[SOLVED] Wireguard Connection Problems

Issues related to configuring your network
Post Reply
laolux
Posts: 2
Joined: 2022/06/21 06:03:53

[SOLVED] Wireguard Connection Problems

Post by laolux » 2022/06/21 06:24:34

I am having trouble connecting to my wireguard endpoint using Centos 9 stream.

I have a working wireguard endpoint and two machines trying to connect to the endpoint.
One machine uses Fedora Workstation 36, the other uses Centos 9 stream.
The Fedora machine connects to the wireguard endpoint just fine, but the Centos 9 stream machine does not.
For tests, both machines use the same wireguard configuration file. Redacted version as follows:

Code: Select all

[Interface]
Address = 192.168.79.4/32
PrivateKey = KEY
DNS = 1.1.1.1

[Peer]
PublicKey = ENDPOINT_PUBKEY
PresharedKey = PSK
Endpoint =  121.3.184.220:1194
AllowedIPs = 0.0.0.0/0, ::/0
I load the profile on both machines with "nmcli con import type wireguard file /root/wg0.conf"

On the centos machine I then enabled debug output for wireguard using "echo module wireguard +p >/sys/kernel/debug/dynamic_debug/control".
Trying to connect then fills my dmesg with the following:

Code: Select all

[13147.424768] wireguard: wg0: Interface created
[13147.430508] wireguard: wg0: Peer 43 created
[13147.431235] wireguard: wg0: Peer 43 ((einval)) destroyed
[13147.431280] wireguard: wg0: Peer 44 created
[13147.524383] wireguard: wg0: Sending handshake initiation to peer 44 (121.3.184.220:1194)
[13152.813618] wireguard: wg0: Handshake for peer 44 (121.3.184.220:1194) did not complete after 5 seconds, retrying (try 2)
[13152.813664] wireguard: wg0: Sending handshake initiation to peer 44 (121.3.184.220:1194)
[13158.445646] wireguard: wg0: Handshake for peer 44 (121.3.184.220:1194) did not complete after 5 seconds, retrying (try 2)
[13158.445725] wireguard: wg0: Sending handshake initiation to peer 44 (121.3.184.220:1194)
[13163.565626] wireguard: wg0: Handshake for peer 44 (121.3.184.220:1194) did not complete after 5 seconds, retrying (try 2)
[13163.565668] wireguard: wg0: Sending handshake initiation to peer 44 (121.3.184.220:1194)
[13169.077679] wireguard: wg0: Peer 44 (121.3.184.220:1194) destroyed
[13169.099764] wireguard: wg0: Interface destroyed
So this looks as if the handshake never completes on the centos machine.
I then turned on wireshark on the centos machine, and there I do get the complete handshake, see attachment (in tar.gz archive so I can upload it. Originally .pcapng file)

Any suggestions what I can do to make centos connect to my wireguard endpoint just like fedora does?
Thanks a lot for your help!

EDIT: How was this solved: Set the time and date correctly on the centos server, see post below.
Attachments
centos-wireguard-issue.pcapng.tar.gz
wireshark capture
(10 KiB) Downloaded 92 times
Last edited by laolux on 2022/06/24 06:55:59, edited 1 time in total.

BShT
Posts: 583
Joined: 2019/10/09 12:31:40

Re: Wireguard Connection Problems

Post by BShT » 2022/06/22 13:10:04

firewall rules?

laolux
Posts: 2
Joined: 2022/06/21 06:03:53

Re: Wireguard Connection Problems

Post by laolux » 2022/06/24 06:55:08

Yes, I completely disabled the firewall with "systemctl stop firewalld.service" and even did the evil "setenforce 0". Nothing helped.

However, I have just found the issue and solved it!
The centos server has a broken battery, so the date was completely wrong (20 days in the past).
I guess it could not update the time automatically due to the weird internet connection here.
So I set the time by hand and magic magic, it all works!
I did not expect that, as wireguard is not dealing with certificates which can expire or anything. But maybe it simply disliked the packages coming from the future?

Anyways, lesson learned, always set the time correctly, even when just trying out a system.

Post Reply