Wireguard "handshake" problem

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

unclebuk

Regular Contributor
Hello,

Attached is a log file showing some "handshake did not complete..." problem preventing the wireguard connection.

Does anyone know what this means and what steps I should follow to resolve it?

Thanks in advance.
 

Attachments

unclebuk

Regular Contributor
Hello,

Update from the vpn provider via support ticket: (their exact words)

"If there is no handshake for 15 minutes then yes you need to create a new config to add to the router, so if you disconnect then try to connect 30 mins later your config won't work, for now, that’s how it is for optimal security,"

For some reason (security concerns cited) the wireguard conf files will expire 15 minutes after disconnected or a reconnection attempt and a new conf file with a new private key needs to be downloaded from their website and reconfigured in the wireguard client.

My wireguard connection disconnected overnight and would not reconnect, the only fix available is the above method,- redownload and re-install the conf file. However this problem does not affect the vpn providers desktop app when using wireguard, it only affects manual wireguard setups using their conf files. I much prefer to use the macOS Wireguard app rather than the vpn providers desktop app due to performance issues with it.

Makes me a tad suspicious.
 
Last edited:

heysoundude

Very Senior Member
If you're running wireguard client on your router to connect to a server and your router drops its end of the connection, that server is choosing to force your router to reestablish its identity. nothing to be suspicious about from the VPN provider (thats a good one, actually, whoever it is eventhough the window is 15 minutes wide for reconnect(key expiry)...that's AGES in computer time) - what you have to look at is why your router disconnected/took so long to reconnect.
this is proper security protocol, actually: once a client "ends" a secure tunnelling session, security credentials need to be reverified & reestablished (the key exchange) between endpoints to be considered secure.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top