Hi,
I have a Oracle cloud instance (server) running Wireguard and several laptops+mobiles+home server (clients) connecting to Wireguard on OCI. All clients are connected to my Asus AC68U home router. All except one client works as expected. After the last router reboot (scheduled 5:00 every friday), one client started having connection issue. The client with issues is the home server, hosting several containers which connect to the Wireguard server, see illustration.
So when I attempt to access my web-service at www.test.example.com it often responds with error 502. I have uptime-kuma running, and the reported uptime is only 8%. Before the reboot it was 99%. I have ssh'ed in to the Oracle cloud to verify Wireguard handshake, it looks good.
I have also enabled Wireguard log, and there is nothing unusual there.
Next, I did a tcpdump and accessed www.test.example.com
To me it looks good, except there is no response from 10.7.0.7:9090.
Running docker execute, and performing tcpdump in the container, I see packet but they are not related to the packet from the tcpdump above.
So how do I figure out where the packets are dropped? What is the best options to trace the packets when using Wireguard?
Why would a router reboot affect the connection of a single client?
Best Regards,
Jorgensen
I have a Oracle cloud instance (server) running Wireguard and several laptops+mobiles+home server (clients) connecting to Wireguard on OCI. All clients are connected to my Asus AC68U home router. All except one client works as expected. After the last router reboot (scheduled 5:00 every friday), one client started having connection issue. The client with issues is the home server, hosting several containers which connect to the Wireguard server, see illustration.
So when I attempt to access my web-service at www.test.example.com it often responds with error 502. I have uptime-kuma running, and the reported uptime is only 8%. Before the reboot it was 99%. I have ssh'ed in to the Oracle cloud to verify Wireguard handshake, it looks good.
Code:
peer: MY-PEER-ID
preshared key: (hidden)
endpoint: My-endpoint-IP
allowed ips: 10.7.0.7/32
latest handshake: 1 minute, 36 seconds ago
transfer: 2.33 MiB received, 2.72 MiB sentNext, I did a tcpdump and accessed www.test.example.com
Code:
> sudo tcpdump -i wg0 dst host 10.7.0.7 or src host 10.7.0.7
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wg0, link-type RAW (Raw IP), snapshot length 262144 bytes
22:20:55.036402 IP 10.7.0.1.33752 > 10.7.0.7.9090: Flags [S], seq 504102722, win 62160, options [mss 8880,sackOK,TS val 3177444481 ecr 0,nop,wscale 7], length 0
22:20:56.041546 IP 10.7.0.1.33752 > 10.7.0.7.9090: Flags [S], seq 504102722, win 62160, options [mss 8880,sackOK,TS val 3177445487 ecr 0,nop,wscale 7], length 0Running docker execute, and performing tcpdump in the container, I see packet but they are not related to the packet from the tcpdump above.
Code:
22:20:37.320057 IP localhost.35433 > localhost.40168: Flags [F.], seq 286, ack 312, win 86, options [nop,nop,TS val 970716135 ecr 970716135], length 0
22:20:37.320066 IP localhost.40168 > localhost.35433: Flags [.], ack 287, win 86, options [nop,nop,TS val 970716135 ecr 970716135], length 0
22:21:07.403032 IP localhost.51190 > localhost.9090: Flags [S], seq 1616961372, win 43690, options [mss 65495,sackOK,TS val 970746218 ecr 0,nop,wscale 9], length 0
22:21:07.403042 IP localhost.9090 > localhost.51190: Flags [S.], seq 1692885852, ack 1616961373, win 43690, options [mss 65495,sackOK,TS val 970746218 ecr 970746218,nop,wscale 9], length 0So how do I figure out where the packets are dropped? What is the best options to trace the packets when using Wireguard?
Why would a router reboot affect the connection of a single client?
Best Regards,
Jorgensen
