - T_40_59(45, A, B, C, D, E); - T_40_59(46, E, A, B, C, D); - T_40_59(47, D, E, A, B, C); - T_40_59(48, C, D, E, A, B); - T_40_59(49, B, C, D, E, A); - T_40_59(50, A, B, C, D, E); - T_40_59(51, E, A, B, C, D); - T_40_59(52, D, E, A, B, C); - T_40_59(53, C, D, E, A, B); - T_40_59(54, B, C, D, E, A); - T_40_59(55, A, B, C, D, E); - T_40_59(56, E, A, B, C, D); - T_40_59(57, D, E, A, B, C); - T_40_59(58, C, D, E, A, B); - T_40_59(59, B, C, D, E, A); + for (; i < 60; ++i) + T_40_59(i, A, B, C, D, E); /* Round 4 */ - T_60_79(60, A, B, C, D, E); - T_60_79(61, E, A, B, C, D); - T_60_79(62, D, E, A, B, C); - T_60_79(63, C, D, E, A, B); - T_60_79(64, B, C, D, E, A); - T_60_79(65, A, B, C, D, E); - T_60_79(66, E, A, B, C, D); - T_60_79(67, D, E, A, B, C); - T_60_79(68, C, D, E, A, B); - T_60_79(69, B, C, D, E, A); - T_60_79(70, A, B, C, D, E); - T_60_79(71, E, A, B, C, D); - T_60_79(72, D, E, A, B, C); - T_60_79(73, C, D, E, A, B); - T_60_79(74, B, C, D, E, A); - T_60_79(75, A, B, C, D, E); - T_60_79(76, E, A, B, C, D); - T_60_79(77, D, E, A, B, C); - T_60_79(78, C, D, E, A, B); - T_60_79(79, B, C, D, E, A); + for (; i < 80; ++i) + T_60_79(i, A, B, C, D, E); digest[0] += A; digest[1] += B; -- 2.34.1 From Jason at zx2c4.com Wed Jan 12 13:16:28 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Wed, 12 Jan 2022 14:16:28 +0100 Subject: [PATCH crypto 1/2] lib/crypto: blake2s-generic: reduce code size on small systems In-Reply-To: References: <20220111134934.324663-1-Jason@zx2c4.com> <20220111134934.324663-2-Jason@zx2c4.com> Message-ID: Hi Geert, Thanks for testing this. However, I've *abandoned* this patch, due to unacceptable performance hits, and figuring out that we can accomplish basically the same thing without as large of a hit by modifying the obsolete sha1 implementation. Herbert - please do not apply this patch. Instead, later versions of this patchset (e.g. v3 [1] and potentially later if it comes to that) are what should be applied. Jason [1] https://lore.kernel.org/linux-crypto/20220111220506.742067-1-Jason at zx2c4.com/ From Jason at zx2c4.com Wed Jan 12 13:18:34 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Wed, 12 Jan 2022 14:18:34 +0100 Subject: [PATCH crypto v3 0/2] reduce code size from blake2s on m68k and other small platforms In-Reply-To: References: <20220111181037.632969-1-Jason@zx2c4.com> <20220111220506.742067-1-Jason@zx2c4.com> Message-ID: Hi Geert, On Wed, Jan 12, 2022 at 12:00 PM Geert Uytterhoeven wrote: > Thanks for the series! > > On m68k: > add/remove: 1/4 grow/shrink: 0/1 up/down: 4/-4232 (-4228) > Function old new delta > __ksymtab_blake2s256_hmac 12 - -12 > blake2s_init.constprop 94 - -94 > blake2s256_hmac 302 - -302 > sha1_transform 4402 582 -3820 > Total: Before=4230537, After=4226309, chg -0.10% > > Tested-by: Geert Uytterhoeven Excellent, thanks for the breakdown. So this shaves off ~4k, which was about what we were shooting for here, so I think indeed this series accomplishes its goal of counteracting the addition of BLAKE2s. Hopefully Herbert will apply this series for 5.17. Jason From houmie at gmail.com Wed Jan 12 15:28:33 2022 From: houmie at gmail.com (Houman) Date: Wed, 12 Jan 2022 15:28:33 +0000 Subject: Enable BitCode on libwg-go.a (Wireguard iOS project) Message-ID: Hello, Currently libwg-go.a doesn't support bitcode in the Xcode project. It crashes with the following message: libwg-go.a does not contain bitcode. You must rebuild it with bitcode enabled (Xcode setting ENABLE_BITCODE), obtain an updated library from the vendor, or disable bitcode for this target. for architecture arm64 Disabling Bitcode for the whole project is very bad for dSYMs and Crashlytics reporting, though. Is there any chance to enable Bitcode for Wireguard, please? If there is anything I could do to help, please let me know. Many Thanks, Houman From Jason at zx2c4.com Wed Jan 12 15:43:35 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Wed, 12 Jan 2022 16:43:35 +0100 Subject: Enable BitCode on libwg-go.a (Wireguard iOS project) In-Reply-To: References: Message-ID: Looks like gomobile fixed it via: https://github.com/golang/mobile/commit/ddd6497b067577b19dddcb2b88017887a0227eb5 We should probably do the same. From ebiggers at kernel.org Wed Jan 12 18:31:57 2022 From: ebiggers at kernel.org (Eric Biggers) Date: Wed, 12 Jan 2022 10:31:57 -0800 Subject: [PATCH crypto 1/2] lib/crypto: blake2s-generic: reduce code size on small systems In-Reply-To: <20220111134934.324663-2-Jason@zx2c4.com> References: <20220111134934.324663-1-Jason@zx2c4.com> <20220111134934.324663-2-Jason@zx2c4.com> Message-ID: On Tue, Jan 11, 2022 at 02:49:33PM +0100, Jason A. Donenfeld wrote: > Re-wind the loops entirely on kernels optimized for code size. This is > really not good at all performance-wise. But on m68k, it shaves off 4k > of code size, which is apparently important. > > Cc: Geert Uytterhoeven > Cc: Herbert Xu > Cc: Ard Biesheuvel > Signed-off-by: Jason A. Donenfeld > --- > lib/crypto/blake2s-generic.c | 30 ++++++++++++++++++------------ > 1 file changed, 18 insertions(+), 12 deletions(-) > > diff --git a/lib/crypto/blake2s-generic.c b/lib/crypto/blake2s-generic.c > index 75ccb3e633e6..990f000e22ee 100644 > --- a/lib/crypto/blake2s-generic.c > +++ b/lib/crypto/blake2s-generic.c > @@ -46,7 +46,7 @@ void blake2s_compress_generic(struct blake2s_state *state, const u8 *block, > { > u32 m[16]; > u32 v[16]; > - int i; > + int i, j; > > WARN_ON(IS_ENABLED(DEBUG) && > (nblocks > 1 && inc != BLAKE2S_BLOCK_SIZE)); > @@ -86,17 +86,23 @@ void blake2s_compress_generic(struct blake2s_state *state, const u8 *block, > G(r, 6, v[2], v[ 7], v[ 8], v[13]); \ > G(r, 7, v[3], v[ 4], v[ 9], v[14]); \ > } while (0) > - ROUND(0); > - ROUND(1); > - ROUND(2); > - ROUND(3); > - ROUND(4); > - ROUND(5); > - ROUND(6); > - ROUND(7); > - ROUND(8); > - ROUND(9); > - > + if (IS_ENABLED(CONFIG_CC_OPTIMIZE_FOR_SIZE)) { > + for (i = 0; i < 10; ++i) { > + for (j = 0; j < 8; ++j) > + G(i, j, v[j % 4], v[((j + (j / 4)) % 4) + 4], v[((j + 2 * (j / 4)) % 4) + 8], v[((j + 3 * (j / 4)) % 4) + 12]); > + } How about unrolling the inner loop but not the outer one? Wouldn't that give most of the benefit, without hurting performance as much? If you stay with this approach and don't unroll either loop, can you use 'r' and 'i' instead of 'i' and 'j', to match the naming in G()? Also, please wrap lines at 80 columns. - Eric From ebiggers at kernel.org Wed Jan 12 18:35:38 2022 From: ebiggers at kernel.org (Eric Biggers) Date: Wed, 12 Jan 2022 10:35:38 -0800 Subject: [PATCH crypto 2/2] lib/crypto: blake2s: move hmac construction into wireguard In-Reply-To: <20220111134934.324663-3-Jason@zx2c4.com> References: <20220111134934.324663-1-Jason@zx2c4.com> <20220111134934.324663-3-Jason@zx2c4.com> Message-ID: On Tue, Jan 11, 2022 at 02:49:34PM +0100, Jason A. Donenfeld wrote: > Basically nobody should use blake2s in an HMAC construction; it already > has a keyed variant. But for unfortunately historical reasons, Noise, > used by WireGuard, uses HKDF quite strictly, which means we have to use > this. Because this really shouldn't be used by others, this commit moves > it into wireguard's noise.c locally, so that kernels that aren't using > WireGuard don't get this superfluous code baked in. On m68k systems, > this shaves off ~314 bytes. > > Cc: Geert Uytterhoeven > Cc: Herbert Xu > Cc: Ard Biesheuvel > Cc: netdev at vger.kernel.org > Cc: wireguard at lists.zx2c4.com > Signed-off-by: Jason A. Donenfeld > --- Reviewed-by: Eric Biggers - Eric From Jason at zx2c4.com Wed Jan 12 18:50:58 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Wed, 12 Jan 2022 19:50:58 +0100 Subject: [PATCH crypto 1/2] lib/crypto: blake2s-generic: reduce code size on small systems In-Reply-To: References: <20220111134934.324663-1-Jason@zx2c4.com> <20220111134934.324663-2-Jason@zx2c4.com> Message-ID: On Wed, Jan 12, 2022 at 7:32 PM Eric Biggers wrote: > How about unrolling the inner loop but not the outer one? Wouldn't that give > most of the benefit, without hurting performance as much? > > If you stay with this approach and don't unroll either loop, can you use 'r' and > 'i' instead of 'i' and 'j', to match the naming in G()? All this might work, sure. But as mentioned earlier, I've abandoned this entirely, as I don't think this patch is necessary. See the v3 patchset instead: https://lore.kernel.org/linux-crypto/20220111220506.742067-1-Jason at zx2c4.com/ From Jason at zx2c4.com Wed Jan 12 22:00:48 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Wed, 12 Jan 2022 23:00:48 +0100 Subject: [PATCH crypto 1/2] lib/crypto: blake2s-generic: reduce code size on small systems In-Reply-To: References: <20220111134934.324663-1-Jason@zx2c4.com> <20220111134934.324663-2-Jason@zx2c4.com> Message-ID: Hi David, On 1/12/22, David Laight wrote: > I think you mentioned in another thread that the buffers (eg for IPv6 > addresses) are actually often quite short. > > For short buffers the 'rolled-up' loop may be of similar performance > to the unrolled one because of the time taken to read all the instructions > into the I-cache and decode them. > If the loop ends up small enough it will fit into the 'decoded loop > buffer' of modern Intel x86 cpu and won't even need decoding on > each iteration. > > I really suspect that the heavily unrolled loop is only really fast > for big buffers and/or when it is already in the I-cache. > In real life I wonder how often that actually happens? > Especially for the uses the kernel is making of the code. > > You need to benchmark single executions of the function > (doable on x86 with the performance monitor cycle counter) > to get typical/best clocks/byte figures rather than a > big average for repeated operation on a long buffer. > > David This patch has been dropped entirely from future revisions. The latest as of writing is at: https://lore.kernel.org/linux-crypto/20220111220506.742067-1-Jason at zx2c4.com/ If you'd like to do something with blake2s, by all means submit a patch and include various rationale and metrics and benchmarks. I do not intend to do that myself and do not think my particular patch here should be merged. But if you'd like to do something, feel free to CC me for a review. However, as mentioned, I don't think much needs to be done here. Again, v3 is here: https://lore.kernel.org/linux-crypto/20220111220506.742067-1-Jason at zx2c4.com/ Thanks, Jason From tony at tpro.tech Wed Jan 5 18:47:46 2022 From: tony at tpro.tech (Tony Pros) Date: Wed, 05 Jan 2022 18:47:46 +0000 Subject: Wireguard Windows Service Issues Message-ID: I believe there's a bug in the Windows service implementation, if this issue is by design, it's problematic. I have non-admin users were when I initially set them up with wireguard, I configured it to use the service, using the command: wireguard /installtunnelservice "C:\Program Files\WireGuard\Data\Configurations\vpn.domain.org.conf.dpapi" The tunnel worked fine the first time. Then the user reboots the laptop, or closes it or leaves whatever coffee shop they were at and get disconnected from the wireless network they were using. When this happens, for some reason, the wireguard service then gets torn down never to come back again until I issue the command from my admin account again. There was an issue with some users initial configuration in that they could not query hostname via DNS, so that entering the command to installservice would not even create the service. Here's a few notes that might help with understanding. - Users must have the VPN established before they log into the active directory servers on the remote network so that they can get all of their GPO directives. - Wireguard Service should stay up so that any time a users connects to any network, the VPN is established immediately after that. - The Wireguard service should also stay because non-admin users cannot create a new service If this issue is how things will stay, and this is not considered a bug, how would you configure windows non-admin users to tunnel to an enterprise network before login via WireGuard and to continuously try to establish the tunnel while the user is not connected to a network? -- Tony Pros - Owner tony at tpro.tech 615 656 3543 T-Pro Tech LLC Audio & IT Consulting From cruise4k at gmail.com Tue Jan 11 07:42:37 2022 From: cruise4k at gmail.com (cruise k) Date: Tue, 11 Jan 2022 15:42:37 +0800 Subject: INFO: task hung in wg_noise_handshake_consume_initiation Message-ID: Hi, Syzkaller found the following issue: HEAD commit: 75acfdb Linux 5.16-rc8 git tree: upstream console output: https://pastebin.com/raw/E1a5ZGSt kernel config: https://pastebin.com/raw/XsnKfdRt And hope the report log can help you. INFO: task kworker/6:1:78 blocked for more than 143 seconds. Not tainted 5.16.0-rc8+ #10 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/6:1 state:D stack:26416 pid: 78 ppid: 2 flags:0x00004000 Workqueue: wg-kex-wg1 wg_packet_handshake_receive_worker Call Trace: context_switch kernel/sched/core.c:4972 [inline] __schedule+0xcd9/0x2550 kernel/sched/core.c:6253 schedule+0xd2/0x260 kernel/sched/core.c:6326 rwsem_down_read_slowpath+0x59c/0xa90 kernel/locking/rwsem.c:1041 __down_read_common kernel/locking/rwsem.c:1223 [inline] __down_read kernel/locking/rwsem.c:1232 [inline] down_read+0xe2/0x440 kernel/locking/rwsem.c:1472 wg_noise_handshake_consume_initiation+0x271/0x5f0 drivers/net/wireguard/noise.c:599 wg_receive_handshake_packet+0x589/0x9d0 drivers/net/wireguard/receive.c:151 wg_packet_handshake_receive_worker+0x18e/0x3d0 drivers/net/wireguard/receive.c:220 process_one_work+0x9df/0x16a0 kernel/workqueue.c:2298 worker_thread+0x90/0xe20 kernel/workqueue.c:2445 kthread+0x405/0x4f0 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 From geert at linux-m68k.org Wed Jan 12 10:57:49 2022 From: geert at linux-m68k.org (Geert Uytterhoeven) Date: Wed, 12 Jan 2022 11:57:49 +0100 Subject: [PATCH crypto 1/2] lib/crypto: blake2s-generic: reduce code size on small systems In-Reply-To: <20220111134934.324663-2-Jason@zx2c4.com> References: <20220111134934.324663-1-Jason@zx2c4.com> <20220111134934.324663-2-Jason@zx2c4.com> Message-ID: Hi Jason, On Tue, Jan 11, 2022 at 2:49 PM Jason A. Donenfeld wrote: > Re-wind the loops entirely on kernels optimized for code size. This is > really not good at all performance-wise. But on m68k, it shaves off 4k > of code size, which is apparently important. On arm32: add/remove: 1/0 grow/shrink: 0/1 up/down: 160/-4212 (-4052) Function old new delta blake2s_sigma - 160 +160 blake2s_compress_generic 4872 660 -4212 Total: Before=9846148, After=9842096, chg -0.04% On arm64: add/remove: 1/2 grow/shrink: 0/1 up/down: 160/-4584 (-4424) Function old new delta blake2s_sigma - 160 +160 e843419 at 0710_00007634_e8a0 8 - -8 e843419 at 0441_0000423a_178c 8 - -8 blake2s_compress_generic 5088 520 -4568 Total: Before=32800278, After=32795854, chg -0.01% > Signed-off-by: Jason A. Donenfeld For the size reduction: Tested-by: Geert Uytterhoeven Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert at linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds From geert at linux-m68k.org Wed Jan 12 10:59:48 2022 From: geert at linux-m68k.org (Geert Uytterhoeven) Date: Wed, 12 Jan 2022 11:59:48 +0100 Subject: [PATCH crypto v3 0/2] reduce code size from blake2s on m68k and other small platforms In-Reply-To: <20220111220506.742067-1-Jason@zx2c4.com> References: <20220111181037.632969-1-Jason@zx2c4.com> <20220111220506.742067-1-Jason@zx2c4.com> Message-ID: Hi Jason, On Tue, Jan 11, 2022 at 11:05 PM Jason A. Donenfeld wrote: > Geert emailed me this afternoon concerned about blake2s codesize on m68k > and other small systems. We identified two effective ways of chopping > down the size. One of them moves some wireguard-specific things into > wireguard proper. The other one adds a slower codepath for small > machines to blake2s. This worked, and was v1 of this patchset, but I > wasn't so much of a fan. Then someone pointed out that the generic C > SHA-1 implementation is still unrolled, which is a *lot* of extra code. > Simply rerolling that saves about as much as v1 did. So, we instead do > that in this patchset. SHA-1 is being phased out, and soon it won't > be included at all (hopefully). And nothing performance-oriented has > anything to do with it anyway. > > The result of these two patches mitigates Geert's feared code size > increase for 5.17. > > v3 improves on v2 by making the re-rolling of SHA-1 much simpler, > resulting in even larger code size reduction and much better > performance. The reason I'm sending yet a third version in such a short > amount of time is because the trick here feels obvious and substantial > enough that I'd hate for Geert to waste time measuring the impact of the > previous commit. > > Thanks, > Jason > > Jason A. Donenfeld (2): > lib/crypto: blake2s: move hmac construction into wireguard > lib/crypto: sha1: re-roll loops to reduce code size Thanks for the series! On m68k: add/remove: 1/4 grow/shrink: 0/1 up/down: 4/-4232 (-4228) Function old new delta __ksymtab_blake2s256_hmac 12 - -12 blake2s_init.constprop 94 - -94 blake2s256_hmac 302 - -302 sha1_transform 4402 582 -3820 Total: Before=4230537, After=4226309, chg -0.10% Tested-by: Geert Uytterhoeven Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert at linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds From David.Laight at ACULAB.COM Wed Jan 12 21:27:40 2022 From: David.Laight at ACULAB.COM (David Laight) Date: Wed, 12 Jan 2022 21:27:40 +0000 Subject: [PATCH crypto 1/2] lib/crypto: blake2s-generic: reduce code size on small systems In-Reply-To: References: <20220111134934.324663-1-Jason@zx2c4.com> <20220111134934.324663-2-Jason@zx2c4.com> Message-ID: From: Jason A. Donenfeld > Sent: 12 January 2022 18:51 > > On Wed, Jan 12, 2022 at 7:32 PM Eric Biggers wrote: > > How about unrolling the inner loop but not the outer one? Wouldn't that give > > most of the benefit, without hurting performance as much? > > > > If you stay with this approach and don't unroll either loop, can you use 'r' and > > 'i' instead of 'i' and 'j', to match the naming in G()? > > All this might work, sure. But as mentioned earlier, I've abandoned > this entirely, as I don't think this patch is necessary. See the v3 > patchset instead: > > https://lore.kernel.org/linux-crypto/20220111220506.742067-1-Jason at zx2c4.com/ I think you mentioned in another thread that the buffers (eg for IPv6 addresses) are actually often quite short. For short buffers the 'rolled-up' loop may be of similar performance to the unrolled one because of the time taken to read all the instructions into the I-cache and decode them. If the loop ends up small enough it will fit into the 'decoded loop buffer' of modern Intel x86 cpu and won't even need decoding on each iteration. I really suspect that the heavily unrolled loop is only really fast for big buffers and/or when it is already in the I-cache. In real life I wonder how often that actually happens? Especially for the uses the kernel is making of the code. You need to benchmark single executions of the function (doable on x86 with the performance monitor cycle counter) to get typical/best clocks/byte figures rather than a big average for repeated operation on a long buffer. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales) From aachterberg at emtech.com.ar Fri Jan 14 19:43:19 2022 From: aachterberg at emtech.com.ar (Alejandro Pablo Achterberg) Date: Fri, 14 Jan 2022 14:43:19 -0500 (EST) Subject: wintun 0.13 driver - performance issue Message-ID: <1138419590.64184.1642189399873@email.ionos.com> Hi everyone ! I have this issue to share to see if it can be considered a natural limitation of the implementation or (more probably) that I am making some bad decisions. I modified the example.c included in wintun-0.13 code to test higher rates of packet sending. I am building Multicast UDP packets 200 bytes long that are received at a consumer application -that opens a socket to the wintun adapter registering the multicast group to the socket-. I turned off all console logging during the test run. I'm running on a Windows Server 2019, 8 cores, 32 GB RAM, Visual Studio Community 2019. What I get is that the example can send the 100 Kpps (and up to ~300 Kpps) without problems, but not with the consumer application reading packets from the wintun adapter. When the consumer application is reading packets from the wintun interface the top sending rate falls about 15-20%. It keeps below 85 Kpps and shows some events of problems at WintunAllocateSendPacket(). I set the Rings capacity to the MAX allowed of 64 MB. Trying to fix this behaviour I modified the ERROR_BUFFER_OVERFLOW error handling doing a wait on the Alertable state of the Receive Ring and settting the Receive.Tailmoved event when that happens. This is the SendPackets() method: static DWORD WINAPI SendPackets(_Inout_ DWORD_PTR SessionPtr) { TUN_SESSION* Session = (TUN_SESSION*)SessionPtr; while (!HaveQuit) { BYTE* Packet = WintunAllocateSendPacket(Session, 228); if (Packet) { MakeIpPacket(Packet); WintunSendPacket(Session, Packet); ++sentPkts; spin(RATE, PPS); } else { if (GetLastError() != ERROR_BUFFER_OVERFLOW) { return LogLastError(L"Packet write failed"); } else { while (Session->Descriptor.Receive.Ring->Alertable != 1) { spin(1000, FALSE); } SetEvent(Session->Descriptor.Receive.TailMoved); ++sendDelay; } } } return ERROR_SUCCESS; } and this is my spin() function: // Packets per second sent can be defined as PPS using windows timers or with their period using a count loop static boolean PPS = TRUE; static LONG RATE = 115000; static void spin(LONGLONG rate, boolean isPPS) { LARGE_INTEGER StartingTime, CurrentTime, ElapsedMicroseconds; LONGLONG nano; if (isPPS) { nano = 1e9 / rate; QueryPerformanceCounter(&StartingTime); while (TRUE) { if (HaveQuit) break; QueryPerformanceCounter(&CurrentTime); ElapsedMicroseconds.QuadPart = CurrentTime.QuadPart - StartingTime.QuadPart; ElapsedMicroseconds.QuadPart *= 1000000; // guard against loss-of-precision ElapsedMicroseconds.QuadPart /= Frequency.QuadPart; ElapsedMicroseconds.QuadPart *= 1000; // nanoseconds if (nano < ElapsedMicroseconds.QuadPart) { break; } } } else { if (rate < 1000) { return; } nano = rate; while (nano > 0) { if (HaveQuit) break; --nano; } } } Statistics reported look like this when sending to the wintun interface and without the consumer application active. Rate of 100 Kpps is easily reached. "Delayed" counts are ERROR_BUFFER_OVERFLOW events from WintunAllocateSendPacket(). > .