MikroTik

Community discussions
https://forum.mikrotik.com/

How to change WG handshake timeout

https://forum.mikrotik.com/viewtopic.php?t=204971

Page 1 of 1

How to change WG handshake timeout

Posted: Mon Feb 26, 2024 10:12 am
by Josephny
Is there any way to change the timeout from 5 seconds to give the system a little more time before logging the error:

"handshake for peer did not complete after 5 seconds, retrying"

Thanks.

Re: How to change WG handshake timeout

Posted: Mon Feb 26, 2024 8:16 pm
by Josephny
I certainly don't see any setting that can do this.

Hard coded?

Re: How to change WG handshake timeout

Posted: Mon Feb 26, 2024 8:56 pm
by Larsa
AFAIK, you cannot alter the setting of Rekey-Timeout as it is most likely hardcoded to 5 seconds. Check the constants used for the timer state system in paragraph 6.1 of the paper "https://www.wireguard.com/papers/wireguard.pdf.

Code: Select all
6.1 The following constants are used for the timer state system:
Symbol                 Value
Rekey-After-Messages   2^60 messages
Reject-After-Messages  2^64 - 2^13 − 1 messages
Rekey-After-Time       120 seconds
Reject-After-Time      180 seconds
Rekey-Attempt-Time     90 seconds
Rekey-Timeout          5 seconds
Keepalive-Timeout      10 seconds

Re: How to change WG handshake timeout

Posted: Mon Feb 26, 2024 9:00 pm
by Josephny
Wow! What a deep reference.

Thank you.

Re: How to change WG handshake timeout

Posted: Thu Oct 24, 2024 7:11 pm
by splusua
I wanted Mikrotik to add the REKEY-TIMEOUT or REKEY-ATTEMPT-TIME parameter for a change.
Looks like this might help us fix the 5 second check !

Re: How to change WG handshake timeout

Posted: Thu Oct 24, 2024 9:09 pm
by Larsa
Those settings are protocol-defined standard values that are hardcoded at compile time. Check out: WireGuard on GitHub. Also, read my previous post: viewtopic.php?p=1105092#p1058871.

Why do you want to change these values, which would break the protocol definition?

Re: How to change WG handshake timeout

Posted: Thu Oct 24, 2024 9:54 pm
by splusua
Maybe you can then tell me how to stop this so that there is not so much log and also more network requests?
And all this only after disconnecting the client device from the Mikrotik router server

log.jpg

Re: How to change WG handshake timeout

Posted: Thu Oct 24, 2024 10:04 pm
by Larsa
It could be due to several things, like having a WireGuard peer acting as the initiator (ie you have defined the endpoint-address and port) but the receiver isn't responding, or for some reason an established connection has stopped working. An earlier version of Ros logged way too much by mistake but I can't recall what version it was.

Re: How to change WG handshake timeout

Posted: Thu Oct 24, 2024 10:39 pm
by anav
No config, no truth......
/export file=anynameyouwish (minus router serial number, router-mac address, any public WANIP information, keys etc. )
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/