Is there any way to change the timeout from 5 seconds to give the system a little more time before logging the error:
“handshake for peer did not complete after 5 seconds, retrying”
Thanks.
I certainly don’t see any setting that can do this.
Hard coded?
AFAIK, you cannot alter the setting of Rekey-Timeout as it is most likely hardcoded to 5 seconds. Check the constants used for the timer state system in paragraph 6.1 of the paper "https://www.wireguard.com/papers/wireguard.pdf.
6.1 The following constants are used for the timer state system:
Symbol Value
Rekey-After-Messages 2^60 messages
Reject-After-Messages 2^64 - 2^13 − 1 messages
Rekey-After-Time 120 seconds
Reject-After-Time 180 seconds
Rekey-Attempt-Time 90 seconds
Rekey-Timeout 5 seconds
Keepalive-Timeout 10 seconds
Wow! What a deep reference.
Thank you.
I wanted Mikrotik to add the REKEY-TIMEOUT or REKEY-ATTEMPT-TIME parameter for a change.
Looks like this might help us fix the 5 second check !
Those settings are protocol-defined standard values that are hardcoded at compile time. Check out: WireGuard on GitHub. Also, read my previous post: http://forum.mikrotik.com/t/how-to-change-wg-handshake-timeout/173920/5
Why do you want to change these values, which would break the protocol definition?
Maybe you can then tell me how to stop this so that there is not so much log and also more network requests?
And all this only after disconnecting the client device from the Mikrotik router server
It could be due to several things, like having a WireGuard peer acting as the initiator (ie you have defined the endpoint-address and port) but the receiver isn’t responding, or for some reason an established connection has stopped working. An earlier version of Ros logged way too much by mistake but I can’t recall what version it was.
No config, no truth…
/export file=anynameyouwish (minus router serial number, router-mac address, any public WANIP information, keys etc. )