\wintunprj.exe 2022-01-11 21:09:19.0371 [+] Wintun library loaded 2022-01-11 21:09:19.0377 [+] WintunCreateAdapter: Creating adapter 2022-01-11 21:09:19.0477 [+] SelectDriver: Using existing driver 0.13 2022-01-11 21:09:19.0757 [+] Wintun v0.13 loaded 2022-01-11 21:09:19.0762 [+] Starting ----------------------------- 2022-01-11 21:09:19.0774 [+] Run started with PPS: 115000 2022-01-11 21:09:26.0764 [+] Elapsed time in seconds: 6.985698 2022-01-11 21:09:26.0766 [+] 757111 packets sent, 42 packets received 2022-01-11 21:09:26.0768 [+] Packets sent at 108380 pps 2022-01-11 21:09:26.0769 [+] Final Sending problem counts - delayed: 0 And the statistics look like this with the consumer application active. Packet rate drops to 84 Kpps. Delayed events are present but they don't look significant actually... .\wintunprj.exe 2022-01-11 21:33:22.0198 [+] Wintun library loaded 2022-01-11 21:33:22.0204 [+] WintunCreateAdapter: Creating adapter 2022-01-11 21:33:22.0282 [+] SelectDriver: Using existing driver 0.13 2022-01-11 21:33:22.0564 [+] Wintun v0.13 loaded 2022-01-11 21:33:22.0576 [+] Starting ----------------------------- 2022-01-11 21:33:22.0594 [+] Run started with PPS: 115000 2022-01-11 21:34:39.0068 [+] Elapsed time in seconds: 76.470261 2022-01-11 21:34:39.0070 [+] 6455902 packets sent, 45 packets received 2022-01-11 21:34:39.0072 [+] Packets sent at 84424 pps 2022-01-11 21:34:39.0074 [+] Final Sending problem counts - delayed: 5 Any thoughts or ideas on how is this happening and changes due will be really appreciated ! Thanks, Alex From alessio.nossa+list at gmail.com Sun Jan 16 00:11:09 2022 From: alessio.nossa+list at gmail.com (Alessio Nossa) Date: Sun, 16 Jan 2022 01:11:09 +0100 Subject: [wireguard-apple] Siri Shortcuts/Intents integration Message-ID: Hello In the last month I worked on the implementation of Siri Shortcuts/Intents integration for the WireGuard app (at the moment, only on iOS), to automate some tasks like connecting a tunnel, getting tunnel peers, and updating configuration at runtime. I saw that this feature was on your TODO List too [1]. My idea is to have an interface to manage connections, to make up for the absence of wgctrl-go [2] on iOS. I need this to dynamically update endpoints at runtime for NAT Traversal purposes [3]; specifically, I need peers' public keys and a way to set endpoints at runtime [4]. There are some issues due to an Apple's bug [5] that doesn't allow an extension to update the configuration owned by its parent app. As a workaround the update configuration action will launch the main app. As this is my first time contributing to wireguard-apple, if you have any advice, I'm here to hear from you. As suggested in macOS and iOS TODO list, I?d like to have push access to the repository (or any other way I can submit it) to contribute with my work (I already sent an email to team at wireguard.com, but received no response). Kind regards, [1] https://docs.google.com/document/d/1BnzImOF8CkungFnuRlWhnEpY2OmEHSckat62aZ6LYGY [2] https://github.com/WireGuard/wgctrl-go [3] https://www.jordanwhited.com/posts/wireguard-endpoint-discovery-nat-traversal/ [4] https://github.com/jwhited/wgsd/blob/master/cmd/wgsd-client/main.go [5] https://developer.apple.com/forums/thread/96020 From simon at rozman.si Mon Jan 17 10:51:01 2022 From: simon at rozman.si (Simon Rozman) Date: Mon, 17 Jan 2022 10:51:01 +0000 Subject: Wireguard Windows Service Issues In-Reply-To: References: Message-ID: Hi, > I believe there's a bug in the Windows service implementation, if this > issue is by design, it's problematic. > > I have non-admin users were when I initially set them up with wireguard, > I configured it to use the service, using the command: > > wireguard /installtunnelservice "C:\Program > Files\WireGuard\Data\Configurations\vpn.domain.org.conf.dpapi" > > The tunnel worked fine the first time. Then the user reboots the laptop, > or closes it or leaves whatever coffee shop they were at and get > disconnected from the wireless network they were using. When this > happens, for some reason, the wireguard service then gets torn down > never to come back again until I issue the command from my admin account > again. Can you do the wireguard /dumplog > wireguard.log and investigate. > There was an issue with some users initial configuration in that they > could not query hostname via DNS, so that entering the command to > installservice would not even create the service. WireGuard services start early on boot - sometimes even before the DNSCache (DNS Client). If the service can't resolve hostnames used in the config file, it will stop. But it will log this. Resolution to this problem is: - Use IPs rather than hostnames. - Add hostnames you use in your .conf file to C:\Windows\system32\drivers\etc\hosts. - Add DNSCache dependency to the WireGuardTunnel$ service. I personally would pick one of the first two options above. Don't like the idea my laptop is asking a coffee shop's DNS what is my VPN endpoint IP address. > Here's a few notes that might help with understanding. > - Users must have the VPN established before they log into the active > directory servers on the remote network so that they can get all of > their GPO directives. > - Wireguard Service should stay up so that any time a users connects to > any network, the VPN is established immediately after that. > - The Wireguard service should also stay because non-admin users cannot > create a new service I understand. That is exactly how we use WireGuard in our company. > If this issue is how things will stay, and this is not considered a bug, > how would you configure windows non-admin users to tunnel to an > enterprise network before login via WireGuard and to continuously try to > establish the tunnel while the user is not connected to a network? Let me assure you, the behavior you are expecting is definitely pathological. Please investigate the log file why the tunnel service does not persist as it should. Best regards, Simon From tlhackque at yahoo.com Mon Jan 17 11:18:55 2022 From: tlhackque at yahoo.com (tlhackque) Date: Mon, 17 Jan 2022 06:18:55 -0500 Subject: Wireguard Windows Service Issues In-Reply-To: References: Message-ID: <56d2209f-f655-6302-df6d-bce587c8368d@yahoo.com> On 17-Jan-22 05:51, Simon Rozman wrote: > Hi, > > > WireGuard services start early on boot - sometimes even before the DNSCache (DNS Client). If the service can't resolve hostnames used in the config file, it will stop. But it will log this. Resolution to this problem is: > - Use IPs rather than hostnames. > - Add hostnames you use in your .conf file to C:\Windows\system32\drivers\etc\hosts. > - Add DNSCache dependency to the WireGuardTunnel$ service. > > I personally would pick one of the first two options above. Don't like the idea my laptop is asking a coffee shop's DNS what is my VPN endpoint IP address. > > From this description, it seems that there's room for improvement. It doesn't seem reasonable for the WireGuard service to stop. Log and perhaps display an error, sure.? But stopping seems harsh, and would prevent other tunnel endpoints from working - not a good user experience. It would seem better for the service to set a timer and retry failures periodically - many DNS issues are transient. It also seems to me that it would be better for the default to be option 3 - make all tunnels dependent on DNSCache without requiring any user/admin action.? One could condition this on an endpoint being specified as a hostname, but that doesn't seem worth the effort.? Pretty much any use of a tunnel needs name resolution.? Even if your resolvers are at the other end of the tunnel, starting the client before it's up is harmless. Anyone concerned about DNS snooping on name resolution of the endpoints can avoid it by using either of the other two options: hardcoded IP in the configuration, or an entry in "hosts". "It just works" seems much more desirable than mystery service stops.? A UI status "waiting for hostname resolution" would be ideal. -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: From simon at rozman.si Mon Jan 17 12:47:07 2022 From: simon at rozman.si (Simon Rozman) Date: Mon, 17 Jan 2022 12:47:07 +0000 Subject: Wireguard Windows Service Issues In-Reply-To: <56d2209f-f655-6302-df6d-bce587c8368d@yahoo.com> References: <56d2209f-f655-6302-df6d-bce587c8368d@yahoo.com> Message-ID: <022c115a7c254bec99bb67a12f9d59f4@rozman.si> Hi, > From this description, it seems that there's room for improvement. > > It doesn't seem reasonable for the WireGuard service to stop. Log and > perhaps display an error, sure.? But stopping seems harsh, and would > prevent other tunnel endpoints from working - not a good user > experience. > > It would seem better for the service to set a timer and retry failures > periodically - many DNS issues are transient. > > It also seems to me that it would be better for the default to be option > 3 - make all tunnels dependent on DNSCache without requiring any > user/admin action.? One could condition this on an endpoint being > specified as a hostname, but that doesn't seem worth the effort.? Pretty > much any use of a tunnel needs name resolution.? Even if your resolvers > are at the other end of the tunnel, starting the client before it's up > is harmless. > > Anyone concerned about DNS snooping on name resolution of the endpoints > can avoid it by using either of the other two options: hardcoded IP in > the configuration, or an entry in "hosts". > > "It just works" seems much more desirable than mystery service stops.? A > UI status "waiting for hostname resolution" would be ideal. The DNSCache service is optional on Windows 7/8/8.1/Server 2008R2/2012R2 and may be even disabled. (And the resolution would work just fine.) Since SCM treats all service dependencies as "hard" dependencies, that would render all WireGuard tunnel services fail to start. It's a fairly rare use case, but a demonstration SCM service dependencies must be authored with extreme care. I'd rather suggest pursuing the macOS approach where services don't have any dependencies to force developers engineer their services to sleep and retry until their dependencies get available. As you suggested first. However, WireGuard for Windows already has DNS resolution retrying loop. Maybe it needs improvement? Let's wait to see what OP's log says. Regards, Simon From Jason at zx2c4.com Tue Jan 18 11:43:09 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Tue, 18 Jan 2022 12:43:09 +0100 Subject: [PATCH crypto v3 0/2] reduce code size from blake2s on m68k and other small platforms In-Reply-To: References: Message-ID: On 1/18/22, Herbert Xu wrote: > As the patches that triggered this weren't part of the crypto > tree, this will have to go through the random tree if you want > them for 5.17. Sure, will do. From David.Laight at ACULAB.COM Tue Jan 18 12:44:57 2022 From: David.Laight at ACULAB.COM (David Laight) Date: Tue, 18 Jan 2022 12:44:57 +0000 Subject: [PATCH crypto v3 0/2] reduce code size from blake2s on m68k and other small platforms In-Reply-To: References: Message-ID: From: Jason A. Donenfeld > Sent: 18 January 2022 11:43 > > On 1/18/22, Herbert Xu wrote: > > As the patches that triggered this weren't part of the crypto > > tree, this will have to go through the random tree if you want > > them for 5.17. > > Sure, will do. I've rammed the code through godbolt... https://godbolt.org/z/Wv64z9zG8 Some things I've noticed; 1) There is no point having all the inline functions. Far better to have real functions to do the work. Given the cost of hashing 64 bytes of data the extra function call won't matter. Indeed for repeated calls it will help because the required code will be in the I-cache. 2) The compiles I tried do manage to remove the blake2_sigma[][] when unrolling everything - which is a slight gain for the full unroll. But I doubt it is that significant if the access can get sensibly optimised. For non-x86 that might require all the values by multiplied by 4. 3) Although G() is a massive register dependency chain the compiler knows that G(,[0-3],) are independent and can execute in parallel. This does help execution time on multi-issue cpu (like x86). With care it ought to be possible to use the same code for G(,[4-7],) without stopping the compiler interleaving all the instructions. 4) I strongly suspect that using a loop for the rounds will have minimal impact on performance - especially if the first call is 'cold cache'. But I've not got time to test the code. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales) From Jason at zx2c4.com Tue Jan 18 12:50:51 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Tue, 18 Jan 2022 13:50:51 +0100 Subject: [PATCH crypto v3 0/2] reduce code size from blake2s on m68k and other small platforms In-Reply-To: References: Message-ID: On Tue, Jan 18, 2022 at 1:45 PM David Laight wrote: > I've rammed the code through godbolt... https://godbolt.org/z/Wv64z9zG8 > > Some things I've noticed; It seems like you've done a lot of work here but... > But I've not got time to test the code. But you're not going to take it all the way. So it unfortunately amounts to mailing list armchair optimization. That's too bad because it really seems like you might be onto something worth seeing through. As I've mentioned a few times now, I've dropped the blake2s optimization patch, and I won't be developing that further. But it appears as though you've really been captured by it, so I urge you: please send a real patch with benchmarks on various platforms! (And CC me on the patch.) Faster reference code would really be terrific. Jason From tony at tpro.tech Fri Jan 21 21:03:43 2022 From: tony at tpro.tech (Tony Pros) Date: Fri, 21 Jan 2022 21:03:43 +0000 Subject: Wireguard Windows Service Issues In-Reply-To: References: Message-ID: <9-M1j7GQozeUMiB1Qm-kk17KUFZ_tE4h4oF-n0QEGEXh0IYS-sv3PDvecqKRPasw5Kw_60Do1VAMBuWQymyiQ79wnej1AOl8KsvWwVZ3mlE=@tpro.tech> I created a test account and ran through quite a few permutations of disconnecting and reconnecting to various wireless networks, rebooting the laptop and making it go to sleep, and I now have a bit more insight. The problem still is occurring, the service seems to get torn down never to come back again once the user comes back to the office and connects back into the main network with ethernet. When the user is on the main network the VPN host address will not get resolved by DNS by design. We do not want the user to be on the VPN when they are already on the internal network. If there's a better way to handle the VPN not connecting when the non-admin user is on the internal network I'm open to that too. We use a hostname for VPN server resolution because we use both IPv4 and IPv6 for host connectivity. Below I am pasting the logs that I have performed some scrubbing on: ----------------------------- 2022-01-21 10:54:00.402263: [MGR] Starting WireGuard/0.4.7 (Windows 10.0.19043; amd64) 2022-01-21 10:54:00.406469: [MGR] Starting UI process for user ?admin at NETBIOS? for session 1 2022-01-21 10:54:00.599524: [MGR] An update is available 2022-01-21 10:54:04.650335: [MGR] Exited UI process for user 'admin at NETBIOS' for session 1 with status 0 2022-01-21 10:54:05.565857: [MGR] Starting WireGuard/0.5.3 (Windows 10.0.19043; amd64) 2022-01-21 10:54:05.571428: [MGR] Starting UI process for user ?admin at NETBIOS? for session 1 2022-01-21 10:59:40.136976: [MGR] Exited UI process for user 'admin at NETBIOS' for session 1 with status 40010004 2022-01-21 10:59:41.151462: [MGR] Starting UI process for user ?admin at NETBIOS? for session 1 2022-01-21 10:59:41.723899: [MGR] Exited UI process for user 'admin at NETBIOS' for session 1 with status 40010004 2022-01-21 10:59:42.732795: [MGR] Starting UI process for user ?admin at NETBIOS? for session 1 2022-01-21 10:59:42.732795: [MGR] Unable to start manager UI process for user 'admin at NETBIOS' for session 1: Session has logged out 2022-01-21 11:00:16.650075: [MGR] Starting at boot WireGuard/0.5.3 (Windows 10.0.19043; amd64) 2022-01-21 11:00:37.045737: [MGR] Starting UI process for user ?admin at NETBIOS? for session 1 2022-01-21 11:02:50.557927: [MGR] Exited UI process for user 'admin at NETBIOS' for session 1 with status 40010004 2022-01-21 11:02:51.562675: [MGR] Starting UI process for user ?admin at NETBIOS? for session 1 2022-01-21 11:02:51.562675: [MGR] Unable to start manager UI process for user 'admin at NETBIOS' for session 1: Session has logged out 2022-01-21 11:09:17.473420: [MGR] Starting at boot WireGuard/0.5.3 (Windows 10.0.19043; amd64) 2022-01-21 11:09:37.003152: [MGR] Starting UI process for user ?admin at NETBIOS? for session 1 2022-01-21 12:58:29.317315: [TUN] [vpn.domain.com] Starting WireGuard/0.5.3 (Windows 10.0.19043; amd64) 2022-01-21 12:58:29.317315: [TUN] [vpn.domain.com] Watching network interfaces 2022-01-21 12:58:29.318889: [TUN] [vpn.domain.com] Resolving DNS names 2022-01-21 12:58:29.359083: [TUN] [vpn.domain.com] Creating network adapter 2022-01-21 12:58:29.481814: [TUN] [vpn.domain.com] Installing driver 0.10 2022-01-21 12:58:29.493513: [TUN] [vpn.domain.com] Extracting driver 2022-01-21 12:58:29.500849: [TUN] [vpn.domain.com] Installing driver 2022-01-21 12:58:29.897233: [TUN] [vpn.domain.com] Creating adapter 2022-01-21 12:58:30.290389: [TUN] [vpn.domain.com] Using WireGuardNT/0.10 2022-01-21 12:58:30.290389: [TUN] [vpn.domain.com] Enabling firewall rules 2022-01-21 12:58:30.254228: [TUN] [vpn.domain.com] Interface created 2022-01-21 12:58:30.294639: [TUN] [vpn.domain.com] Dropping privileges 2022-01-21 12:58:30.294639: [TUN] [vpn.domain.com] Setting interface configuration 2022-01-21 12:58:30.295150: [TUN] [vpn.domain.com] Peer 1 created 2022-01-21 12:58:30.295683: [TUN] [vpn.domain.com] Monitoring MTU of default v4 routes 2022-01-21 12:58:30.295683: [TUN] [vpn.domain.com] Interface up 2022-01-21 12:58:30.302034: [TUN] [vpn.domain.com] Setting device v4 addresses 2022-01-21 12:58:30.303280: [TUN] [vpn.domain.com] Monitoring MTU of default v6 routes 2022-01-21 12:58:30.303783: [TUN] [vpn.domain.com] Setting device v6 addresses 2022-01-21 12:58:30.304926: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 12:58:30.325700: [TUN] [vpn.domain.com] Startup complete 2022-01-21 12:58:30.348690: [TUN] [vpn.domain.com] Receiving handshake response from peer 1 (x.x.x.x:51820) 2022-01-21 12:58:30.348690: [TUN] [vpn.domain.com] Keypair 1 created for peer 1 2022-01-21 12:58:53.611873: [MGR] Exited UI process for user 'admin at NETBIOS' for session 1 with status 40010004 2022-01-21 12:58:54.619283: [MGR] Starting UI process for user ?admin at NETBIOS? for session 1 2022-01-21 12:58:54.619283: [MGR] Unable to start manager UI process for user 'admin at NETBIOS' for session 1: Session has logged out 2022-01-21 12:59:56.879394: [TUN] [vpn.domain.com] Keypair 1 destroyed for peer 1 2022-01-21 13:00:17.467669: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:00:22.528338: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:00:27.557583: [TUN] [vpn.domain.com] Handshake for peer 1 (x.x.x.x:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:00:27.557583: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:00:32.606525: [TUN] [vpn.domain.com] Handshake for peer 1 (x.x.x.x:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:00:32.606525: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:00:37.664797: [TUN] [vpn.domain.com] Handshake for peer 1 (x.x.x.x:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:00:37.664797: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:00:42.669395: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:00:47.804906: [TUN] [vpn.domain.com] Handshake for peer 1 (x.x.x.x:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:00:47.804959: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:00:52.810389: [TUN] [vpn.domain.com] Handshake for peer 1 (x.x.x.x:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:00:52.810389: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:00:57.863445: [TUN] [vpn.domain.com] Handshake for peer 1 (x.x.x.x:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:00:57.863445: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:01:02.938686: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:01:07.955822: [TUN] [vpn.domain.com] Handshake for peer 1 (x.x.x.x:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:01:07.955822: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:01:12.965097: [TUN] [vpn.domain.com] Handshake for