Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stops receiving handshake responses #84

Open
Winand opened this issue Aug 17, 2023 · 5 comments
Open

Stops receiving handshake responses #84

Winand opened this issue Aug 17, 2023 · 5 comments

Comments

@Winand
Copy link

Winand commented Aug 17, 2023
edited

System details 
Windows 10 Pro 19045.3031, wireproxy 1.0.6
config.ini:
  WGConfig = "C:\Users\<.....>\wireguard.conf"
  [Socks5]
  BindAddress = 127.0.0.1:25344
  [http]
  BindAddress = 127.0.0.1:25345

Wireproxy stops receiving handshake responses after some time of inactivity, so I have to restart it.

DEBUG: 2023/08/17 11:45:00 Routine: encryption worker 1 - started
DEBUG: 2023/08/17 11:45:00 Routine: encryption worker 2 - started
DEBUG: 2023/08/17 11:45:00 Routine: decryption worker 1 - started
DEBUG: 2023/08/17 11:45:00 Routine: handshake worker 1 - started
DEBUG: 2023/08/17 11:45:00 Routine: decryption worker 4 - started
DEBUG: 2023/08/17 11:45:00 Routine: decryption worker 2 - started
DEBUG: 2023/08/17 11:45:00 Routine: handshake worker 2 - started
DEBUG: 2023/08/17 11:45:00 Routine: encryption worker 3 - started
DEBUG: 2023/08/17 11:45:00 Routine: decryption worker 3 - started
DEBUG: 2023/08/17 11:45:00 Routine: handshake worker 3 - started
DEBUG: 2023/08/17 11:45:00 Routine: encryption worker 4 - started
DEBUG: 2023/08/17 11:45:00 Routine: handshake worker 5 - started
DEBUG: 2023/08/17 11:45:00 Routine: handshake worker 4 - started
DEBUG: 2023/08/17 11:45:00 Routine: encryption worker 5 - started
DEBUG: 2023/08/17 11:45:00 UAPI: Updating private key
DEBUG: 2023/08/17 11:45:00 Routine: event worker - started
DEBUG: 2023/08/17 11:45:00 Interface up requested
DEBUG: 2023/08/17 11:45:00 Routine: encryption worker 6 - started
DEBUG: 2023/08/17 11:45:00 Routine: decryption worker 5 - started
DEBUG: 2023/08/17 11:45:00 Routine: decryption worker 6 - started
DEBUG: 2023/08/17 11:45:00 Routine: handshake worker 6 - started
DEBUG: 2023/08/17 11:45:00 Routine: TUN reader - started
DEBUG: 2023/08/17 11:45:00 peer(scoh…CnU0) - UAPI: Created
DEBUG: 2023/08/17 11:45:00 peer(scoh…CnU0) - UAPI: Updating endpoint
DEBUG: 2023/08/17 11:45:00 peer(scoh…CnU0) - UAPI: Updating persistent keepalive interval
DEBUG: 2023/08/17 11:45:00 peer(scoh…CnU0) - UAPI: Updating preshared key
DEBUG: 2023/08/17 11:45:00 peer(scoh…CnU0) - UAPI: Adding allowedip
DEBUG: 2023/08/17 11:45:00 peer(scoh…CnU0) - Starting
DEBUG: 2023/08/17 11:45:00 peer(scoh…CnU0) - Routine: sequential receiver - started
DEBUG: 2023/08/17 11:45:00 peer(scoh…CnU0) - Routine: sequential sender - started
DEBUG: 2023/08/17 11:45:00 peer(scoh…CnU0) - Sending keepalive packet
DEBUG: 2023/08/17 11:45:00 peer(scoh…CnU0) - Sending handshake initiation
DEBUG: 2023/08/17 11:45:00 UDP bind has been updated
DEBUG: 2023/08/17 11:45:00 Routine: receive incoming v4 - started
DEBUG: 2023/08/17 11:45:00 Routine: receive incoming v6 - started
DEBUG: 2023/08/17 11:45:00 Interface state was Down, requested Up, now Up
DEBUG: 2023/08/17 11:45:00 peer(scoh…CnU0) - Received handshake response
DEBUG: 2023/08/17 11:45:25 peer(scoh…CnU0) - Sending keepalive packet
DEBUG: 2023/08/17 11:45:50 peer(scoh…CnU0) - Sending keepalive packet
DEBUG: 2023/08/17 11:46:15 peer(scoh…CnU0) - Sending keepalive packet
DEBUG: 2023/08/17 11:46:41 peer(scoh…CnU0) - Sending keepalive packet
DEBUG: 2023/08/17 11:47:06 peer(scoh…CnU0) - Sending keepalive packet
DEBUG: 2023/08/17 11:47:06 peer(scoh…CnU0) - Sending handshake initiation
DEBUG: 2023/08/17 11:47:11 peer(scoh…CnU0) - Handshake did not complete after 5 seconds, retrying (try 2)
DEBUG: 2023/08/17 11:47:11 peer(scoh…CnU0) - Sending handshake initiation
DEBUG: 2023/08/17 11:47:16 peer(scoh…CnU0) - Handshake did not complete after 5 seconds, retrying (try 3)
DEBUG: 2023/08/17 11:47:16 peer(scoh…CnU0) - Sending handshake initiation
DEBUG: 2023/08/17 11:47:21 peer(scoh…CnU0) - Handshake did not complete after 5 seconds, retrying (try 4)
DEBUG: 2023/08/17 11:47:21 peer(scoh…CnU0) - Sending handshake initiation
DEBUG: 2023/08/17 11:47:26 peer(scoh…CnU0) - Handshake did not complete after 5 seconds, retrying (try 5)
DEBUG: 2023/08/17 11:47:26 peer(scoh…CnU0) - Sending handshake initiation
DEBUG: 2023/08/17 11:47:32 peer(scoh…CnU0) - Handshake did not complete after 5 seconds, retrying (try 6)
DEBUG: 2023/08/17 11:47:32 peer(scoh…CnU0) - Sending handshake initiation
DEBUG: 2023/08/17 11:47:37 peer(scoh…CnU0) - Handshake did not complete after 5 seconds, retrying (try 7)
DEBUG: 2023/08/17 11:47:37 peer(scoh…CnU0) - Sending handshake initiation
DEBUG: 2023/08/17 11:47:42 peer(scoh…CnU0) - Handshake did not complete after 5 seconds, retrying (try 8)
DEBUG: 2023/08/17 11:47:42 peer(scoh…CnU0) - Sending handshake initiation
DEBUG: 2023/08/17 11:47:47 peer(scoh…CnU0) - Handshake did not complete after 5 seconds, retrying (try 9)
DEBUG: 2023/08/17 11:47:47 peer(scoh…CnU0) - Sending handshake initiation
DEBUG: 2023/08/17 11:47:53 peer(scoh…CnU0) - Handshake did not complete after 5 seconds, retrying (try 10)
DEBUG: 2023/08/17 11:47:53 peer(scoh…CnU0) - Sending handshake initiation
DEBUG: 2023/08/17 11:47:58 peer(scoh…CnU0) - Handshake did not complete after 5 seconds, retrying (try 11)
DEBUG: 2023/08/17 11:47:58 peer(scoh…CnU0) - Sending handshake initiation
DEBUG: 2023/08/17 11:48:03 peer(scoh…CnU0) - Handshake did not complete after 5 seconds, retrying (try 12)
DEBUG: 2023/08/17 11:48:03 peer(scoh…CnU0) - Sending handshake initiation
DEBUG: 2023/08/17 11:48:09 peer(scoh…CnU0) - Handshake did not complete after 5 seconds, retrying (try 13)
DEBUG: 2023/08/17 11:48:09 peer(scoh…CnU0) - Sending handshake initiation
DEBUG: 2023/08/17 11:48:14 peer(scoh…CnU0) - Handshake did not complete after 5 seconds, retrying (try 14)
DEBUG: 2023/08/17 11:48:14 peer(scoh…CnU0) - Sending handshake initiation
DEBUG: 2023/08/17 11:48:19 peer(scoh…CnU0) - Handshake did not complete after 5 seconds, retrying (try 15)
DEBUG: 2023/08/17 11:48:19 peer(scoh…CnU0) - Sending handshake initiation
DEBUG: 2023/08/17 11:48:24 peer(scoh…CnU0) - Handshake did not complete after 5 seconds, retrying (try 16)
DEBUG: 2023/08/17 11:48:24 peer(scoh…CnU0) - Sending handshake initiation
DEBUG: 2023/08/17 11:48:29 peer(scoh…CnU0) - Handshake did not complete after 5 seconds, retrying (try 17)
DEBUG: 2023/08/17 11:48:29 peer(scoh…CnU0) - Sending handshake initiation
DEBUG: 2023/08/17 11:48:34 peer(scoh…CnU0) - Handshake did not complete after 5 seconds, retrying (try 18)
DEBUG: 2023/08/17 11:48:34 peer(scoh…CnU0) - Sending handshake initiation
DEBUG: 2023/08/17 11:48:40 peer(scoh…CnU0) - Handshake did not complete after 5 seconds, retrying (try 19)
DEBUG: 2023/08/17 11:48:40 peer(scoh…CnU0) - Sending handshake initiation
DEBUG: 2023/08/17 11:48:45 peer(scoh…CnU0) - Handshake did not complete after 5 seconds, retrying (try 20)
DEBUG: 2023/08/17 11:48:45 peer(scoh…CnU0) - Sending handshake initiation
DEBUG: 2023/08/17 11:48:50 peer(scoh…CnU0) - Handshake did not complete after 20 attempts, giving up

