Community discussions

MikroTik App
  4. RouterOS
  5. General

How to change WG handshake timeout

Post Reply
 
Josephny
Forum Veteran
Forum Veteran
Topic Author
Posts: 831
Joined: Tue Sep 20, 2022 12:11 am
Location: New York, USA

How to change WG handshake timeout

Mon Feb 26, 2024 10:12 am

Is there any way to change the timeout from 5 seconds to give the system a little more time before logging the error:

"handshake for peer did not complete after 5 seconds, retrying"

Thanks.
Top
 
Josephny
Forum Veteran
Forum Veteran
Topic Author
Posts: 831
Joined: Tue Sep 20, 2022 12:11 am
Location: New York, USA

Re: How to change WG handshake timeout

Mon Feb 26, 2024 8:16 pm

I certainly don't see any setting that can do this.

Hard coded?
Top
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1698
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: How to change WG handshake timeout

Mon Feb 26, 2024 8:56 pm

AFAIK, you cannot alter the setting of Rekey-Timeout as it is most likely hardcoded to 5 seconds. Check the constants used for the timer state system in paragraph 6.1 of the paper "https://www.wireguard.com/papers/wireguard.pdf.

Code: Select all
6.1 The following constants are used for the timer state system:
Symbol                 Value
Rekey-After-Messages   2^60 messages
Reject-After-Messages  2^64 - 2^13 − 1 messages
Rekey-After-Time       120 seconds
Reject-After-Time      180 seconds
Rekey-Attempt-Time     90 seconds
Rekey-Timeout          5 seconds
Keepalive-Timeout      10 seconds
Last edited by Larsa on Tue Feb 27, 2024 1:53 am, edited 2 times in total.
Top
 
Josephny
Forum Veteran
Forum Veteran
Topic Author
Posts: 831
Joined: Tue Sep 20, 2022 12:11 am
Location: New York, USA

Re: How to change WG handshake timeout

Mon Feb 26, 2024 9:00 pm

Wow! What a deep reference.

Thank you.
Top
 
User avatar
splusua
just joined
Posts: 5
Joined: Tue Oct 15, 2024 12:41 pm

Re: How to change WG handshake timeout

Thu Oct 24, 2024 7:11 pm

I wanted Mikrotik to add the REKEY-TIMEOUT or REKEY-ATTEMPT-TIME parameter for a change.
Looks like this might help us fix the 5 second check !
Top
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1698
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: How to change WG handshake timeout

Thu Oct 24, 2024 9:09 pm

Those settings are protocol-defined standard values that are hardcoded at compile time. Check out: WireGuard on GitHub. Also, read my previous post: viewtopic.php?p=1105092#p1058871.

Why do you want to change these values, which would break the protocol definition?
Top
 
User avatar
splusua
just joined
Posts: 5
Joined: Tue Oct 15, 2024 12:41 pm

Re: How to change WG handshake timeout

Thu Oct 24, 2024 9:54 pm

Maybe you can then tell me how to stop this so that there is not so much log and also more network requests?
And all this only after disconnecting the client device from the Mikrotik router server

log.jpg
You do not have the required permissions to view the files attached to this post.
Top
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1698
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: How to change WG handshake timeout

Thu Oct 24, 2024 10:04 pm

It could be due to several things, like having a WireGuard peer acting as the initiator (ie you have defined the endpoint-address and port) but the receiver isn't responding, or for some reason an established connection has stopped working. An earlier version of Ros logged way too much by mistake but I can't recall what version it was.
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 22348
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: How to change WG handshake timeout

Thu Oct 24, 2024 10:39 pm

No config, no truth......
/export file=anynameyouwish (minus router serial number, router-mac address, any public WANIP information, keys etc. )
Top
Post Reply
  4. RouterOS
  5. General