peer 1 (x.x.x.x:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:01:12.965097: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:01:17.972547: [TUN] [vpn.domain.com] Handshake for peer 1 (x.x.x.x:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:01:17.972547: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:01:23.089180: [TUN] [vpn.domain.com] Handshake for peer 1 (x.x.x.x:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:01:23.089180: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:01:28.202930: [TUN] [vpn.domain.com] Handshake for peer 1 (x.x.x.x:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:01:28.202930: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:01:28.230393: [TUN] [vpn.domain.com] Receiving handshake response from peer 1 (192.168.99.1:51820) 2022-01-21 13:01:28.230393: [TUN] [vpn.domain.com] Keypair 2 created for peer 1 2022-01-21 13:02:20.268277: [TUN] [vpn.domain.com] Sending keepalive packet to peer 1 (192.168.99.1:51820) 2022-01-21 13:02:52.586509: [TUN] [vpn.domain.com] Retrying handshake with peer 1 (192.168.99.1:51820) because we stopped hearing back after 15 seconds 2022-01-21 13:02:52.586509: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:02:57.727297: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:02:57.727297: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:03:02.800696: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:03:02.800696: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:03:07.645234: [TUN] [vpn.domain.com] Retrying handshake with peer 1 (192.168.99.1:51820) because we stopped hearing back after 15 seconds 2022-01-21 13:03:07.895820: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:03:07.895820: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:03:13.037051: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:03:13.037051: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:03:18.116518: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 4) 2022-01-21 13:03:18.116518: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:03:22.805189: [TUN] [vpn.domain.com] Retrying handshake with peer 1 (192.168.99.1:51820) because we stopped hearing back after 15 seconds 2022-01-21 13:03:23.288869: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:03:23.288869: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:03:28.308937: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:03:28.308937: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:03:33.418431: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:03:33.418431: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:03:37.882321: [TUN] [vpn.domain.com] Retrying handshake with peer 1 (192.168.99.1:51820) because we stopped hearing back after 15 seconds 2022-01-21 13:03:38.445762: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:03:43.519743: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:03:43.519743: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:03:48.581409: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:03:48.581409: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:03:52.981764: [TUN] [vpn.domain.com] Retrying handshake with peer 1 (192.168.99.1:51820) because we stopped hearing back after 15 seconds 2022-01-21 13:03:53.689057: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:03:53.689057: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:03:58.747131: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:03:58.747131: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:04:03.908738: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:04:03.908738: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:04:08.315502: [TUN] [vpn.domain.com] Retrying handshake with peer 1 (192.168.99.1:51820) because we stopped hearing back after 15 seconds 2022-01-21 13:04:08.958709: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:04:08.958709: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:04:14.016788: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:04:19.084504: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:04:19.084504: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:04:23.778633: [TUN] [vpn.domain.com] Retrying handshake with peer 1 (192.168.99.1:51820) because we stopped hearing back after 15 seconds 2022-01-21 13:04:24.127125: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:04:29.218748: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:04:29.218748: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:04:34.231731: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:04:34.231731: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:04:39.075199: [TUN] [vpn.domain.com] Retrying handshake with peer 1 (192.168.99.1:51820) because we stopped hearing back after 15 seconds 2022-01-21 13:04:39.341356: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:04:39.341356: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:04:44.513798: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:04:44.513798: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:04:49.610111: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:04:49.610111: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:04:54.738254: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:04:54.738254: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:04:59.818290: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:04:59.818290: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:05:04.899930: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 4) 2022-01-21 13:05:04.899930: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:05:09.935659: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 5) 2022-01-21 13:05:09.935659: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:05:15.031441: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:05:15.031441: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:05:20.202771: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:05:20.202771: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:05:25.247134: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:05:25.247134: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:05:30.364604: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:05:30.364604: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:05:35.457967: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:05:35.457967: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:05:40.513820: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 4) 2022-01-21 13:05:40.513820: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:05:45.605902: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 5) 2022-01-21 13:05:45.605902: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:05:50.780061: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 6) 2022-01-21 13:05:50.780061: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:05:55.921797: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 7) 2022-01-21 13:05:55.921797: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:06:01.057740: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 8) 2022-01-21 13:06:01.057740: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:06:06.187809: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 9) 2022-01-21 13:06:06.187809: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:06:11.310265: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 10) 2022-01-21 13:06:11.310265: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:06:16.471611: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 11) 2022-01-21 13:06:16.471611: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:06:21.571279: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 12) 2022-01-21 13:06:21.571279: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:06:26.698041: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:06:26.698041: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:06:31.860464: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:06:31.860529: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:06:36.886223: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:06:36.886223: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:06:42.057072: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:06:42.057072: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:06:47.146446: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:06:47.146446: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:06:52.286497: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:06:52.286497: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:06:57.424177: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:06:57.424177: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:07:02.482674: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 4) 2022-01-21 13:07:02.482674: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:07:07.563106: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 5) 2022-01-21 13:07:07.563106: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:07:12.732463: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 6) 2022-01-21 13:07:12.732463: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:07:17.845855: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 7) 2022-01-21 13:07:17.845855: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:07:22.909751: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 8) 2022-01-21 13:07:22.909751: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:07:27.959797: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 9) 2022-01-21 13:07:27.959797: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:07:33.045043: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 10) 2022-01-21 13:07:33.045043: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:07:38.165594: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:07:38.165594: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:07:43.351604: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:07:43.351604: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:07:48.449930: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:07:48.449930: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:07:53.572846: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:07:53.572846: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:07:58.717729: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:07:58.717931: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:08:03.752142: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 4) 2022-01-21 13:08:03.752142: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:08:08.929394: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 5) 2022-01-21 13:08:08.929394: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:08:14.057561: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 6) 2022-01-21 13:08:14.057561: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:08:19.101167: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 7) 2022-01-21 13:08:19.101167: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:08:24.277494: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 8) 2022-01-21 13:08:24.277494: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:08:29.419552: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:08:29.419552: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:08:34.606448: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:08:34.606448: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:08:39.736667: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:08:39.736667: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:08:44.826807: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:08:44.826807: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:08:49.921629: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:08:49.921629: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:08:55.074697: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 4) 2022-01-21 13:08:55.074697: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:09:00.157100: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 5) 2022-01-21 13:09:00.157100: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:09:05.305690: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 6) 2022-01-21 13:09:05.305690: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:09:10.389663: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 7) 2022-01-21 13:09:10.389663: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:09:15.559298: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 8) 2022-01-21 13:09:15.559298: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:09:20.699881: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 9) 2022-01-21 13:09:20.699881: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:09:25.801829: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 10) 2022-01-21 13:09:25.801829: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:09:30.877613: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 11) 2022-01-21 13:09:30.877613: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:09:36.000216: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 12) 2022-01-21 13:09:36.000216: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:09:41.041500: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:09:41.041500: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:09:46.085437: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:09:51.167640: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:09:51.167640: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:09:56.245602: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:09:56.245602: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:10:01.375144: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 4) 2022-01-21 13:10:01.375144: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:10:06.431110: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 5) 2022-01-21 13:10:06.431110: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:10:11.594853: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 6) 2022-01-21 13:10:11.594853: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:10:16.769072: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 7) 2022-01-21 13:10:16.769072: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:10:21.929730: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 8) 2022-01-21 13:10:21.929730: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:10:26.990764: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:10:26.990764: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:10:28.807783: [TUN] [vpn.domain.com] Zeroing out all keys for peer 1 (192.168.99.1:51820), since we haven't received a new one in 540 seconds 2022-01-21 13:10:28.807783: [TUN] [vpn.domain.com] Keypair 2 destroyed for peer 1 2022-01-21 13:10:32.095515: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:10:32.095515: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:10:37.212543: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:10:42.295710: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:10:42.295710: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:10:47.458538: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:10:47.458538: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:10:52.488316: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:10:52.488316: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:10:57.510976: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:11:02.543018: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:11:07.589466: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:11:12.620940: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:11:17.712428: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:11:22.860392: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:11:27.980474: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:11:27.980474: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:11:32.993213: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:11:38.095573: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:11:38.095573: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:11:43.232322: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:11:48.329984: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:11:48.329984: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:11:53.338681: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:11:53.338681: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:11:58.469384: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:11:58.469384: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:12:03.569297: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:12:03.569297: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:12:08.658482: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:12:13.688722: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:12:18.828337: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:12:23.949678: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:12:23.949678: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:12:29.010264: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:12:29.022034: [TUN] [vpn.domain.com] Receiving handshake response from peer 1 (192.168.99.1:51820) 2022-01-21 13:12:29.022034: [TUN] [vpn.domain.com] Keypair 3 created for peer 1 2022-01-21 13:14:24.960352: [TUN] [vpn.domain.com] Retrying handshake with peer 1 (192.168.99.1:51820) because we stopped hearing back after 15 seconds 2022-01-21 13:14:24.960352: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:14:29.978645: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:14:35.015136: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:14:35.015136: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:14:40.088048: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:14:40.088048: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:14:40.209395: [TUN] [vpn.domain.com] Retrying handshake with peer 1 (192.168.99.1:51820) because we stopped hearing back after 15 seconds 2022-01-21 13:14:45.147021: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:14:45.147021: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:14:50.267293: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:14:50.267293: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:14:55.299003: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:14:55.299003: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:14:55.441283: [TUN] [vpn.domain.com] Retrying handshake with peer 1 (192.168.99.1:51820) because we stopped hearing back after 15 seconds 2022-01-21 13:15:00.331353: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:15:05.502915: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:15:05.502915: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:15:10.536441: [TUN] [vpn.domain.com] Retrying handshake with peer 1 (192.168.99.1:51820) because we stopped hearing back after 15 seconds 2022-01-21 13:15:10.536441: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:15:15.624819: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:15:15.624819: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:15:20.749237: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:15:20.749237: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:15:25.726624: [TUN] [vpn.domain.com] Retrying handshake with peer 1 (192.168.99.1:51820) because we stopped hearing back after 15 seconds 2022-01-21 13:15:25.914733: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:15:25.914733: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:15:31.070989: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:15:31.070989: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:15:36.137150: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:15:41.137348: [TUN] [vpn.domain.com] Retrying handshake with peer 1 (192.168.99.1:51820) because we stopped hearing back after 15 seconds 2022-01-21 