БЛОГ НА HUSL


Wireguard постоянные переподключения в тоннеле

Автор вопроса: Stas_khodorich

Настраивал себе wireguard сервер и столкнулся с проблемой подтормаживания соединения, начал проверять и увидел что через 20-30 пакетов связь теряется, похоже что теряется на момент нового рукопожатия

[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  2.44 MBytes  20.4 Mbits/sec   64    180 KBytes
[  5]   1.00-2.00   sec  1.11 MBytes  9.32 Mbits/sec    0    197 KBytes
...
[  5]   6.00-7.00   sec  2.35 MBytes  19.7 Mbits/sec    0    196 KBytes
[  5]   7.00-8.00   sec   904 KBytes  7.40 Mbits/sec    0    201 KBytes
[  5]   8.00-9.00   sec  0.00 Bytes  0.00 bits/sec    2   1.32 KBytes
[  5]   9.00-10.00  sec  0.00 Bytes  0.00 bits/sec    0   1.32 KBytes
...
[  5]  30.00-31.00  sec  0.00 Bytes  0.00 bits/sec    0   1.32 KBytes
[  5]  31.00-32.00  sec  0.00 Bytes  0.00 bits/sec    0   1.32 KBytes
[  5]  32.00-33.00  sec   256 KBytes  2.10 Mbits/sec   87    146 KBytes
...
[  5]  56.00-57.00  sec  2.24 MBytes  18.8 Mbits/sec    6    171 KBytes
[  5]  57.00-58.00  sec  1.51 MBytes  12.6 Mbits/sec    0    183 KBytes
[  5]  58.00-59.00  sec  2.63 MBytes  22.0 Mbits/sec    0    188 KBytes
[  5]  59.00-60.00  sec   255 KBytes  2.09 Mbits/sec    1   1.32 KBytes
[  5]  60.00-61.00  sec  0.00 Bytes  0.00 bits/sec    1   1.32 KBytes
...
[  5]  68.00-69.00  sec  0.00 Bytes  0.00 bits/sec    0   1.32 KBytes
[  5]  69.00-70.00  sec  0.00 Bytes  0.00 bits/sec    0   1.32 KBytes

Конфиг сервера:

cat /etc/wireguard/wg0.conf
[Interface]
Address = 1.1.1.1/32,fd11:11:11::1/64
ListenPort = 61247
MTU = 1400
PrivateKey = ***
PostUp = iptables -I INPUT -p udp --dport 61247 -j ACCEPT
PostUp = iptables -I FORWARD -i eth0 -o wg0 -j ACCEPT
PostUp = iptables -I FORWARD -i wg0 -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostUp = ip6tables -I FORWARD -i wg0 -j ACCEPT
PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D INPUT -p udp --dport 61247 -j ACCEPT
PostDown = iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PostDown = ip6tables -D FORWARD -i wg0 -j ACCEPT
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

### Client inet
[Peer]
PublicKey = ***
PresharedKey = ***
AllowedIPs = 1.1.1.1/32,fd11:11:11::1/128

Источник

Ответы (0 шт):

licensed under cc by-sa 3.0 with attribution.