Wireguard fails after a few minutes

panks21 · April 21, 2023, 3:51pm

Hi
I am trying to setup a p2p wireguard connection with ubuntu 22.04 hosted in Oracle Cloud. The tunnel successfully comes up initially and I am able to ping the Ubuntu ethernet interface but after a few mins the handshakes stop no matter how much traffic I generate. Following is my wireguard config and firewall config.

vyos@vyos-pghome# show interfaces wireguard
 wireguard wg0 {
     description "VPN to OCI"
     peer oci {
         address 140.238.xxx.xxx
         allowed-ips 10.23.44.2/32
         allowed-ips 10.0.44.0/24
         port 45225
         public-key <public-key>
     }
     port 45225
     private-key <private-key>
 }

********************
vyos@vyos-pghome# show firewall name north-local
 default-action drop
 description "WAN to This Device IPv4"
 enable-default-log
 rule 100 {
     action accept
     state {
         established enable
         related enable
     }
 }
 rule 101 {
     action accept
     destination {
         address 122.160.xxx.xxx
         port 45225
     }
     protocol udp
     source {
         address 140.238.xxx.xxx/32
     }
 }
 rule 200 {
     action drop
     state {
         invalid enable
     }
 }
[edit]

Ubuntu at Oracle Cloud

ubuntu@instance3:~$ sudo wg
interface: wg0
  public key: <public-key>
  private key: (hidden)
  listening port: 45225

peer: <public-key>
  endpoint: 122.160.xxx.xxx:45225
  allowed ips: 10.23.44.1/32, 192.168.50.128/25, 192.168.50.0/25
  latest handshake: 26 minutes, 41 seconds ago
  transfer: 23.82 KiB received, 47.07 KiB sent
ubuntu@instance3:~$

I tried with tcpdump as well but no packets being exchanged on port 45225

kyle · April 21, 2023, 4:00pm

Try setting persistent-keepalive to 10-15 seconds or so on the wireguard tunnels.

panks21 · April 21, 2023, 4:25pm

Thanks for the tip…
Not only that. there was MTU issue as well. For some reason the Ubuntu was trying to set MTU as 8920.
Forced it to 1420 and now the connection is stable

ubuntu@instance3:~$ sudo wg
interface: wg0
  public key: <public-key>
  private key: (hidden)
  listening port: 45225

peer: <public-key>
  endpoint: 122.160.xxx.xxx:45225
  allowed ips: 10.23.44.1/32, 192.168.50.128/25, 192.168.50.0/25
  latest handshake: 18 seconds ago
  transfer: 75.14 KiB received, 69.78 KiB sent
ubuntu@instance3:~$

system · April 23, 2023, 4:26pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.