13:15:41.137348: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:15:46.138115: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:15:51.288239: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:15:51.288239: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:15:56.329555: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:16:01.469712: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:16:01.469712: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:16:06.548366: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:16:06.548366: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:16:11.610310: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:16:11.610310: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:16:16.625925: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:16:16.626664: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:16:21.704576: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:16:21.704576: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:16:26.815817: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:16:26.815817: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:16:31.830904: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:16:36.908518: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:16:41.955274: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:16:41.955274: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:16:47.002104: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:16:47.002104: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:16:52.168232: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:16:52.168232: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:16:57.304093: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:16:57.304093: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:17:02.335226: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:17:07.336829: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:17:12.339140: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:17:17.402083: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:17:22.449558: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:17:22.449558: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:17:27.493306: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:17:32.530377: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:17:32.530377: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:17:37.565357: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:17:42.729784: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:17:42.729784: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:17:47.890695: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:17:47.890695: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:17:52.997983: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:17:52.997983: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:17:58.008853: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:17:58.008853: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:18:03.059009: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:18:03.059009: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:18:08.134002: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:18:08.134002: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:18:13.213556: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:18:18.348460: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:18:18.348460: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:18:23.389702: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:18:23.389702: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:18:28.459212: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:18:28.459212: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:18:33.542736: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:18:33.542736: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:18:38.652018: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:18:38.652018: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:18:43.757606: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:18:43.757606: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:18:48.834638: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:18:53.968969: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:18:53.968969: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:18:59.123832: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:18:59.123832: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:19:04.241876: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:19:04.241876: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:19:09.401883: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:19:09.401883: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:19:14.479444: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:19:14.479444: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:19:19.536844: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:19:19.536844: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:19:24.593756: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:19:24.593756: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:19:29.624439: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:19:29.624439: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:19:34.670758: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:19:34.670758: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:19:39.780541: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:19:39.780541: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:19:44.921032: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:19:44.921032: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:19:50.078200: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:19:50.078200: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:19:55.182301: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:19:55.182301: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:20:00.306729: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:20:00.306729: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:20:05.337398: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:20:10.515088: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:20:10.515088: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:20:15.545749: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:20:15.545749: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:20:20.624360: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:20:20.624360: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:20:25.702797: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:20:30.730139: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:20:30.730139: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:20:35.865340: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:20:35.865340: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:20:40.875342: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:20:40.875342: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:20:45.937371: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:20:45.937371: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:20:51.073144: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:20:51.073144: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:20:56.198085: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:20:56.198085: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:21:01.230524: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:21:01.231273: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:21:06.401452: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:21:06.401452: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:21:11.429281: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:21:16.438693: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:21:21.497838: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:21:21.497838: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:21:26.554965: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:21:26.554965: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:21:29.032701: [TUN] [vpn.domain.com] Zeroing out all keys for peer 1 (192.168.99.1:51820), since we haven't received a new one in 540 seconds 2022-01-21 13:21:29.032701: [TUN] [vpn.domain.com] Keypair 3 destroyed for peer 1 2022-01-21 13:21:31.634251: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:21:31.634251: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:21:36.648994: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:21:41.744768: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:21:41.744768: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:21:46.820298: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:21:46.820298: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:21:51.978417: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:21:51.978417: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:21:57.092662: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:21:57.092662: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:22:02.244123: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:22:02.244123: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:22:07.304618: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:22:07.304618: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:22:12.450243: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:22:12.450243: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:22:17.585937: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:22:17.585937: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:22:22.700122: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 4) 2022-01-21 13:22:22.700122: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:22:27.829977: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 5) 2022-01-21 13:22:27.829977: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:22:32.914472: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:22:32.914472: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:22:38.031393: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:22:38.031393: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:22:43.087043: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:22:43.087043: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:22:48.259506: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:22:48.259506: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:22:53.283747: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:22:53.284048: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:22:58.287434: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:23:03.302845: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:23:08.333487: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:23:13.422465: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:23:13.422465: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:23:18.517639: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:23:18.517639: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:23:23.544872: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:23:28.666841: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:23:28.666841: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:23:33.721504: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:23:33.721504: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:23:38.722453: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:23:43.849861: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:23:43.849861: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:23:48.917255: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:23:48.917255: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:23:54.033999: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:23:54.033999: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:23:59.076944: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:23:59.076944: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:24:04.139259: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:24:04.139259: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:24:09.232144: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:24:09.232144: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:24:14.289650: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:24:14.289650: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:24:19.343783: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:24:24.431561: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:24:24.431561: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:24:29.500362: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:24:29.500362: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:24:34.595092: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:24:34.595092: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:24:39.740375: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:24:39.740375: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:24:44.841023: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:24:44.841023: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:24:49.860200: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:24:49.860200: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:24:54.916426: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:24:54.916426: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:24:59.999055: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:24:59.999055: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:25:05.024357: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:25:05.024357: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:25:10.130794: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:25:10.130794: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:25:15.256276: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:25:15.256276: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:25:20.306876: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:25:20.306876: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:25:25.360741: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:25:30.456636: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:25:35.550305: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:25:35.550305: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:25:40.717410: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:25:40.717410: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:25:45.811015: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:25:45.811015: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:25:50.841745: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:25:50.841745: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:25:55.892066: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:25:55.892066: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:26:00.948477: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:26:00.948477: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:26:05.985441: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:26:11.078884: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:26:11.078884: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:26:16.122457: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:26:16.122457: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:26:21.137967: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:26:21.137967: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:26:26.200877: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:26:26.200877: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:26:31.278505: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:26:31.278505: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:26:36.341006: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:26:36.341006: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:26:41.496712: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:26:41.496712: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:26:46.574227: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:26:46.574227: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:26:51.589239: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:26:51.589239: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:26:56.619832: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:26:56.619832: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:27:01.760262: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:27:01.760262: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:27:06.927052: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:27:06.927052: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:27:11.941974: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:27:11.941974: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:27:17.020159: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:27:17.020159: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:27:22.082256: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:27:22.082256: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:27:27.222183: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:27:27.222183: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:27:32.252304: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:27:32.252304: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:27:37.285347: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:27:42.378426: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:27:47.406412: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:27:52.453311: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:27:57.548086: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:27:57.548086: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:28:02.641632: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:28:07.698914: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:28:07.698914: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:28:12.729505: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:28:12.729505: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:28:17.760171: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:28:17.760171: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:28:22.793040: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:28:22.793040: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:28:27.808584: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:28:27.808584: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:28:32.834312: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:28:32.834312: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:28:37.937890: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 4) 2022-01-21 13:28:37.937890: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:28:43.094185: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:28:43.094185: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:28:48.187983: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:28:48.187983: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:28:53.296806: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:28:58.312326: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:28:58.312326: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:29:03.484087: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:29:03.484087: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:29:08.494686: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:29:08.494686: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:29:13.569414: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:29:13.569414: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:29:18.704620: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:29:18.704620: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:29:23.829009: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:29:28.891430: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:29:28.891430: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:29:33.948270: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:29:33.948270: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:29:38.994638: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:29:38.994638: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:29:44.025734: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:29:44.025734: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:29:49.181860: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:29:49.181860: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:29:54.223948: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:29:54.223948: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:29:59.271685: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:29:59.271685: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:30:04.289482: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:30:04.289482: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:30:09.395006: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:30:09.395006: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:30:14.550688: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:30:14.550688: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:30:19.706355: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 4) 2022-01-21 13:30:19.706355: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:30:24.817699: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:30:24.817699: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:30:29.848896: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:30:29.848896: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:30:34.890490: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:30:34.890490: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:30:40.030591: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:30:40.030591: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:30:45.136174: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:30:45.136174: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:30:50.260569: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 4) 2022-01-21 13:30:50.260569: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:30:55.275784: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 5) 2022-01-21 13:30:55.275784: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:31:00.302612: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:31:00.302612: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:31:05.333764: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:31:10.438376: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:31:10.438376: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:31:15.500584: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:31:15.500584: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:31:20.558574: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:31:25.573974: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:31:25.573974: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:31:30.631349: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:31:30.631349: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:31:35.709182: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:31:35.709182: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:31:40.755438: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:31:40.755438: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:31:45.833475: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:31:50.895937: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:31:50.895937: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:31:55.957885: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:31:55.957885: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:32:01.024574: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 