• Paul B. Henson [2024-03-20 20:38]:
On 3/20/2024 1:44 AM, Kirill Miazine wrote:
actually I checked, and I do use wgpka on clients, but not on the
server -- I don't remember why I didn't...
In our case the server is on an Internet accessible address, whereas the
clients are behind a NAT firewall. We also have keepalives enabled on
the clients (to maintain their NAT mapping) but not on the server (as if
the client isn't sending its keepalives the server isn't going to get
through anyway).
this decribes my setup more or less, but some "clients" have stable,
routable, reachable addresses.
A scenario where it stops but then works again as soon as traffic is
sent does kind of sound like a firewall or NAT timeout issue? We don't
have that problem, if we leave it completely alone it generally works
indefinitely with no issues. It's just when we try to modify the
configuration that things sometimes go sideways.
what makes flow stop is e.g. if server is rebooted, then clients
wouldn't re-connect. it could also be that flushing wgpeers and then
re-adding them also made clients go away.
again, I haven't spent much time debugging and can't guarantee that
described behaviour is what really is going on: I noticed the issue and
that ping would seemingly resolve it, so I just added pings everywhere.
Thanks for the data point…
