Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't finish handshake with server #29

Open
distancerunner opened this issue Mar 18, 2023 · 1 comment
Open

Can't finish handshake with server #29

distancerunner opened this issue Mar 18, 2023 · 1 comment

Comments

@distancerunner
Copy link

I have a WG server and there are connected several clients, without any trouble.
I have a ESP32 Dev Module. I use Version 0.1.5 from this Wireguard lib implementation.

I added my credentials in your uptime_post example.

char private_key[] = "THISISVERYPRIVATE="; // private key of the client (ESP)
char public_key[]  = "THISISVERYPUBLIC="; // public key of the server (remote linux VPN server)
IPAddress local_ip(10,6,0,19);           // VPN IP for this VPN client
char endpoint_address[] = "dynvpnextra.someurl.com"; // VPN/Wireguard server hostname
int endpoint_port = 1194;

I'm not able to finish the handshake succesful.

My ESP shows these messages (I added some Log code to the Lib wireguardif.c file)

[ 10678][I][wireguardif.c:638] wireguard_start_handshake(): [WireGuard] start handshake1 912e44bc,1194 - 0
[ 10687][I][wireguardif.c:639] wireguard_start_handshake(): [WireGuard] start handshake2 3ffcce44,1073425848 - 0
[ 10724][V][wireguardif.c:561] wireguardif_network_rx(): [[WireGuard] ] network_rx: 912e44bc:1194
[ 10724][I][wireguardif.c:582] wireguardif_network_rx(): [WireGuard] HANDSHAKE_RESPONSE: 912e44bc:1194
[ 10731][V][wireguardif.c:519] wireguardif_check_response_message(): [[WireGuard] ] wireguardif_check_response_message: 3ffcd7aa:1073534890
[ 10805][I][wireguardif.c:229] wireguardif_process_response_message(): [WireGuard] bad handshake from 912e44bc:1194
[ 15282][E][WiFiClient.cpp:242] connect(): connect on fd 48, errno: 118, "Host is unreachable"```

My vpn server recieves the datapackes, but is not able to make a correct handshake. peer 3 ((invalid address)) did is this, what I#m curious about. Here is the log for the not working ESP connection.

Mar 18 13:08:44 v22018025794161410 kernel: [1283036.084784] wireguard: wg0: Handshake for peer 3 ((invalid address)) did not complete after 5 seconds, retrying (try 11)
Mar 18 13:08:44 v22018025794161410 kernel: [1283036.084835] wireguard: wg0: Sending handshake initiation to peer 3 ((invalid address))
Mar 18 13:08:49 v22018025794161410 kernel: [1283041.204830] wireguard: wg0: Handshake for peer 3 ((invalid address)) did not complete after 5 seconds, retrying (try 12)
Mar 18 13:08:49 v22018025794161410 kernel: [1283041.205395] wireguard: wg0: Sending handshake initiation to peer 3 ((invalid address))
Mar 18 13:08:54 v22018025794161410 kernel: [1283046.325004] wireguard: wg0: Handshake for peer 3 ((invalid address)) did not complete after 5 seconds, retrying (try 13)
Mar 18 13:08:54 v22018025794161410 kernel: [1283046.325058] wireguard: wg0: Sending handshake initiation to peer 3 ((invalid address))
Mar 18 13:09:00 v22018025794161410 kernel: [1283051.700864] wireguard: wg0: Handshake for peer 3 ((invalid address)) did not complete after 5 seconds, retrying (try 14)
Mar 18 13:09:00 v22018025794161410 kernel: [1283051.701143] wireguard: wg0: Sending handshake initiation to peer 3 ((invalid address))
Mar 18 13:09:05 v22018025794161410 kernel: [1283056.820881] wireguard: wg0: Handshake for peer 3 ((invalid address)) did not complete after 5 seconds, retrying (try 15)
Mar 18 13:09:05 v22018025794161410 kernel: [1283056.821117] wireguard: wg0: Sending handshake initiation to peer 3 ((invalid address))
Mar 18 13:09:10 v22018025794161410 kernel: [1283062.197049] wireguard: wg0: Handshake for peer 3 ((invalid address)) did not complete after 5 seconds, retrying (try 16)
Mar 18 13:09:10 v22018025794161410 kernel: [1283062.197144] wireguard: wg0: Sending handshake initiation to peer 3 ((invalid address))

Here is an example with my mobile phone. The handshake is successful and a valid address is handled from the vpn server: (89.248.164.225:26167)

Mar 18 13:14:07 v22018025794161410 kernel: [1283358.607419] wireguard: wg0: Receiving handshake initiation from peer 1 (89.248.164.225:26167)
Mar 18 13:14:07 v22018025794161410 kernel: [1283358.607424] wireguard: wg0: Sending handshake response to peer 1 (89.248.164.225:26167)
Mar 18 13:14:07 v22018025794161410 kernel: [1283358.607815] wireguard: wg0: Keypair 9510 created for peer 1
Mar 18 13:14:07 v22018025794161410 kernel: [1283358.636344] wireguard: wg0: Packet has unallowed src IP (fe80::1cb9:b525:64b8:1e94) from peer 1 (89.248.164.225:26167)
Mar 18 13:14:07 v22018025794161410 kernel: [1283358.765923] wireguard: wg0: Packet has unallowed src IP (fe80::1cb9:b525:64b8:1e94) from peer 1 (89.247.164.225:26167)
@distancerunner distancerunner mentioned this issue Mar 18, 2023
Closed
@cescobaz
Copy link

cescobaz commented Jan 9, 2024

Hello! I had the same issue and I figured out that this lib doesn't support preshared key so you have to disable/remove preshared key from your peer/server config.

WireGuard-ESP32-Arduino/src/WireGuard.cpp

Line 93 in 3048281

peer.preshared_key = NULL;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cescobaz @distancerunner