4) 2022-01-21 13:32:01.024574: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:32:06.175349: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 5) 2022-01-21 13:32:06.175349: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:32:11.341269: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:32:11.341269: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:32:16.418801: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:32:16.418801: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:32:21.558823: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:32:21.558823: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:32:26.683730: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:32:26.683730: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:32:31.746695: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:32:31.746695: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:32:36.793106: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:32:36.793106: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:32:41.886248: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:32:41.886248: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:32:47.026291: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:32:47.026291: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:32:52.041541: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:32:52.041541: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:32:57.119041: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:32:57.119041: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:33:02.212154: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:33:02.212154: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:33:07.285373: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:33:07.285373: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:33:12.409436: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:33:12.409436: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:33:17.531604: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:33:17.531604: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:33:22.544115: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:33:27.586527: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:33:32.725586: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:33:32.725586: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:33:37.765553: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:33:37.765553: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:33:42.832578: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:33:47.848055: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:33:52.969598: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:33:52.969598: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:33:57.996791: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:33:57.996791: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:34:03.015533: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:34:03.015533: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:34:08.135508: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:34:08.135508: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:34:13.161620: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:34:13.161620: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:34:18.192314: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:34:18.192314: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:34:23.223503: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:34:28.333104: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:34:33.348718: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:34:33.348718: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:34:38.453886: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:34:38.453886: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:34:43.578287: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:34:43.578287: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:34:48.593340: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:34:48.593340: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:34:53.634605: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:34:53.634605: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:34:58.724905: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:34:58.724905: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:35:03.849818: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:35:03.849818: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:35:08.907972: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:35:08.907972: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:35:13.954633: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:35:13.954633: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:35:19.059021: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:35:19.059021: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:35:24.214601: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:35:24.214601: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:35:29.339025: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:35:34.494894: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:35:34.494894: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:35:39.521148: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:35:39.521148: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:35:44.631024: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:35:44.631024: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:35:49.693359: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:35:54.833930: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:35:54.833930: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:35:59.911450: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:35:59.911450: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:36:04.976155: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:36:04.976155: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:36:10.083989: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:36:10.083989: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:36:15.203796: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:36:15.203796: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:36:20.307864: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:36:20.307864: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:36:25.401012: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:36:25.401012: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:36:30.413285: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:36:30.413285: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:36:35.545551: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:36:40.639798: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:36:45.657091: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:36:50.730599: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:36:55.743809: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:37:00.784053: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:37:00.784053: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:37:05.810935: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:37:10.946746: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:37:10.946746: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:37:15.962404: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:37:20.995029: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:37:20.995029: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:37:26.010078: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:37:26.010078: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:37:31.040754: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:37:36.055900: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:37:36.055900: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:37:41.149016: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:37:41.149016: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:37:46.227060: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:37:46.227060: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:37:51.273847: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:37:51.273847: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:37:56.336313: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:38:01.414009: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:38:01.414009: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:38:06.523134: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:38:06.523134: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:38:11.626447: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:38:11.626447: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:38:16.663207: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:38:16.663207: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:38:21.837757: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:38:21.837757: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:38:26.854778: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:38:26.854778: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:38:31.995296: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:38:31.995296: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:38:37.037219: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:38:37.037219: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:38:42.074355: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:38:42.074355: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:38:47.114754: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:38:52.259370: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:38:52.259370: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:38:57.290079: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:38:57.290079: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:39:02.445075: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:39:02.445075: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:39:07.449992: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:39:12.452213: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:39:17.469999: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:39:17.469999: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:39:22.594501: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:39:22.594501: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:39:27.766316: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:39:27.766316: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:39:32.859645: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:39:37.900421: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:39:37.900421: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:39:43.035408: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:39:43.035408: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:39:48.050589: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:39:48.050589: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:39:53.066716: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:39:53.066716: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:39:58.160350: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:39:58.160350: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:40:03.228031: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:40:03.228031: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:40:08.271205: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:40:08.271205: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:40:13.337058: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:40:18.352247: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:40:18.352247: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:40:23.524132: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:40:23.524132: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:40:28.664222: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:40:28.664222: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:40:33.835954: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:40:33.835954: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:40:38.882740: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:40:38.882740: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:40:44.022575: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:40:44.022575: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:40:49.173421: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:40:49.173421: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:40:54.329166: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:40:59.341597: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:41:04.454680: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:41:04.454680: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:41:09.499242: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:41:09.499242: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:41:14.505102: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:41:14.505102: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:41:19.546816: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:41:19.546816: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:41:24.684379: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:41:24.684379: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:41:29.793666: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:41:29.793666: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:41:34.886846: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:41:34.886846: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:41:39.964480: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:41:39.964480: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:41:45.104520: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:41:45.104520: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:41:50.260825: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:41:50.260825: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:41:55.292573: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:41:55.292573: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:42:00.308089: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:42:00.308089: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:42:05.380927: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:42:05.380927: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:42:10.460780: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:42:10.460780: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:42:15.508934: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:42:15.508934: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:42:20.518969: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:42:20.518969: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:42:25.549593: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:42:25.549593: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:42:30.595892: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 4) 2022-01-21 13:42:30.595892: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:42:35.715854: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 5) 2022-01-21 13:42:35.715854: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:42:40.810111: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 6) 2022-01-21 13:42:40.810111: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:42:45.887673: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:42:45.887673: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:42:50.965214: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:42:50.965214: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:42:56.120913: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:42:56.120913: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:43:01.292211: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:43:01.292211: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:43:06.320331: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:43:11.453129: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:43:11.453129: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:43:53.153122: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:43:58.249069: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:44:03.333263: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:44:08.377868: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:44:13.439246: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:44:13.439326: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:44:18.483981: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:44:18.483981: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:44:23.500372: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:44:28.649378: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:44:28.649378: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:44:33.661137: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:44:33.661137: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:44:38.731131: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:44:38.731131: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:44:43.800914: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:44:43.800914: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:44:48.815794: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:44:48.815794: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:44:53.903919: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:44:53.903919: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:44:59.003471: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:44:59.003471: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:45:04.120893: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:45:04.120939: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:45:09.263152: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:45:09.263152: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:45:14.331333: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:45:19.376347: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:45:19.376347: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:45:24.477516: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 3) 2022-01-21 