If I make requests periodically everything is ok:

while (1) {Write-Host -NoNewLine "Request..."; curl -proxy http://127.0.0.1:25345 https://www.google.com > $null; echo "$(Get-Date)"; sleep 30}

But if the interval between requests is ≥90s it stops working.
@kubrickfr
Copy link
Contributor

Try adding PersistentKeepalive = 25 to the Peer section of your wireguard configuration on the server?

@Winand
Copy link
Author

Winand commented Aug 18, 2023
edited

Try adding PersistentKeepalive = 25 to the Peer section of your wireguard configuration on the server?

But from the log we can see that it keeps sending keepalive packets every 25s until handshake fails at 2023/08/17 11:47:11.
I use Firezone 0.7.26 0.7.33 server and it sets [peer] PersistentKeepalive = 25 in client configurations by default. Config looks like this:

[Interface]
PrivateKey = *******************
Address = ***.***.***.***/32
MTU = 1280
DNS = 1.1.1.1,1.0.0.1

[Peer]
PresharedKey = *******************
PublicKey = *******************
AllowedIPs = 0.0.0.0/0
Endpoint = *******************:51820
PersistentKeepalive = 25

@kubrickfr
Copy link
Contributor

Yes, but that's from the client. It should not matter, I know, but NAT can be unpredictable, especially CGNAT.

@Winand
Copy link
Author

Winand commented Aug 18, 2023
edited

Ok, I see now that it's a network issue. I've copied wireproxy app with my config to a different machine located in a different place and it works as expected.

wireguard configuration on the server

I don't know where to edit server config in Firezone (Docker deployment)🤔 Cannot find that in docs.

@kubrickfr
Copy link
Contributor

That would be covered by the configuration file reference. Specifically default['firezone']['wireguard']['persistent_keepalive']

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Winand @kubrickfr