Wireguard with remote peer
Stefan Thöni
stefan.thoeni at gapfruit.com
Tue May 9 14:48:40 CEST 2023
Dear Genodians
We are looking into using wireguard to access sensor nodes connected by
a genode-powered gateway through a wireguard server running on Linux. By
trying this, we discovered that the wireguard connection works only
once, and upon restart of the runscript yields "Invalid handshake
initiation" in the servers log.
We based on a post by wireguard developer Jason Donenfeld [1] (key
phrase: "WireGuard relies on a timestamp counter always moving
forward.") we concluded that this problem is caused by DDE restarting at
time zero instead of using an RTC connection, thereby triggering
wireguard's replay protection mechanism on the server peer.
We're not sure how to best fix the problem. Do you have any suggestions?
[1]
https://inbox.vuxu.org/wireguard/7aa9fe5e-2ae2-cf8b-ae6d-d98de2031b44@posteo.de/t/
Best Regards
Stefan Thöni
gapfruit AG
Baarerstrasse 135
6300 Zug
https://gapfruit.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x99A5F4B3D4E372A6.asc
Type: application/pgp-keys
Size: 1103 bytes
Desc: OpenPGP public key
URL: <http://lists.genode.org/pipermail/users/attachments/20230509/57caa15c/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 313 bytes
Desc: OpenPGP digital signature
URL: <http://lists.genode.org/pipermail/users/attachments/20230509/57caa15c/attachment.sig>
More information about the users
mailing list