13:45:24.477516: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:45:29.623417: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:45:29.623417: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:45:34.654947: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:45:34.654947: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:45:39.698940: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:45:44.830688: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:45:44.830688: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:45:49.958446: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:45:49.958446: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:45:54.983599: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:45:54.983599: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:46:00.048773: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:46:00.048773: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:46:05.102612: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:46:05.102612: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:46:10.144179: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:46:10.144179: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:46:15.160281: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:46:15.160281: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:46:20.257682: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:46:20.257682: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:46:25.411845: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:46:25.411845: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:46:30.572259: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:46:30.572259: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:46:35.644297: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:46:35.644297: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:49:40.378596: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:49:45.417651: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:49:45.417651: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:49:50.447555: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:49:50.447555: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:49:55.535020: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:50:00.546694: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:50:00.546694: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:50:05.572794: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:50:10.580728: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:50:15.584181: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:50:20.708629: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:50:20.708629: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:50:25.750867: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:50:25.750867: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:50:30.778990: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:50:35.803259: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:50:35.803259: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:50:40.838508: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:50:45.931758: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:50:45.931758: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:50:51.051043: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:50:51.051043: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:50:56.134950: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:50:56.134950: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:51:01.188905: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:51:01.188905: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:51:06.271887: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:51:06.271887: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:51:11.331315: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:51:11.331315: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:51:16.335062: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:51:21.439757: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:51:21.439757: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:51:26.581624: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:51:26.581624: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:51:31.674091: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:51:31.674091: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:51:36.687384: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:51:41.838362: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:51:41.838362: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:51:46.878508: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:51:46.878508: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:51:52.023036: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:51:52.023036: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:51:57.063438: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:51:57.063438: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:52:02.160510: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:52:02.160510: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:52:07.221922: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:52:07.221922: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:52:12.308428: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:52:12.308428: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:52:17.441103: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:52:17.441103: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:52:22.525922: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:52:22.525922: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:52:27.622028: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:52:27.622028: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:52:32.726590: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:52:32.726590: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:52:37.739041: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:52:42.827133: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:52:47.828903: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:52:52.968006: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:52:52.968006: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:52:57.998751: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:52:57.998751: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:53:03.052924: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:53:03.052937: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:53:08.135242: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:53:08.135242: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:53:13.312863: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:53:13.312863: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:53:18.337560: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:53:23.339707: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:53:28.398740: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:53:28.398740: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:53:33.421215: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:53:38.572262: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:53:38.572262: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:53:43.644793: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:53:48.823407: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:53:48.823439: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:53:53.918664: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:53:53.918664: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:53:59.059961: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:53:59.059961: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:54:04.127891: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:54:04.127891: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:54:09.170911: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:54:09.170911: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:54:14.340016: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:54:14.340016: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:54:19.382059: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:54:24.402897: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:54:24.402897: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:54:29.429606: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:54:29.429606: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:54:34.469382: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:54:34.469382: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:54:39.513481: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:54:39.513481: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:54:44.525963: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:54:44.525963: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:54:47.473947: [MGR] Starting UI process for user ?admin at NETBIOS? for session 6 2022-01-21 13:54:49.599296: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:54:49.599296: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:54:54.754166: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:54:54.754166: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:54:59.802065: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:54:59.802065: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:55:04.839528: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:55:04.839528: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:55:09.912812: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:55:09.912949: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:55:14.960576: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:55:14.960576: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:55:20.117522: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:55:20.117522: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:55:25.227467: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:55:25.227467: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:55:30.242084: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:55:30.242084: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:55:35.297539: [TUN] [vpn.domain.com] Handshake for peer 1 (192.168.99.1:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:55:35.297539: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (192.168.99.1:51820) 2022-01-21 13:55:38.291070: [TUN] [vpn.domain.com] Shutting down 2022-01-21 13:55:38.292119: [MGR] [vpn.domain.com] Tunnel service tracker finished 2022-01-21 13:55:38.577899: [TUN] [vpn.domain.com] Starting WireGuard/0.5.3 (Windows 10.0.19043; amd64) 2022-01-21 13:55:38.577899: [TUN] [vpn.domain.com] Watching network interfaces 2022-01-21 13:55:38.579447: [TUN] [vpn.domain.com] Resolving DNS names 2022-01-21 13:55:38.624843: [TUN] [vpn.domain.com] Creating network adapter 2022-01-21 13:55:38.761194: [TUN] [vpn.domain.com] Using existing driver 0.10 2022-01-21 13:55:38.765332: [TUN] [vpn.domain.com] Creating adapter 2022-01-21 13:55:38.973483: [TUN] [vpn.domain.com] Using WireGuardNT/0.10 2022-01-21 13:55:38.973483: [TUN] [vpn.domain.com] Enabling firewall rules 2022-01-21 13:55:38.921855: [TUN] [vpn.domain.com] Interface created 2022-01-21 13:55:38.975021: [TUN] [vpn.domain.com] Dropping privileges 2022-01-21 13:55:38.975021: [TUN] [vpn.domain.com] Setting interface configuration 2022-01-21 13:55:38.975533: [TUN] [vpn.domain.com] Peer 1 created 2022-01-21 13:55:38.977610: [TUN] [vpn.domain.com] Monitoring MTU of default v4 routes 2022-01-21 13:55:38.976559: [TUN] [vpn.domain.com] Interface up 2022-01-21 13:55:38.977610: [TUN] [vpn.domain.com] Setting device v4 addresses 2022-01-21 13:55:38.977610: [TUN] [vpn.domain.com] Monitoring MTU of default v6 routes 2022-01-21 13:55:38.982387: [TUN] [vpn.domain.com] Setting device v6 addresses 2022-01-21 13:55:38.982387: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:55:38.990223: [TUN] [vpn.domain.com] Startup complete 2022-01-21 13:55:39.001868: [MGR] Failed to connect to adapter interface \\?\SWD#WireGuard#{CAD5864D-13F2-398B-A075-EB510CB633B3}#{cac88484-7515-4c03-82e6-71a87abac361}: The system cannot find the file specified. (Code 0x00000002) 2022-01-21 13:55:39.024763: [TUN] [vpn.domain.com] Receiving handshake response from peer 1 (x.x.x.x:51820) 2022-01-21 13:55:39.025269: [TUN] [vpn.domain.com] Keypair 1 created for peer 1 2022-01-21 13:56:11.075383: [MGR] Exited UI process for user 'admin at NETBIOS' for session 6 with status 40010004 2022-01-21 13:56:12.080661: [MGR] Starting UI process for user ?admin at NETBIOS? for session 6 2022-01-21 13:56:12.473288: [MGR] Exited UI process for user 'admin at NETBIOS' for session 6 with status 40010004 2022-01-21 13:56:13.484727: [MGR] Starting UI process for user ?admin at NETBIOS? for session 6 2022-01-21 13:56:13.484727: [MGR] Unable to start manager UI process for user 'admin at NETBIOS' for session 6: Session has logged out 2022-01-21 13:56:13.962039: [TUN] [vpn.domain.com] Shutting down 2022-01-21 13:56:13.972922: [MGR] [vpn.domain.com] Tunnel service tracker finished 2022-01-21 13:56:42.419777: [MGR] Starting at boot WireGuard/0.5.3 (Windows 10.0.19043; amd64) 2022-01-21 13:56:42.424691: [TUN] [vpn.domain.com] Starting at boot WireGuard/0.5.3 (Windows 10.0.19043; amd64) 2022-01-21 13:56:42.426469: [TUN] [vpn.domain.com] SCM locked for 1s by .\NT Service Control Manager, marking service as started 2022-01-21 13:56:42.430189: [TUN] [vpn.domain.com] Watching network interfaces 2022-01-21 13:56:42.432208: [TUN] [vpn.domain.com] Resolving DNS names 2022-01-21 13:56:42.535795: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 13:56:46.569993: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 13:56:50.585189: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 13:56:54.604338: [TUN] [vpn.domain.com] Creating network adapter 2022-01-21 13:56:54.747140: [TUN] [vpn.domain.com] Using existing driver 0.10 2022-01-21 13:56:54.754287: [TUN] [vpn.domain.com] Creating adapter 2022-01-21 13:56:54.931104: [TUN] [vpn.domain.com] Using WireGuardNT/0.10 2022-01-21 13:56:54.931104: [TUN] [vpn.domain.com] Enabling firewall rules 2022-01-21 13:56:54.883789: [TUN] [vpn.domain.com] Interface created 2022-01-21 13:56:54.934363: [TUN] [vpn.domain.com] Dropping privileges 2022-01-21 13:56:54.934874: [TUN] [vpn.domain.com] Setting interface configuration 2022-01-21 13:56:54.935165: [TUN] [vpn.domain.com] Peer 1 created 2022-01-21 13:56:54.935676: [TUN] [vpn.domain.com] Monitoring MTU of default v4 routes 2022-01-21 13:56:54.935676: [TUN] [vpn.domain.com] Interface up 2022-01-21 13:56:54.948226: [TUN] [vpn.domain.com] Setting device v4 addresses 2022-01-21 13:56:54.951579: [TUN] [vpn.domain.com] Monitoring MTU of default v6 routes 2022-01-21 13:56:54.952082: [TUN] [vpn.domain.com] Setting device v6 addresses 2022-01-21 13:56:54.971047: [TUN] [vpn.domain.com] Startup complete 2022-01-21 13:56:54.972047: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:56:55.023239: [TUN] [vpn.domain.com] Receiving handshake response from peer 1 (x.x.x.x:51820) 2022-01-21 13:56:55.023239: [TUN] [vpn.domain.com] Keypair 1 created for peer 1 2022-01-21 13:58:50.423986: [TUN] [vpn.domain.com] Retrying handshake with peer 1 (x.x.x.x:51820) because we stopped hearing back after 15 seconds 2022-01-21 13:58:50.423986: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:58:55.455506: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:59:00.480385: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:59:05.490983: [TUN] [vpn.domain.com] Handshake for peer 1 (x.x.x.x:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:59:05.490983: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:59:10.504756: [TUN] [vpn.domain.com] Handshake for peer 1 (x.x.x.x:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:59:10.504756: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:59:15.604778: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:59:20.634382: [TUN] [vpn.domain.com] Handshake for peer 1 (x.x.x.x:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:59:20.634382: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:59:25.707137: [TUN] [vpn.domain.com] Handshake for peer 1 (x.x.x.x:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:59:25.707137: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:59:30.855850: [TUN] [vpn.domain.com] Handshake for peer 1 (x.x.x.x:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:59:30.855850: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:59:35.949600: [TUN] [vpn.domain.com] Handshake for peer 1 (x.x.x.x:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:59:35.949600: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:59:40.990745: [TUN] [vpn.domain.com] Handshake for peer 1 (x.x.x.x:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:59:40.990745: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:59:46.077722: [TUN] [vpn.domain.com] Handshake for peer 1 (x.x.x.x:51820) did not complete after 5 seconds, retrying (try 2) 2022-01-21 13:59:46.077722: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:59:51.130991: [TUN] [vpn.domain.com] Sending handshake initiation to peer 1 (x.x.x.x:51820) 2022-01-21 13:59:54.666728: [TUN] [vpn.domain.com] Shutting down 2022-01-21 13:59:54.666728: [MGR] [vpn.domain.com] Tunnel service tracker finished 2022-01-21 14:00:25.385109: [MGR] Starting at boot WireGuard/0.5.3 (Windows 10.0.19043; amd64) 2022-01-21 14:00:25.385617: [TUN] [vpn.domain.com] Starting at boot WireGuard/0.5.3 (Windows 10.0.19043; amd64) 2022-01-21 14:00:25.392357: [TUN] [vpn.domain.com] SCM locked for 1s by .\NT Service Control Manager, marking service as started 2022-01-21 14:00:25.397054: [TUN] [vpn.domain.com] Watching network interfaces 2022-01-21 14:00:25.399865: [TUN] [vpn.domain.com] Resolving DNS names 2022-01-21 14:00:25.640575: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:00:29.648660: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:00:33.657345: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:00:37.672796: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:00:41.682472: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:00:45.683318: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:00:49.696304: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:00:53.706665: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:00:57.722719: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:01:01.725050: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:01:05.741561: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:01:09.742016: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:01:13.742214: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:01:17.753757: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:01:21.754324: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:01:25.754991: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:01:29.762106: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:01:33.762738: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:01:37.763279: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:01:41.771324: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:01:45.772269: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:01:49.777344: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:01:53.781627: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:01:57.783379: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:02:01.784236: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:02:05.790570: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:02:09.806000: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:02:13.811052: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:02:17.827451: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:02:21.838263: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:02:25.839227: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:02:29.853433: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:02:33.792594: [MGR] Update checker: The server name or address could not be resolved 2022-01-21 14:02:33.855521: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:02:37.861237: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:02:41.863892: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:02:45.871248: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:02:49.877167: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:02:53.884177: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:03:20.324752: [TUN] [vpn.domain.com] Starting at boot WireGuard/0.5.3 (Windows 10.0.19043; amd64) 2022-01-21 14:03:20.325969: [MGR] Starting at boot WireGuard/0.5.3 (Windows 10.0.19043; amd64) 2022-01-21 14:03:20.331512: [TUN] [vpn.domain.com] Watching network interfaces 2022-01-21 14:03:20.384779: [TUN] [vpn.domain.com] Resolving DNS names 2022-01-21 14:03:20.503593: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:03:24.517787: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:03:28.531690: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:03:32.547531: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:03:36.558960: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:03:40.571316: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:03:44.584276: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:03:48.589629: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:03:52.601176: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:03:56.601326: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:04:00.604469: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:04:04.604609: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:04:08.604685: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:04:12.611113: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:04:16.623467: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:04:20.626082: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:04:24.637405: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:04:28.643856: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:04:32.654152: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:04:36.661979: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:04:40.665121: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:04:44.682742: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:04:48.698311: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:04:52.705238: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:04:56.719339: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:05:00.729435: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:05:04.736110: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:05:08.740339: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:05:12.743209: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:05:16.758777: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:05:20.766557: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:05:24.775715: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:05:28.781491: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:05:32.796664: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:05:36.799755: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:05:40.809000: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:05:44.820797: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:05:48.823036: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:05:52.825687: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:05:56.826425: [TUN] [vpn.domain.com] Host not found when resolving vpn.xxxx.org, but no Internet connection available, sleeping for 4 seconds 2022-01-21 14:05:56.832612: [TUN] [vpn.domain.com] Unable to resolve one or more DNS hostname endpoints: No such host is known. 