Hello, I have an issue which may be similar to that described by Olivier in the other chain of email on Wireguard. I was not sure whether to just chip in and add information or open up a new email chain to not pollute the other discussion. Apologies if that's the wrong choice.
Since the upgrade to 7.6, I'm seeing more handshake issues with a VPS wg server (hosted on a OpenBSD host). I think that I had had that issue before, a handful of times, but this can now happen several times a day, though it seems to ease up after a reboot of the VPS (not confirmed). A short summary: - Two different clients have shown the issue: Fedora 40 on a laptop (kernel 6.11), Android 14 on a phone (kernel 5.15), both fully up to date - This has happened on different networks for the phone (on different wifi networks, 4g, etc.) - Toggling the VPN on/off solves it. Switching network (for instance from wifi to 4g) solves it - I suppose that in each case Wireguard re initialise fully its handshake parameters - If I let it be, it's sometimes reconnected after 15+" without changing network - When I've had 2 devices on the same wifi network only ever one at a time has been hanging with VPN working on the others - Added wgpka on the Android client (which should take care of any NATing expiring, etc.), changed battery settings, etc. but still run into the issue. - Renewed all configs and still having the issue (though I've always been using pre shared keys) - Both show the same sorts of messages in the logs, eg: Sending handshake initiation Handshake did not compete after 5 seconds, retrying On the VPS, the few times I could be present to ssh in time, using debug on the interface shows: wg0: Receiving handshake initiation from peer 1 wg0: Sending handshake response to peer 1 wg0: Receiving handshake initiation from peer 1 Repeating over again. tcpdump on the egress shows that the packets are making their way to the endpoint IP and port and one time I was connected when it resumed working, I could not see any changes in route when using traceroute from the VPS (well until it disappears in the internal network of my ISP that is...). I'm just an enthusiastic and far from savvy, but that seems to either be that the clients never receive the handshake response (network issues) or that the handshake values are out of sync or something: the official site says a user can DOS their own keys with time issues, see Unreliable Monotonic Counter here: https://www.wireguard.com/known-limitations/ Best, Thomas
