Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WG Sporadic, TCPDUMP question.

    Scheduled Pinned Locked Moved WireGuard
    2 Posts 1 Posters 813 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DIYsenseD
      DIYsense
      last edited by DIYsense

      Preface
      My Wireguard iOS peers will sometimes run for a few minutes (cell or remote wifi) before they stop receiving handshakes, sometimes for half a minute, sometimes for a few seconds, and then nothing. I think my setup is roadwarrior and I basically need WG to check out my camera NVR. But the same drops happen when I occasionally like to check out my pfSense router.

      Clues
      The first iOS WG connections of the day always run great, but only for a few minutes.
      Each successful connection runtime thereafter gets progressively shorter and shorter.
      Then no handshake at all.
      Peer logs will say connected, but handshake responses are not received.

      Also, the first successful iOS connections will show data sent/received.
      Thereafter, only sent data is shown when I initiate WG.

      I would have to wait a few hours before I can get a complete handshake again.
      Then the same cycle repeats itself.

      The WG interface on "pfSence Interface Statistics" shows 0 Errors In and 443 Errors Out.

      Repair attempts
      I've tried various suggested MTU/MSS settings (1428, 1280, 1450) on iOS and router interface but they have no affect.

      Restarting WG on pfSence has no effect.

      A lot of web searches were conducted and I found people with the same complaints but there are no solid solutions, so I would like to get a better understanding of pulling TCPDUMP logs from my WG interface. Then I can try to dig further and find more clues.

      The ask
      I know how to do this via SSH but exactly what tcpdump syntax should I use?
      And maybe this is too general of a question, what anomalies should I look out for?

      Best,
      Chris

      pfSense 2.6.0
      Snort
      pfBlockerNG
      Avahi for IOT

      1 Reply Last reply Reply Quote 0
      • DIYsenseD
        DIYsense
        last edited by

        I've hit a roadblock here. Is there somebody who can offer a bit of advice?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.