Wireguard with remote peer

Stefan Thöni stefan.thoeni at gapfruit.com
Tue May 9 14:48:40 CEST 2023

Dear Genodians

We are looking into using wireguard to access sensor nodes connected by 
a genode-powered gateway through a wireguard server running on Linux. By 
trying this, we discovered that the wireguard connection works only 
once, and upon restart of the runscript yields "Invalid handshake 
initiation" in the servers log.

We based on a post by wireguard developer Jason Donenfeld [1] (key 
phrase: "WireGuard relies on a timestamp counter always moving
forward.") we concluded that this problem is caused by DDE restarting at 
time zero instead of using an RTC connection, thereby triggering 
wireguard's replay protection mechanism on the server peer.

We're not sure how to best fix the problem. Do you have any suggestions?


Best Regards

Stefan Thöni

gapfruit AG
Baarerstrasse 135
6300 Zug
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x99A5F4B3D4E372A6.asc
Type: application/pgp-keys
Size: 1103 bytes
Desc: OpenPGP public key
URL: <http://lists.genode.org/pipermail/users/attachments/20230509/57caa15c/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 313 bytes
Desc: OpenPGP digital signature
URL: <http://lists.genode.org/pipermail/users/attachments/20230509/57caa15c/attachment.sig>

More information about the users mailing list