Wireguard - Clients need to make many attempts to connect before receiving data back

Christian

4/26/24, 8:33 PM

I have a vanilla wireguard configuration - a cloud VPS running Centos stream is the server, and the clients in question are MacOS and an iOS iphone.

Often when attempting to connect after a long period of not using the VPN, there's no issue and the connection is established immediately.

If I disconnect and then try to reconnect, this is typically when things go wrong. I will either get:

Data Sent: 148b, with occassional increments in tiny byte of data sent (connection attempts) with NO Data Received.
An immediate, unending flood of data, either in Data Sent or Data Received (about 10MB / sec, which continues in perpetuity until I terminate the connection)

In either scenario, the connection is not successful, and I cannot connect to anything on the network. I either walk away and try later, or try to disconnect+reconnect 10-20 times until eventually I see a "normal" value in Data Received, and then I know the connection is actually established.

I've ruled out the router, and anything hops in between, because this happens on my private wifi, various public wifi, and on cellular. And this is extra perplexing since this also happens on multiple devices (MacOS + iOS).

As an example, one of the client configs looks like this:

[Interface]
PrivateKey = <masked>
Address = 10.7.0.4/24
DNS = <masked>

[Peer]
PublicKey = <masked>
PresharedKey = <masked>
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = <masked>:51820
PersistentKeepalive = 25

The only change I've observed that seems to help is limiting the AllowedIPs to a specific network range, instead of everything. That doesn't help though, as this tunnel is meant to transport all traffic.

628

0 + 4

wireguard

Jaromanda X

4/27/24, 1:58 AM

I've had this happen. The *server* was the issue after a kernel upgrade - even downgrading didn't fix it. I ended up re-installing the VPS from scratch

Ruald Ordelman

5/3/24, 7:12 AM

I've been having the exact same problem for a while now. Have you tried running Wireguard on a different port? But that doesn't solve this problem/behavior. Super annoying because sometimes you have a good connection after 1 or 2 attempts, but just now it took 12 times to reconnect. Funnily enough, I also use iOS and MacOS clients. Perhaps that could be a problem?

Christian

5/4/24, 1:17 PM

Oddly enough, I've had this issue with the same config file, across multiple servers. I had to migrate the config off of CentOS (end of life) to a newer CentOS Stream VPS...and this is a consistent issue on both the old and new server. The new server also has unattended upgrades enabled.

Robin Kluth

7/3/24, 7:28 PM

I have exact dame issue from my iPhone to OpenWRT. After long idle it works asap. But fast toggling does not bring up the tunnel as well. And sometimes Data Sent increases to Gigabytes within seconds…

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Wireguard - Clients need to make many attempts to connect before receiving data back

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.