Score:0

Wireguard + Split Tunnel + Two Peers -- Handshake failure with second peer because of private key

de flag

I've setup two wireguard peer servers and can connect sucessfully to each one independetly.

But when I try to connect to two peers at same time and split tunnels, It does fails to hand shake with second server. I think thats because two peers private keys are different, and In multi peer client I can only enter one server's private key.

I don't know how can these two peers work together with one private key?

My main goal is to setup two peer servers and split tunnel for specific range ip.

Here I've pasted two servers and peers config and also multi peer client. Would appreciate any help.

Server 1:
[Interface] 
Address = 10.7.0.1/24 
PrivateKey = EKSCFdQiAgXsL4Wm40z63fdXL7q4PCgyB4XhNqkq+1A= 
ListenPort = 51820

[Peer]
PublicKey = G5ZurqtqfiMCgkImUfA+R17r3IaYhAh/jWZpNtB/4iI=
PresharedKey = mekE11iavS70vbJ/mLunFxRDEzYwXuGX2wdCZw8FFyc=
AllowedIPs = 10.7.0.2/32
Server 2:
[Interface]
Address = 10.7.0.1/24
PrivateKey = +IapZjrB8UfiTdsJNUWIFntK00z2v6MTpeYqHVMMTmI=
ListenPort = 51820

[Peer]
PublicKey = l7YElLKnNWLUmohKpR+rQDORLmXm5geAivz9AzbbvkE=
PresharedKey = J+kdful8xJW1uMdVGfrDM+D2v/dyl/Y8SYp+0/rS/mM=
AllowedIPs = 10.7.0.2/32
  • Note that I've tried and managed to get same range ip (10.7.0.2) on both servers. don't know is it necessary or causing problem or not.

Peer 1 config:
[Interface] 
Address = 10.7.0.2/24 
DNS = 8.8.8.8, 8.8.4.4 
PrivateKey = WMrHIjr71kv7Cl3zw9mx72d8uCTmLJPDk6K0j7FWjmg=

[Peer]
PublicKey = gu78igdrkMzlowf8988zYt58ciI0DTmz4QMzZ1QgfCs=
PresharedKey = mekE11iavS70vbJ/mLunFxRDEzYwXuGX2wdCZw8FFyc=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = SERVER_A:51820
PersistentKeepalive = 25
Peer 2 config:
[Interface]
Address = 10.7.0.2/24
DNS = 8.8.8.8, 8.8.4.4
PrivateKey = yNGP/MbTAjyADyTLuv19PwL5rCj6Q8j/hJGVz+Cafko=

[Peer]
PublicKey = HdYcIUebtkxiXWwcvaef8Z+/wrEqV7ArzL4Jbknus3A=
PresharedKey = J+kdful8xJW1uMdVGfrDM+D2v/dyl/Y8SYp+0/rS/mM=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = SERVER_2:51820
PersistentKeepalive = 25

And finally, the multi peer config i'm trying to use but fail: Client config:

[Interface]
Address = 10.7.0.2/32
DNS = 8.8.8.8, 8.8.4.4
PrivateKey = yNGP/MbTAjyADyTLuv19PwL5rCj6Q8j/hJGVz+Cafko=

[Peer]
PublicKey = HdYcIUebtkxiXWwcvaef8Z+/wrEqV7ArzL4Jbknus3A=
PresharedKey = J+kdful8xJW1uMdVGfrDM+D2v/dyl/Y8SYp+0/rS/mM=
AllowedIPs = 8.0.0.0/8
Endpoint = SERVER_2:51820
PersistentKeepalive = 25

[Peer]
PublicKey = gu78igdrkMzlowf8988zYt58ciI0DTmz4QMzZ1QgfCs=
PresharedKey = mekE11iavS70vbJ/mLunFxRDEzYwXuGX2wdCZw8FFyc=
AllowedIPs = 45.0.0.0/8
Endpoint = SERVER_A:51820
PersistentKeepalive = 25

Wireguard logs from second server which fails to handshake as private key issue:

kernel: [70290.070053] wireguard: wg0: Invalid handshake initiation from MY_IP:64230

kernel: [70295.369403] wireguard: wg0: Invalid handshake initiation from MY_IP:64230

kernel: [70300.569581] wireguard: wg0: Invalid handshake initiation from MY_IP:64230

Can anybody help me how can I achieve split tunnel using two peers and fixing this private key issue? Thanks.

user1686 avatar
fr flag
Why is your client using the same private key as one of its peers?
user3411911 avatar
de flag
@user1686 I thought I might use first peer's Interface as base and then append second peer to it. Am I did it wrong? If so, which private key should I put in the client? Thanks.
user3411911 avatar
de flag
@user1686 Also please note those configs that have same private keys are both client configs and not server. I just tried to merge both peer clients so I reach the goal of multi peer splitting.
Score:0
de flag

Thanks to wireguard's IRC channel #wireguard members, finally the problem has been solved.

To fix it, the public key in two server's [Peer] must be same.

In my example, I had to put "l7YElLKnNWLUmohKpR+rQDORLmXm5geAivz9AzbbvkE=" in server 1 [Peer] PublicKey field.

This fixed the problem.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.