2022-01-21 14:05:56.832612: [TUN] [vpn.domain.com] Shutting down 2022-01-21 14:05:56.833634: [MGR] [vpn.domain.com] Tunnel service tracker finished 2022-01-21 14:15:52.797687: [MGR] Starting UI process for user ?admin at NETBIOS? for session 2 ----------------------------- Tony Pros - Owner tony at tpro.tech 615 656 3543 T-Pro Tech LLC Audio & IT Consulting ??????? Original Message ??????? On Monday, January 17th, 2022 at 4:51 AM, Simon Rozman wrote: > Hi, > > > I believe there's a bug in the Windows service implementation, if this > > > > issue is by design, it's problematic. > > > > I have non-admin users were when I initially set them up with wireguard, > > > > I configured it to use the service, using the command: > > > > wireguard /installtunnelservice "C:\Program > > > > Files\WireGuard\Data\Configurations\vpn.domain.org.conf.dpapi" > > > > The tunnel worked fine the first time. Then the user reboots the laptop, > > > > or closes it or leaves whatever coffee shop they were at and get > > > > disconnected from the wireless network they were using. When this > > > > happens, for some reason, the wireguard service then gets torn down > > > > never to come back again until I issue the command from my admin account > > > > again. > > Can you do the wireguard /dumplog > wireguard.log and investigate. > > > There was an issue with some users initial configuration in that they > > > > could not query hostname via DNS, so that entering the command to > > > > installservice would not even create the service. > > WireGuard services start early on boot - sometimes even before the DNSCache (DNS Client). If the service can't resolve hostnames used in the config file, it will stop. But it will log this. Resolution to this problem is: > > - Use IPs rather than hostnames. > - Add hostnames you use in your .conf file to C:\Windows\system32\drivers\etc\hosts. > - Add DNSCache dependency to the WireGuardTunnel$ service. > > I personally would pick one of the first two options above. Don't like the idea my laptop is asking a coffee shop's DNS what is my VPN endpoint IP address. > > > Here's a few notes that might help with understanding. > > > > - Users must have the VPN established before they log into the active > > > > directory servers on the remote network so that they can get all of > > > > their GPO directives. > > - Wireguard Service should stay up so that any time a users connects to > > > > any network, the VPN is established immediately after that. > > - The Wireguard service should also stay because non-admin users cannot > > > > create a new service > > I understand. That is exactly how we use WireGuard in our company. > > > If this issue is how things will stay, and this is not considered a bug, > > > > how would you configure windows non-admin users to tunnel to an > > > > enterprise network before login via WireGuard and to continuously try to > > > > establish the tunnel while the user is not connected to a network? > > Let me assure you, the behavior you are expecting is definitely pathological. Please investigate the log file why the tunnel service does not persist as it should. > > Best regards, > > Simon From simonmcnair at gmail.com Mon Jan 24 09:59:55 2022 From: simonmcnair at gmail.com (Simon McNair) Date: Mon, 24 Jan 2022 09:59:55 +0000 Subject: apologies if this DNS conditional forwarding query is a daft question Message-ID: Hi, Again apologies if this is networking newb question I have just spent the weekend laboriously learning about wireguard windows and finally powershell & internet connection sharing. My usage case is supporting a parents network and/or sharing resources in a small site(s) to site(s) network. My question is this.? Without buying any extra commodity hardware, or installing any more software is it possible to set up conditional DNS forwarding per peer for DNS ?? I would like each subnets DNS server (in this case isp router) to handle DNS for that subnet. i.e. if the dns request is for a subnet on peer A use DNS server 192.168.100.254 defined in peer A config ??? ?? if the dns request is made a subnet on peer B use DNS server 192.168.110.254 defined in peer B config Similar to this: [Interface] PrivateKey = pkhere ListenPort = 12345 Address = 10.250.250.4/24 [PeerA] PublicKey = peerpkhere AllowedIPs = 192.168.100.0/24, 10.250.250.0/24 Endpoint = my.ddnsalias.net:5678 DNS = 192.168.100.254 [PeerB] PublicKey = peerpkhere AllowedIPs = 192.168.110.0/24, 10.250.250.0/24 Endpoint = my.ddnsalias.net:5678 DNS = 192.168.110.254 I know we already have the Interface level DNS option but that would fail for peers unless conditional forwarding was configured which isn't possible on most home routers.? I know I can fix this with dnsmasq or a pihole but that requires another machine on all the time.? I was just wondering if anything clever could easily be done within wireguard.? I know it's a big ask but it would be appreciated as an enhancement request. Likewise, for the windows version of wireguard it would be cool if there was an option to enable internet connection sharing on the client.? I have done this successfully (I am happy to share the steps if required) although it was a huge pita and required dangerousscripts enabling which I'm not keen on. Thanks again for all the hard work Jason, I love the app, and it is running happily on my ER-X and making my life better. Regards Simon From frank at carmickle.com Mon Jan 24 13:28:20 2022 From: frank at carmickle.com (Frank Carmickle) Date: Mon, 24 Jan 2022 08:28:20 -0500 Subject: apologies if this DNS conditional forwarding query is a daft question In-Reply-To: References: Message-ID: Greetings Simon, > On Jan 24, 2022, at 4:59 AM, Simon McNair wrote: > > Hi, > Again apologies if this is networking newb question > I have just spent the weekend laboriously learning about wireguard windows and finally powershell & internet connection sharing. My usage case is supporting a parents network and/or sharing resources in a small site(s) to site(s) network. > My question is this. Without buying any extra commodity hardware, or installing any more software is it possible to set up conditional DNS forwarding per peer for DNS ? I would like each subnets DNS server (in this case isp router) to handle DNS for that subnet. > > i.e. if the dns request is for a subnet on peer A use DNS server 192.168.100.254 defined in peer A config > if the dns request is made a subnet on peer B use DNS server 192.168.110.254 defined in peer B config I'm not totally understanding the topology you are implementing, internet sharing and site to site, that usually means that both sites have internet service. It does seem as though you can accomplish having systems in each subnet use there own DNS by not configuring a DNS directive in the wireguard config at all. HTH, --FC > > Similar to this: > [Interface] > PrivateKey = pkhere > ListenPort = 12345 > Address = 10.250.250.4/24 > > [PeerA] > PublicKey = peerpkhere > AllowedIPs = 192.168.100.0/24, 10.250.250.0/24 > Endpoint = my.ddnsalias.net:5678 > DNS = 192.168.100.254 > > [PeerB] > PublicKey = peerpkhere > AllowedIPs = 192.168.110.0/24, 10.250.250.0/24 > Endpoint = my.ddnsalias.net:5678 > DNS = 192.168.110.254 > > I know we already have the Interface level DNS option but that would fail for peers unless conditional forwarding was configured which isn't possible on most home routers. I know I can fix this with dnsmasq or a pihole but that requires another machine on all the time. I was just wondering if anything clever could easily be done within wireguard. I know it's a big ask but it would be appreciated as an enhancement request. > > Likewise, for the windows version of wireguard it would be cool if there was an option to enable internet connection sharing on the client. I have done this successfully (I am happy to share the steps if required) although it was a huge pita and required dangerousscripts enabling which I'm not keen on. > Thanks again for all the hard work Jason, I love the app, and it is running happily on my ER-X and making my life better. > > Regards > Simon > From simon at rozman.si Mon Jan 24 14:47:03 2022 From: simon at rozman.si (Simon Rozman) Date: Mon, 24 Jan 2022 14:47:03 +0000 Subject: Wireguard Windows Service Issues In-Reply-To: <9-M1j7GQozeUMiB1Qm-kk17KUFZ_tE4h4oF-n0QEGEXh0IYS-sv3PDvecqKRPasw5Kw_60Do1VAMBuWQymyiQ79wnej1AOl8KsvWwVZ3mlE=@tpro.tech> References: <9-M1j7GQozeUMiB1Qm-kk17KUFZ_tE4h4oF-n0QEGEXh0IYS-sv3PDvecqKRPasw5Kw_60Do1VAMBuWQymyiQ79wnej1AOl8KsvWwVZ3mlE=@tpro.tech> Message-ID: <4fcaa402dbcb47609db707aabb5ccbdd@rozman.si> Hi, > The problem still is occurring, the service seems to get torn down never > to come back again once the user comes back to the office and connects > back into the main network with ethernet. When the user is on the main > network the VPN host address will not get resolved by DNS by design. We > do not want the user to be on the VPN when they are already on the > internal network. If there's a better way to handle the VPN not > connecting when the non-admin user is on the internal network I'm open > to that too. We use a hostname for VPN server resolution because we use > both IPv4 and IPv6 for host connectivity. When your laptop is connected to the "main network" and boots, the tunnel service will give up on the DNS resolution failure after a few minutes and exit. The manager service will notice that the service is dead and will clean it up. Hence your tunnel service ceases to exist and doesn't get started on the next boot any more. Split DNS is not the right way to prevent WireGuard tunneling of the on-link traffic. On my devices, I keep the VPN tunnel active all the time. Regardless the network the device is physically connected to. You are not using the IP addresses from your main network subnet for WireGuard clients. So, when you connect your laptop physically into the main network, the NICs' on-link route should be preferred over the route added by WireGuards' AllowedIPs. This makes the local network traffic flow directly. But - and very important for seamless roaming - schedule periodic elevated calls of `wg.exe set vpn.domain.com peer endpoint vpn.xxxx.org:51820`. It's cheap and can be scheduled to trigger every 2 minutes (and immediately after scheduled time is missed). If your laptop is connected on your main network, WireGuard roaming will learn 192.168.99.1 as the peer endpoint. Then you put your laptop to sleep and wake it up at home in a different network. It will continue to use 192.168.99.1 as peer endpoint, but that's no longer correct. Periodic reset of peer endpoint fixes this. > 2022-01-21 14:00:25.385109: [MGR] Starting at boot WireGuard/0.5.3 > (Windows 10.0.19043; amd64) > 2022-01-21 14:00:25.385617: [TUN] [vpn.domain.com] Starting at boot > WireGuard/0.5.3 (Windows 10.0.19043; amd64) > 2022-01-21 14:00:25.392357: [TUN] [vpn.domain.com] SCM locked for 1s by > .\NT Service Control Manager, marking service as started > 2022-01-21 14:00:25.397054: [TUN] [vpn.domain.com] Watching network > interfaces > 2022-01-21 14:00:25.399865: [TUN] [vpn.domain.com] Resolving DNS names > 2022-01-21 14:00:25.640575: [TUN] [vpn.domain.com] Host not found when > resolving vpn.xxxx.org, but no Internet connection available, sleeping > for 4 seconds > 2022-01-21 14:00:29.648660: [TUN] [vpn.domain.com] Host not found when > resolving vpn.xxxx.org, but no Internet connection available, sleeping > for 4 seconds > 2022-01-21 14:00:33.657345: [TUN] [vpn.domain.com] Host not found when > resolving vpn.xxxx.org, but no Internet connection available, sleeping > for 4 seconds > 2022-01-21 14:00:37.672796: [TUN] [vpn.domain.com] Host not found when > resolving vpn.xxxx.org, but no Internet connection available, sleeping > for 4 seconds > 2022-01-21 14:00:41.682472: [TUN] [vpn.domain.com] Host not found when > resolving vpn.xxxx.org, but no Internet connection available, sleeping > for 4 seconds The on-boot connectivity detection was unreliable and was removed in https://git.zx2c4.com/wireguard-windows/commit/?id=b75cc38c60e36e1117bb40fd4ac78c44f1aae1f6. If SCM started the tunnel service before Dnscache and other networking services, WireGuard couldn't tell from the Windows DNS resolving response whether the resolve failure is transient or not. This fix has not yet been published, but it will not help your tunnel deactivation on split DNS issue. Best regards, Simon From simonmcnair at gmail.com Mon Jan 24 18:17:58 2022 From: simonmcnair at gmail.com (Simon McNair) Date: Mon, 24 Jan 2022 18:17:58 +0000 Subject: Wireguard Windows Service Issues In-Reply-To: References: Message-ID: <154d5705-2445-6297-cade-2103738a0667@gmail.com> just to insert my 2p. Provided the service manager is installed whilst the tunnel will not appear in the list of tunnels you can view the logfile which will assist with diagnosis. From my perspective I set up exactly the same set-up myself at the weekend and it is behaving as advertised (except not on wifi). The part of this that makes me curious though is the fact that the connection is via wifi so the adapter will stay visible but the underlying connection will drop and the ip addresses, DNS etc will change behind the scenes with each wireless network they connect to.? I would think wireguard would handle this, but the log file would certainly be worth of scrutiny. Also worth thinking around powers aving and the closing of the laptop lid putting the adapter in to power saving and dropping the underlying connection. Simon On 17/01/2022 10:51, Simon Rozman wrote: > Hi, > >> I believe there's a bug in the Windows service implementation, if this >> issue is by design, it's problematic. >> >> I have non-admin users were when I initially set them up with wireguard, >> I configured it to use the service, using the command: >> >> wireguard /installtunnelservice "C:\Program >> Files\WireGuard\Data\Configurations\vpn.domain.org.conf.dpapi" >> >> The tunnel worked fine the first time. Then the user reboots the laptop, >> or closes it or leaves whatever coffee shop they were at and get >> disconnected from the wireless network they were using. When this >> happens, for some reason, the wireguard service then gets torn down >> never to come back again until I issue the command from my admin account >> again. > Can you do the wireguard /dumplog > wireguard.log and investigate. > >> There was an issue with some users initial configuration in that they >> could not query hostname via DNS, so that entering the command to >> installservice would not even create the service. > WireGuard services start early on boot - sometimes even before the DNSCache (DNS Client). If the service can't resolve hostnames used in the config file, it will stop. But it will log this. Resolution to this problem is: > - Use IPs rather than hostnames. > - Add hostnames you use in your .conf file to C:\Windows\system32\drivers\etc\hosts. > - Add DNSCache dependency to the WireGuardTunnel$ service. > > I personally would pick one of the first two options above. Don't like the idea my laptop is asking a coffee shop's DNS what is my VPN endpoint IP address. > >> Here's a few notes that might help with understanding. >> - Users must have the VPN established before they log into the active >> directory servers on the remote network so that they can get all of >> their GPO directives. >> - Wireguard Service should stay up so that any time a users connects to >> any network, the VPN is established immediately after that. >> - The Wireguard service should also stay because non-admin users cannot >> create a new service > I understand. That is exactly how we use WireGuard in our company. > >> If this issue is how things will stay, and this is not considered a bug, >> how would you configure windows non-admin users to tunnel to an >> enterprise network before login via WireGuard and to continuously try to >> establish the tunnel while the user is not connected to a network? > Let me assure you, the behavior you are expecting is definitely pathological. Please investigate the log file why the tunnel service does not persist as it should. > > Best regards, > Simon From simonmcnair at gmail.com Mon Jan 24 18:26:54 2022 From: simonmcnair at gmail.com (Simon McNair) Date: Mon, 24 Jan 2022 18:26:54 +0000 Subject: apologies if this DNS conditional forwarding query is a daft question In-Reply-To: References: Message-ID: <7886ff22-03eb-148a-3e2d-1f968bbfa59b@gmail.com> Hi Frank, Thanks for responding. My implementation is a mixture of point to point and site to site. I have laptops and mobile phones which connect directly in, but I also have entire class c subnets routing traffic (the only real difference being enabling ip routing/bridgining the networks vs no routing and only being able to see the single device). The windows implementation of wireshark only allows a point to point connection as windows does not enable routing (in a similar way that I don't believe linux does by default).? This can be worked around in windows by selecting the adapter and 'sharing' it with the wireshark connection (internet connection sharing or ICS).? This means that wireshark can see the entire private class c network changing a point connection to a site. My desired result is that each sites class C subnet maintains it's own dhcp leases and reverse dns of the same (using the ISP router).? For each class C subnet I can configure, per peer, that name resolution should go to the appropriate dns server. In summary each house has an ISP router which does DHCP and DNS, I would like to configure each peer to connect via IP to the peers ISP router in order to resolve DNS. I hope that makes sense. Regards Simon On 24/01/2022 13:28, Frank Carmickle wrote: > Greetings Simon, > >> On Jan 24, 2022, at 4:59 AM, Simon McNair wrote: >> >> Hi, >> Again apologies if this is networking newb question >> I have just spent the weekend laboriously learning about wireguard windows and finally powershell & internet connection sharing. My usage case is supporting a parents network and/or sharing resources in a small site(s) to site(s) network. >> My question is this. Without buying any extra commodity hardware, or installing any more software is it possible to set up conditional DNS forwarding per peer for DNS ? I would like each subnets DNS server (in this case isp router) to handle DNS for that subnet. >> >> i.e. if the dns request is for a subnet on peer A use DNS server 192.168.100.254 defined in peer A config >> if the dns request is made a subnet on peer B use DNS server 192.168.110.254 defined in peer B config > I'm not totally understanding the topology you are implementing, internet sharing and site to site, that usually means that both sites have internet service. It does seem as though you can accomplish having systems in each subnet use there own DNS by not configuring a DNS directive in the wireguard config at all. > > HTH, > --FC > > >> Similar to this: >> [Interface] >> PrivateKey = pkhere >> ListenPort = 12345 >> Address = 10.250.250.4/24 >> >> [PeerA] >> PublicKey = peerpkhere >> AllowedIPs = 192.168.100.0/24, 10.250.250.0/24 >> Endpoint = my.ddnsalias.net:5678 >> DNS = 192.168.100.254 >> >> [PeerB] >> PublicKey = peerpkhere >> AllowedIPs = 192.168.110.0/24, 10.250.250.0/24 >> Endpoint = my.ddnsalias.net:5678 >> DNS = 192.168.110.254 >> >> I know we already have the Interface level DNS option but that would fail for peers unless conditional forwarding was configured which isn't possible on most home routers. I know I can fix this with dnsmasq or a pihole but that requires another machine on all the time. I was just wondering if anything clever could easily be done within wireguard. I know it's a big ask but it would be appreciated as an enhancement request. >> >> Likewise, for the windows version of wireguard it would be cool if there was an option to enable internet connection sharing on the client. I have done this successfully (I am happy to share the steps if required) although it was a huge pita and required dangerousscripts enabling which I'm not keen on. >> Thanks again for all the hard work Jason, I love the app, and it is running happily on my ER-X and making my life better. >> >> Regards >> Simon >> From alessio.nossa+list at gmail.com Tue Jan 25 14:16:06 2022 From: alessio.nossa+list at gmail.com (Alessio Nossa) Date: Tue, 25 Jan 2022 15:16:06 +0100 Subject: Contributing to iOS app Message-ID: Hello, I?d like to contribute to wireguard-apple with Shortcuts integration for the iOS app (this is a feature in the todo-list too). The implementation is almost complete, I?d like to be allowed to merge my contribution with the main app (or to have information on how I can submit my contributions). Kind regards, Alessio Nossa From Jason at zx2c4.com Tue Jan 25 14:55:52 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Tue, 25 Jan 2022 15:55:52 +0100 Subject: Contributing to iOS app In-Reply-To: References: Message-ID: You can send them to the mailing list, or I can give you commit access to prefixed branches. I'll contact you offlist for the latter mechanics. From alessio.nossa+list at gmail.com Tue Jan 25 15:45:34 2022 From: alessio.nossa+list at gmail.com (Alessio Nossa) Date: Tue, 25 Jan 2022 16:45:34 +0100 Subject: Contributing to iOS app In-Reply-To: References: Message-ID: I am aware of the bug reported by Houman. To get around this problem I have implemented a workaround: when the action needs to make changes to the configuration, the main app is launched and the user can then specify in Shortcut's action a URL to open when the action is completed (default will be "shortcuts://"). This workaround has been used by other apps like Working Copy [1] (in "Clone repository from" action) for actions that need to be executed by the main app. With this solution you cannot return results of the operation to Shortcuts, but you can successfully get the work done and if something went wrong, there is Wireguard's log to check. One thing I had to change in the app to accomplish this is to move TunnelsManager initialization from MainViewController to AppDelegate. It will not slow down app startup since it is an asynchronous action and I think it is fine to initialize the main component of the app's logic, outside the view hierarchy. Hopefully, one day the bug will be fixed and moving the action logic to Intents Extension will be straightforward. Regards, Alessio [1]: https://workingcopyapp.com/ Il giorno mar 25 gen 2022 alle ore 15:52 Houman ha scritto: > > Shortcut integration for Wireguard on iOS would be amazing. But did you actually get it working? > > I think due to this Apple bug that has been open for years: https://developer.apple.com/forums/thread/96020, it is not possible to work with Siri shortcuts on the network extension. > But if your solution works, it would be amazing!! > > Regards, > Houman > > On Tue, 25 Jan 2022 at 14:20, Alessio Nossa wrote: >> >> Hello, >> I?d like to contribute to wireguard-apple with Shortcuts integration >> for the iOS app (this is a feature in the todo-list too). >> The implementation is almost complete, I?d like to be allowed to merge >> my contribution with the main app (or to have information on how I can >> submit my contributions). >> >> Kind regards, >> Alessio Nossa From richard at netcore.se Mon Jan 17 19:49:53 2022 From: richard at netcore.se (Richard Werner) Date: Mon, 17 Jan 2022 19:49:53 +0000 Subject: [macOS] possible bug Message-ID: <948FB3D5-2990-48E1-B27F-FDA699AEAF24@netcore.se> Hi everyone. We found a strange issue regarding macOS client and hope this is a proper way to start (and get some help debugging) a possible bug. I?ve not been able to capture the actual error message shown to the user, but I have the a log file. What seem to happen is something like this: 1. Have a working configuration. 