Wireguard periodically hangs

Started by CJ, March 06, 2023, 01:43:39 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
June 21, 2023, 08:29:08 AM #15

Oh sorry,

i haven't any DHCP on WAN interface anymore (DHCPv6/IPV6 disabled now), and yes i have keepalive on both side of tunnel (linux fedora <-> opnsense).

best regards

June 21, 2023, 04:48:31 PM #16
Quote from: tfohrer on June 21, 2023, 08:29:08 AM

Oh sorry,

i haven't any DHCP on WAN interface anymore (DHCPv6/IPV6 disabled now), and yes i have keepalive on both side of tunnel (linux fedora <-> opnsense).

best regards

What do you have your keepalive set to?  Is this your only client?

In regards to your WAN, are you trying to say that you have a static IPv4 address and IPv6 disabled?  Or that you have a DHCP IPv4 address and IPv6 disabled.
June 22, 2023, 09:31:20 AM #17

Hi,

Semi Static IPV4 (via DHCPv4) on Router WAN
Static IPV4 on OPNSense
DHCPv6 on Router WAN / Delegation OPNSense (disabled!)

Keepalive 5 on Serverside, 1s on Client

best regards
June 22, 2023, 03:07:25 PM #18
Quote from: tfohrer on June 22, 2023, 09:31:20 AM

Hi,

Semi Static IPV4 (via DHCPv4) on Router WAN
Static IPV4 on OPNSense
DHCPv6 on Router WAN / Delegation OPNSense (disabled!)

Keepalive 5 on Serverside, 1s on Client

best regards

Are those the initial keepalive values or have you tried others?  I'm using 25s on both ends for mine without any problems.

I'm still a bit unclear about your IPv6 situation.  Do you have it completely disabled or are you getting an address on the WAN side and using only IPv4 for your LAN?

Is this your only client?  Have you tried any other devices and/or OS?

How do you have your firewall rule set?
June 22, 2023, 04:06:48 PM #19

IPV6 on WAN side, but now delegation is disabled.

Other clients yes, i configured another fresh client today and same problem.

I'm working over wireguard/ssh, every "hang" got on my nerves, every 60-90s ...terminal got stuck
June 24, 2023, 04:44:08 PM #20
Quote from: tfohrer on June 22, 2023, 04:06:48 PM
IPV6 on WAN side, but now delegation is disabled.

What happens if you completely disable IPv6?

Quote from: tfohrer on June 22, 2023, 04:06:48 PM
Other clients yes, i configured another fresh client today and same problem.

Is this client the same OS, etc as the original?  Can you try one that's not?  Is it using the same config or did you create a new pairing?

Quote from: tfohrer on June 22, 2023, 04:06:48 PM
I'm working over wireguard/ssh, every "hang" got on my nerves, every 60-90s ...terminal got stuck

Have you tried changing your keepalive to 25?
June 28, 2023, 12:30:58 AM #21
Multiple linux with different kernel / wireguards version, all have same problem.

At moment i use keepalive of 1s to "recover/reopen" quickly the connection , but it's simply annoying.

Only real different is that each "client vpn" hangs on different times.
June 28, 2023, 05:55:48 PM #22
I've a few opnsense boxes connected via wireguard tunnels to a 3rd party router.
Thru those tunnels, I monitor the opnsense boxes via icmp/snmp and experience no hiccups/slowdows on the connection.

keepalive is set at 5 second interval.

HTH
Print
Go Up Pages 1 2
User actions