Community discussions

MikroTik App
 
Stril
Member Candidate
Member Candidate
Topic Author
Posts: 200
Joined: Fri Nov 12, 2010 7:18 pm

Wireguard - Failed Attempts - Logging

Mon Nov 14, 2022 5:15 pm

Hi!

Currently, Wireguard-Logging seems to be quite limited.
I can only see config-changes but no:

- Failed attempts
- Successful attempts

The only thing I found is getting debug data in /interface/wireguard/peers and filter on "last-handshake", but I do not find any possibility to see e.g. brute-force attacks.

How do you work with WireGuard?
Is there any "extended" debugging?

Thank you and best wishes
Stril
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Wireguard - Failed Attempts - Logging

Mon Nov 14, 2022 5:28 pm

add chain=input action=log dst-port=wireguard_listen-port log=yes log-prefix=Attemped_Connections
add chain=input action=accept dst-port=wireguard_listen-port

One can (monitor traffic on peer) at least I do to see if the keep alive from the client is working
 
R1CH
Forum Guru
Forum Guru
Posts: 1098
Joined: Sun Oct 01, 2006 11:44 pm

Re: Wireguard - Failed Attempts - Logging

Mon Nov 14, 2022 11:54 pm

Wireguard uses public key cryptography - there is nothing to brute force. Either a packet has a valid handshake or it is silently discarded without any state being allocated, making it DoS-resistant. No one can even tell that Wireguard is running unless they are an allowed peer. See https://www.wireguard.com/protocol/#:~: ... entication for more info.

Who is online

Users browsing this forum: erlinden, Husky and 78 guests