2. Some unknown event happens (still investigating). 3. An error message is shown (something along the lines of "unable to read config?). 4. Orphaned configs are removed, but there seems to be more going on which we can?t identify. 5. No WG VPN's will work regardless of removing configs, keychains, etc. Even if all tunnels are removed and added again, no traffic leaves the client. It effectively enters a state of not being able to use any wireguards vpns on the client. Some entries from the log that shows going from working to not functioning will follow. More complete log at https://pastebin.com/m2MqHhPF -Working: 2022-01-17 17:55:59.292781: [NET] peer(ZY6x?1ZBc) - Sending handshake initiation 2022-01-17 17:55:59.337042: [NET] peer(ZY6x?1ZBc) - Received handshake response 2022-01-17 17:59:22.007634: [NET] peer(ZY6x?1ZBc) - Receiving keepalive packet -Error message is shown: 2022-01-17 18:35:29.081737: [APP] App version: 1.0.15 (26) 2022-01-17 18:36:22.662281: [APP] startActivation: Entering (tunnel: VPN X) 2022-01-17 18:36:23.490825: [APP] Unable to open config from keychain: -25300 2022-01-17 18:36:23.491058: [APP] startActivation: Starting tunnel 2022-01-17 18:36:23.491288: [APP] startActivation: Success 2022-01-17 18:36:23.497349: [APP] Tunnel 'VPN X' connection status changed to 'connecting' 2022-01-17 18:36:23.582298: [APP] Unable to open config from keychain: -25300 2022-01-17 18:36:28.491285: [APP] Status update notification timeout for tunnel 'VPN X'. Tunnel status is now 'connecting'. 2022-01-17 18:36:29.517132: [APP] Unable to open config from keychain: -25300 -Tunnel config is removed: 2022-01-17 18:38:47.127836: [APP] App version: 1.0.15 (26) 2022-01-17 18:38:47.337355: [APP] Removing orphaned tunnel with non-verifying keychain entry: VPN X -Tunnel now fails with same config (imported or manually entered) 2022-01-17 18:39:51.924221: [APP] Status update notification timeout for tunnel 'VPN X'. Tunnel status is now 'connected'. 2022-01-17 18:39:52.248987: [NET] peer(ZY6x?1ZBc) - Sending handshake initiation 2022-01-17 18:39:57.410547: [NET] peer(ZY6x?1ZBc) - Handshake did not complete after 5 seconds, retrying (try 2) 2022-01-17 18:39:57.410877: [NET] peer(ZY6x?1ZBc) - Sending handshake initiation 2022-01-17 18:39:57.411226: [NET] peer(ZY6x?1ZBc) - Failed to send handshake initiation: write udp4 0.0.0.0:52982->:443: sendto: broken pipe [?] 2022-01-17 18:40:00.396146: [APP] Tunnel 'VPN X' connection status changed to 'disconnected' 2022-01-17 18:41:27.735004: [APP] Tunnel 'VPN X' connection status changed to ?invalid' ?Richard From herbert at gondor.apana.org.au Tue Jan 18 06:42:28 2022 From: herbert at gondor.apana.org.au (Herbert Xu) Date: Tue, 18 Jan 2022 17:42:28 +1100 Subject: [PATCH crypto v3 0/2] reduce code size from blake2s on m68k and other small platforms In-Reply-To: Message-ID: Jason A. Donenfeld wrote: > > Excellent, thanks for the breakdown. So this shaves off ~4k, which was > about what we were shooting for here, so I think indeed this series > accomplishes its goal of counteracting the addition of BLAKE2s. > Hopefully Herbert will apply this series for 5.17. As the patches that triggered this weren't part of the crypto tree, this will have to go through the random tree if you want them for 5.17. Otherwise if you're happy to wait then I can pull them through cryptodev. Cheers, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt From michal.murin at jamf.com Wed Jan 19 08:28:57 2022 From: michal.murin at jamf.com (Michal Murin) Date: Wed, 19 Jan 2022 09:28:57 +0100 Subject: [PATCH] Fixed the failing BadConfigExceptionTest unit test Message-ID: <20220119082857.64215-1-michal.murin@jamf.com> Fixed the test by changing the DNS to a string with an invalid char in the `invalid-value.conf` test configuration file. Also removed the `getParsingClass()` condition from the `parseDnsServers()` method as the condition can be never met - the `InetAddresses.parse(dnsServer)` method always throws the `ParseException` with the `parsingClass` set to `InetAddress.class`. --- tunnel/src/main/java/com/wireguard/config/Interface.java | 2 +- tunnel/src/test/resources/invalid-value.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tunnel/src/main/java/com/wireguard/config/Interface.java b/tunnel/src/main/java/com/wireguard/config/Interface.java index 694f313..5bd4da7 100644 --- a/tunnel/src/main/java/com/wireguard/config/Interface.java +++ b/tunnel/src/main/java/com/wireguard/config/Interface.java @@ -356,7 +356,7 @@ public final class Interface { try { addDnsServer(InetAddresses.parse(dnsServer)); } catch (final ParseException e) { - if (e.getParsingClass() != InetAddress.class || !InetAddresses.isHostname(dnsServer)) + if (!InetAddresses.isHostname(dnsServer)) throw e; addDnsSearchDomain(dnsServer); } diff --git a/tunnel/src/test/resources/invalid-value.conf b/tunnel/src/test/resources/invalid-value.conf index 2889111..6a1e3b6 100644 --- a/tunnel/src/test/resources/invalid-value.conf +++ b/tunnel/src/test/resources/invalid-value.conf @@ -1,6 +1,6 @@ [Interface] Address = 192.0.2.2/32,2001:db8:ffff:ffff:ffff:ffff:ffff:ffff/128 -DNS = 192.0.2.0,yes +DNS = 192.0.2.0,invalid_value PrivateKey = TFlmmEUC7V7VtiDYLKsbP5rySTKLIZq1yn8lMqK83wo= [Peer] AllowedIPs = 0.0.0.0/0, ::0/0 -- 2.30.1 (Apple Git-130) From me at msfjarvis.dev Wed Jan 26 15:02:32 2022 From: me at msfjarvis.dev (Harsh Shandilya) Date: Wed, 26 Jan 2022 20:32:32 +0530 Subject: [PATCH] Fixed the failing BadConfigExceptionTest unit test In-Reply-To: <20220119082857.64215-1-michal.murin@jamf.com> References: <20220119082857.64215-1-michal.murin@jamf.com> Message-ID: Hey Michal, On Jan 19 2022, at 1:58 pm, Michal Murin wrote: > Fixed the test by changing the DNS to a string with an invalid char in > the `invalid-value.conf` test configuration file. Also removed the > `getParsingClass()` condition from the `parseDnsServers()` method as > the condition can be never met - the `InetAddresses.parse(dnsServer)` > method always throws the `ParseException` with the `parsingClass` set > to `InetAddress.class`. > --- > tunnel/src/main/java/com/wireguard/config/Interface.java | 2 +- > tunnel/src/test/resources/invalid-value.conf | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/tunnel/src/main/java/com/wireguard/config/Interface.java b/tunnel/src/main/java/com/wireguard/config/Interface.java > index 694f313..5bd4da7 100644 > --- a/tunnel/src/main/java/com/wireguard/config/Interface.java > +++ b/tunnel/src/main/java/com/wireguard/config/Interface.java > @@ -356,7 +356,7 @@ public final class Interface { > try { > addDnsServer(InetAddresses.parse(dnsServer)); > } catch (final ParseException e) { > - if (e.getParsingClass() != InetAddress.class > || !InetAddresses.isHostname(dnsServer)) > + if (!InetAddresses.isHostname(dnsServer)) > throw e; > addDnsSearchDomain(dnsServer); > } > diff --git a/tunnel/src/test/resources/invalid-value.conf b/tunnel/src/test/resources/invalid-value.conf > index 2889111..6a1e3b6 100644 > --- a/tunnel/src/test/resources/invalid-value.conf > +++ b/tunnel/src/test/resources/invalid-value.conf > @@ -1,6 +1,6 @@ > [Interface] > Address = 192.0.2.2/32,2001:db8:ffff:ffff:ffff:ffff:ffff:ffff/128 > -DNS = 192.0.2.0,yes > +DNS = 192.0.2.0,invalid_value > PrivateKey = TFlmmEUC7V7VtiDYLKsbP5rySTKLIZq1yn8lMqK83wo= > [Peer] > AllowedIPs = 0.0.0.0/0, ::0/0 > -- > 2.30.1 (Apple Git-130) > > Thanks! The patch looks good, if you can send a v2 with a Signed-off-by line I'd be happy to apply this. Cheers, Harsh Shandilya From Jason at zx2c4.com Wed Jan 26 18:25:44 2022 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Wed, 26 Jan 2022 19:25:44 +0100 Subject: [PATCH] Fixed the failing BadConfigExceptionTest unit test In-Reply-To: <20220119082857.64215-1-michal.murin@jamf.com> References: <20220119082857.64215-1-michal.murin@jamf.com> Message-ID: On Tue, Jan 25, 2022 at 5:12 PM Michal Murin wrote: > Also removed the `getParsingClass()` condition from the `parseDnsServers()` method as the condition can be never met - the `InetAddresses.parse(dnsServer)` method always throws the `ParseException` with the `parsingClass` set to `InetAddress.class`. Until one day it doesn't, and then we have to remember this subtle behavior. On the contrary, what's there now means that the code is correct regardless of changes. > - if (e.getParsingClass() != InetAddress.class || !InetAddresses.isHostname(dnsServer)) > + if (!InetAddresses.isHostname(dnsServer)) Please drop this snippet from v2. As Harsh said, we need your sign off line. It would also be appreciated if you'd wrap your commit message and adjust your commit subject to match what the project uses conventionally. Thanks, Jason From stephen at slarew.net Fri Jan 28 05:23:29 2022 From: stephen at slarew.net (Stephen Larew) Date: Thu, 27 Jan 2022 21:23:29 -0800 Subject: Split DNS for macOS In-Reply-To: <20211028071638.88001-1-stephen@slarew.net> References: <20211028071638.88001-1-stephen@slarew.net> Message-ID: <16E7589D-F36A-4CCD-A388-EA435C8A8D95@slarew.net> > On Oct 28, 2021, at 00:16, Stephen Larew wrote: > > For many months now, I have been running a patched WireGuard macOS app > that enables a split DNS configuration. I would like to try to upstream > my patches for split DNS. > > There has been some interest in this patch: > - "Mac APP DNS Search Domain" thread from July and August 2021 [1] > - A commenter on my GitHub fork of wireguard-apple. > > What is split DNS? It allows sending DNS queries to a specific server > based on the domain name. Systemd-resolved calls it a routing domain. > Apple's Network Extension framework calls it a match domain. Split DNS > is especially useful for internal DNS servers. > > For example, if corp.example.com is a routing domain for the DNS server > at 192.0.2.1 (only accessible over WireGuard), then > server.corp.example.com is resolved using 192.0.2.1 while > www.example.com is resolved using some other DNS resolver (depending on > the other network settings in macOS). > > The proposed patch adds new syntax to the wg-quick DNS= line. > Specifically, a tilde prefixed domain is treated as a routing domain. > Multiple routing domains can be added. > > Limitations: > - Needs modifications to iOS UI to work on iOS. > - Only matching routing domains are sent to the DNS servers specified in > the DNS= config line. No separate fallback catch-all DNS server can > be set. > - Routing/match domains are also included in the list of search domains. > This could be changed with the matchDomainsNoSearch API, but lacking > more UI or config file changes to expose this option to the user, I > went with the default. > > [1] https://lore.kernel.org/wireguard/20210810074232.aah5ktq5yzysaaey at SvensMacBookAir-2.local/T/ > [2] https://github.com/slarew/wireguard-apple/commit/6ebc356d9e11ab91443e06de5e89f1af57fcdff8 Thanks everyone for your opinions and feedback. Here?s my summary: - DNS configuration is nuanced, fragmented, and platform dependent. - Split DNS can be accomplished in several ways: - Via the native macOS DNS resolution machinery (NEDNSSettings.matchDomains in my patch) - Via a local or upstream non-platform-native DNS resolver - Demand for split DNS exists. Other VPN apps (e.g. Tailscale and DNSCloak) allow setting split DNS. -- I would appreciate some feedback from the WireGuard maintainers on next steps. Thanks ahead. I?ll address some feedback below. > On Nov 3, 2021, at 02:15, Harald Dunkel wrote: > > Hi folks, > > I really like this patch. Currently DNS on MacOS is unable to resolve > both my local DNS names and the domain in the office in parallel, if > Wireguard is enabled. I have to use somehost.local to fall back to > zeroconf for my LAN as a workaround, which is pretty annoying. > > My suggestion would be to set SupplementalMatchDomains instead(!) of > SearchDomains, using the current config file syntax without '~'. Since > SupplementalMatchDomainsNoSearch is disabled by default, setting > SupplementalMatchDomains is sufficient to configure both lists. See > > https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf > > This has to be verified, of course. > > Regards > Harri Harri, it sounds to me like SupplementalMatchDomains is functionally the same as NEDNSSettings.matchDomains. The difference is that SupplementalMatchDomains is specified in Apple?s configuration profiles instead of thru the NEDNSSettings.matchDomains API (by way of a wg-quick syntax extension in my patch). If the WireGuard macOS app supported Apple?s configuration profiles (I don?t believe it does but I may be mistaken), then a configuration profile would conveniently avoid the extended wg-quick syntax in my patch. However, I think configuration profiles are less accessible to the average user. > On Nov 3, 2021, at 14:34, Andrew Fried wrote: > > Basically, what I'm suggesting is that DNS servers handle DNS and wireguard handle routing/transport. Adding VPN functionality to a nameserver or dns capabilities to Wireguard adds complexities that can be better handled elsewhere. > > What makes Wireguard so good is that it does one thing and does it really, really well. > > Andrew Andrew, to your point, alternative DNS solutions exist and can be deployed in many ways. WireGuard itself is not a DNS solution. That said, wg-quick style configuration (used by the WireGuard macOS app) already does basic DNS configuration. My patch adds a small extension to wg-quick syntax (tilde prefixed domains) to make certain split DNS scenarios possible. Crucially, my patch actually integrates directly into macOS?s DNS machinery. No third party software or external network DNS servers need apply. > On Nov 5, 2021, at 21:54, David Anderson wrote: > > Hi, Tailscale person here. Dave, your technical details sound right based on what I remember from my own experimentation. -Stephen From harald.dunkel at aixigo.com Fri Jan 28 09:02:46 2022 From: harald.dunkel at aixigo.com (Harald Dunkel) Date: Fri, 28 Jan 2022 10:02:46 +0100 Subject: Split DNS for macOS In-Reply-To: <16E7589D-F36A-4CCD-A388-EA435C8A8D95@slarew.net> References: <20211028071638.88001-1-stephen@slarew.net> <16E7589D-F36A-4CCD-A388-EA435C8A8D95@slarew.net> Message-ID: <5210b28a-2912-d1ec-457b-7fd88f480241@aixigo.com> On 2022-01-28 06:23:29, Stephen Larew wrote: > > I would appreciate some feedback from the WireGuard maintainers on next steps. Thanks ahead. > Metoo. Testers wanted? Regards Harri From perry at cynic.org Tue Jan 25 16:47:42 2022 From: perry at cynic.org (Perry The Cynic) Date: Tue, 25 Jan 2022 16:47:42 -0000 Subject: [macOS] possible bug In-Reply-To: <948FB3D5-2990-48E1-B27F-FDA699AEAF24@netcore.se> References: <948FB3D5-2990-48E1-B27F-FDA699AEAF24@netcore.se> Message-ID: <05FC8CC3-BCE1-420A-ACFD-AA6F7B06D218@cynic.org> FWIW, -25300 is errSecItemNotFound (keychain item not found). The MacOS keychain environment is much more complex than on iOS (in fact, there?s an iOS port inside it). Check whether the affected environments have multiple keychains (which can confuse the ?exists? issue), and look (with Keychain Access.app) for broken items that keep the code from recreating good items with a particular primary key. The "Removing orphaned tunnel with non-verifying keychain entry? message points that way. See if you can reproduce with a fresh user account (which comes with a fresh keychain configuration); if resetting the keychain environment cures the problem, you?re very likely looking at a broken item and/or broken cleanup code. Cheers ? perry > On Jan 17, 2022, at 11:49 AM, Richard Werner wrote: > > Hi everyone. > We found a strange issue regarding macOS client and hope this is a proper way to start (and get some help debugging) a possible bug. > I?ve not been able to capture the actual error message shown to the user, but I have the a log file. > > What seem to happen is something like this: > 1. Have a working configuration. > 2. Some unknown event happens (still investigating). > 3. An error message is shown (something along the lines of "unable to read config?). > 4. Orphaned configs are removed, but there seems to be more going on which we can?t identify. > 5. No WG VPN's will work regardless of removing configs, keychains, etc. > > Even if all tunnels are removed and added again, no traffic leaves the client. It effectively enters a state of not being able to use any wireguards vpns on the client. > > > Some entries from the log that shows going from working to not functioning will follow. > More complete log at https://pastebin.com/m2MqHhPF > > -Working: > 2022-01-17 17:55:59.292781: [NET] peer(ZY6x?1ZBc) - Sending handshake initiation > 2022-01-17 17:55:59.337042: [NET] peer(ZY6x?1ZBc) - Received handshake response > 2022-01-17 17:59:22.007634: [NET] peer(ZY6x?1ZBc) - Receiving keepalive packet > > -Error message is shown: > 2022-01-17 18:35:29.081737: [APP] App version: 1.0.15 (26) > 2022-01-17 18:36:22.662281: [APP] startActivation: Entering (tunnel: VPN X) > 2022-01-17 18:36:23.490825: [APP] Unable to open config from keychain: -25300 > 2022-01-17 18:36:23.491058: [APP] startActivation: Starting tunnel > 2022-01-17 18:36:23.491288: [APP] startActivation: Success > 2022-01-17 18:36:23.497349: [APP] Tunnel 'VPN X' connection status changed to 'connecting' > 2022-01-17 18:36:23.582298: [APP] Unable to open config from keychain: -25300 > 2022-01-17 18:36:28.491285: [APP] Status update notification timeout for tunnel 'VPN X'. Tunnel status is now 'connecting'. > 2022-01-17 18:36:29.517132: [APP] Unable to open config from keychain: -25300 > > -Tunnel config is removed: > 2022-01-17 18:38:47.127836: [APP] App version: 1.0.15 (26) > 2022-01-17 18:38:47.337355: [APP] Removing orphaned tunnel with non-verifying keychain entry: VPN X > > -Tunnel now fails with same config (imported or manually entered) > 2022-01-17 18:39:51.924221: [APP] Status update notification timeout for tunnel 'VPN X'. Tunnel status is now 'connected'. > 2022-01-17 18:39:52.248987: [NET] peer(ZY6x?1ZBc) - Sending handshake initiation > 2022-01-17 18:39:57.410547: [NET] peer(ZY6x?1ZBc) - Handshake did not complete after 5 seconds, retrying (try 2) > 2022-01-17 18:39:57.410877: [NET] peer(ZY6x?1ZBc) - Sending handshake initiation > 2022-01-17 18:39:57.411226: [NET] peer(ZY6x?1ZBc) - Failed to send handshake initiation: write udp4 0.0.0.0:52982->:443: sendto: broken pipe > [?] > 2022-01-17 18:40:00.396146: [APP] Tunnel 'VPN X' connection status changed to 'disconnected' > 2022-01-17 18:41:27.735004: [APP] Tunnel 'VPN X' connection status changed to ?invalid' > > > ?Richard > From intikaa at gmail.com Mon Jan 31 07:05:32 2022 From: intikaa at gmail.com (Ali Intika) Date: Mon, 31 Jan 2022 08:05:32 +0100 Subject: wg-quick and iptables race condition bug Message-ID: Hi, First thanks for this amazing piece of code :) The bug: iptables rules can not be applied in parallel, thus iptables have the "-w" option (--wait, maximum wait to acquire xtables lock before giving up) to circumvent this; the "-w" parameter is not used in wireguard-tools which lead to a racing condition on some systems. When using wg-quick on a system that do handle often the iptables rules, especially if we are using wg-quick for a long manipulation (eg turn up/down multiple interfaces), the command just fail if an other iptables manipulation is going on, on the system. replacing "iptables" with "iptables -w 10" on the Wireguard's script/c app (for android) will solve the issue. eg where the issue occur - server handling iptables rules dynamically - server/client where iptables is often manipulated Personally I am mainly having this issue on android where the script is a binary and not as easily editable as an sh file. Thanks for your consideration :)