WireGuard invalid MAC
coot at coot.me
coot at coot.me
Sun Sep 25 11:20:08 UTC 2022
Hello,
I configured wireguard so I can access my home server from a laptop.
When the laptop is using its eth0 interface to transport wireguard protocol messages it works fine, but when I switch it off and use wlan0 (which is using a different ISP), on the server side the kernel logs:
Keypair 20 destroyed for peer 2
Keypair 21 created for peer 2
Invalid MAC of handshake, dropping packet from ...
I am using a ddns to setup the endpoint on the laptop. It's not a connection issue, as packets are reaching the server, but somehow the message authentication code (MAC) is not right after switching the interfaces. Any clues how could I investigate this further?
Client config:
```
[Interface]
Address = 10.0.0.3/24
ListenPort = 5000
PrivateKey = <client_private_key>
[Peer]
PublicKey = <server_pubic_key>
AllowedIPs = 10.0.0.1/32
Endpoint = <dynamic domain name>:5000
```
Server config:
```
[Interface]
Address = 10.0.0.1/24
ListenPort = 5000
PrivateKey = <server_private_key>
[Peer]
PublicKey = <client_public_key>
AllowedIPs = 10.0.0.3/32
```
When the laptop is using wlan0, the server receives a packet `Handshake Initiation`, which is not replied. When the laptop is using eth0 it just sends messages of type `Transport Data` (both observed with a tcpdump).
Regards,
Marcin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 509 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20220925/eac4474c/attachment.sig>
More information about the WireGuard
mailing list