Menu
▾
▴
Re: [Astlinux-users] Wireguard VPN disconnection
|
From: Michael K. <mic...@ip...> - 2021-05-19 22:03:46
|
Thanks David Yes I have seen this and I am setting the keepalive when doing an upgrade. This one is directly connected though. Regards Michael Knill From: David Kerr <da...@ke...> Reply to: AstLinux List <ast...@li...> Date: Wednesday, 19 May 2021 at 7:42 am To: AstLinux List <ast...@li...> Subject: Re: [Astlinux-users] Wireguard VPN disconnection I've had some recent problems with wireguard disconnecting (or not reconnecting) from a remote system behind NAT. I discovered that setting PersistentKeepalive to something other than zero (I set to 25) helped. I did it at both ends, but might only have been required for the system behind the NAT. David On Tue, May 18, 2021 at 5:32 PM Lonnie Abelbeck <li...@lo...<mailto:li...@lo...>> wrote: reboot You should not do a "service network restart" Lonnie > On May 18, 2021, at 4:27 PM, Michael Knill <mic...@ip...<mailto:mic...@ip...>> wrote: > > Hmm same problem again with two of my sites. > Only one of the two Wireguard VPN's are down. I have tried the following: > arno-iptables-firewall restart > service network restart > pppoe-restart > ip link set dev wg0 down & ip link set dev wg0 up > > All to no avail. Any other ideas before I reboot? > PS there is no failover configured for this site so I don't think MTU is the issue. > > Regards > Michael Knill > > On 20/3/21, 2:09 pm, "Michael Knill" <mic...@ip...<mailto:mic...@ip...>> wrote: > > Thanks. Guess I will need to test it out. > > Regards > Michael Knill > > On 20/3/21, 2:03 pm, "Lonnie Abelbeck" <li...@lo...<mailto:li...@lo...>> wrote: > > While playing with the WG MTU, it seemed to work with only setting one end and the tunnel used the smallest, but I played it safe and set everything to 1340. > > It would be good to know what the precise answer is. > > Lonnie > > >> On Mar 19, 2021, at 9:57 PM, Michael Knill <mic...@ip...<mailto:mic...@ip...>> wrote: >> >> Thanks Lonnie. >> >> PS I was just thinking (dangerous I know). I would need to set it on both ends so do you think there would there be any issues with different MTU's at each end? >> Ultimately it would be the same eventually but there would be a migration period. >> >> Regards >> Michael Knill >> >> On 20/3/21, 1:41 pm, "Lonnie Abelbeck" <li...@lo...<mailto:li...@lo...>> wrote: >> >> I haven't seen any issues with a WG MTU of 1340, yet anyway. >> >> Lonnie >> >> >>> On Mar 19, 2021, at 9:29 PM, Michael Knill <mic...@ip...<mailto:mic...@ip...>> wrote: >>> >>> Thanks Lonnie >>> >>> Hmm that may have something to do with it. Might also be when it fails over to 4G. >>> As most of my VPN's carry voice only, I think a standard MTU of 1340 for all my systems should be fine. What do you think? >>> >>> Regards >>> Michael Knill >>> >>> On 20/3/21, 10:40 am, "Lonnie Abelbeck" <li...@lo...<mailto:li...@lo...>> wrote: >>> >>> Hi Michael, >>> >>> I have not experienced anything like that, WireGuard connectivity is rock solid for me. >>> >>> I don't recall later WireGuard versions having any fixes for what you are describing. >>> >>> Just guessing, the standard MTU for WG is 1420 (1500-80), if you have a PPPoE connection with a MTU of 1492 you might try setting the WG MTU to 1412 (1500-8-80) or lower to test. >>> >>> I'm testing a 4G-LTE/5G fixed wireless internet service from T-Mobile, they use Carrier Grade NAT (CGNAT) for IPv4 which lowers the MTU to 1420 (just like WG) so WG needs a MTU setting of 1340 to work over the CGNAT or else it hangs. >>> >>> Lonnie >>> >>> >>> >>> >>>> On Mar 19, 2021, at 3:42 PM, Michael Knill <mic...@ip...<mailto:mic...@ip...>> wrote: >>>> >>>> Hi Group >>>> >>>> Not sure if anyone else is experiencing this. I'm on 1.3.10 and all my systems connect via Wireguard VPN to both my softswitches. >>>> Its generally all pretty stable but occasionally one of the VPN’s will be disconnected and I have tried everything I can think of to bring it back up but only a reboot has managed to do so at this stage. >>>> Any ideas? >>>> >>>> Regards >>>> Michael Knill >>>> _______________________________________________ >>>> Astlinux-users mailing list >>>> Ast...@li...<mailto:Ast...@li...> >>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>> >>>> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr...<mailto:pa...@kr...>. >>> >>> >>> >>> _______________________________________________ >>> Astlinux-users mailing list >>> Ast...@li...<mailto:Ast...@li...> >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>> >>> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr...<mailto:pa...@kr...>. >>> >>> >>> _______________________________________________ >>> Astlinux-users mailing list >>> Ast...@li...<mailto:Ast...@li...> >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>> >>> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr...<mailto:pa...@kr...>. >> >> >> >> _______________________________________________ >> Astlinux-users mailing list >> Ast...@li...<mailto:Ast...@li...> >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr...<mailto:pa...@kr...>. >> >> >> _______________________________________________ >> Astlinux-users mailing list >> Ast...@li...<mailto:Ast...@li...> >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr...<mailto:pa...@kr...>. > > > > _______________________________________________ > Astlinux-users mailing list > Ast...@li...<mailto:Ast...@li...> > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr...<mailto:pa...@kr...>. > > > _______________________________________________ > Astlinux-users mailing list > Ast...@li...<mailto:Ast...@li...> > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr...<mailto:pa...@kr...>. > > > _______________________________________________ > Astlinux-users mailing list > Ast...@li...<mailto:Ast...@li...> > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr...<mailto:pa...@kr...>. _______________________________________________ Astlinux-users mailing list Ast...@li...<mailto:Ast...@li...> https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pa...@kr...<mailto:pa...@kr...>. |
