Community discussions

MikroTik App
 
ionutm80
just joined
Topic Author
Posts: 6
Joined: Tue Jan 18, 2022 2:15 pm

Wireguard error "Handshake did not complete after 5 seconds"

Thu Oct 13, 2022 11:03 am

Hi Guys,

I really need your help and guidance with an issue that I have when trying to connect through Wireguard to my home router with an Android 12 phone (road warrior config).

Hardware used:

Mikrotik Router: RB5009, RouterOS 7.5
Mobile terminals used: iPhone 14 Pro Max iOS with 16.03, iPad 9 with iOS 15.6, Motorola G51 with Android 12.

So long story short I have set up Wireguard on RB5009 including Firewall rules and 2 peers for the iPhone and iPad, did the config also on iPhone and iPad and everything works ok, I can connect immediately and access RB5009. When I tried to do the same thing with the Android phone ... surprize it's not working the reason as per the logs being that the handshake did not complete after 5 seconds. What I did to pinpoint where the problem is:
1. Exported the wg config from iPhone and imported the zip on the Android phone, then changed the allowed IP (iPhone was let's say 192.168.100.2, for Android I put 192.168.100.3), public key of RB5009 is obviously kept and I created another peer on the RB5009 with the public key of the Android phone generated with the wg app on the Android phone. Hit connect and the handshake is not done!
2. Created a pair of private/public keys on iPhone and used them for the configuration of the Android phone, the rest kept the same as the above, changed accordingly the public key of the Android phone peer in RB5009. Hit connect and handshake is not done!
3. At this moment I was already getting crazy, checked again the connections from iPhone and iPad everything worked. Therefore I decided to test something crazy, imported again the config from iPhone and this time I did not change anything, meaning the public/private keys and peer IP were those used on the iPhone. Hit connect and the handshake was done immediately! Everything works as if I was on the iPhone!

I'm totally lost at this moment. Do you have any idea what the hell am I missing here?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Wireguard error "Handshake did not complete after 5 seconds"

Thu Oct 13, 2022 2:10 pm

Sounds like a bug with android. Destroy all android products.
 
ionutm80
just joined
Topic Author
Posts: 6
Joined: Tue Jan 18, 2022 2:15 pm

Re: Wireguard error "Handshake did not complete after 5 seconds"

Thu Oct 13, 2022 4:05 pm

Can't do that :), I was quite surprized to find out that for instance several apps which can help to identify LTE towers for proper orientation of external antennas for LTE routers only work on Android.

I have the impression though that this is a bug in RouterOS, the wg set-up for iPhone and iPad I did it when I was on 7.1. Now I'm already on 7.5, if a brave soul can also test it with an Android 12 phone on 7.5 by set it up from scracth maybe we can confirm whether it is a bug or not! Also I heard that Google implemented wg at kernel level in Android 12 not in userspace app, but if it would be a problem with Android then the imported config from iPhone should not work also, it only happens when I try to set up from scratch a new config. Maybe existing configs prior to an update from 7.1 are not affected by a new introduced bug ... Also could it be a limitation on the number of peers per each tunnel? I will also try tonight to initiate a connection from a Windows PC using the same tunnel and see if that goes through ... if same behavior occurs than definetly is a newly introduced bug on RouterOS!
 
holvoetn
Forum Guru
Forum Guru
Posts: 5317
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Wireguard error "Handshake did not complete after 5 seconds"

Thu Oct 13, 2022 4:27 pm

I wouldn't be so sure you found a bug ...

I'm using WG on Android 12 (Samsung S20) without any problems whatsoever, 7.5 via Hex.
Google did not create WG anywhere, AFAIK. The WG app comes from Wireguard itself (also iOS).
Same on PC. Works perfect there.

Show the config both on router and failing device (hide keys, public IP, serial, ...) and post between [code] quotes.
 
ionutm80
just joined
Topic Author
Posts: 6
Joined: Tue Jan 18, 2022 2:15 pm

Re: Wireguard error "Handshake did not complete after 5 seconds"

Thu Oct 13, 2022 5:46 pm

Ok, will do that tonight at home. Thanks in advance for having a look on the data!
 
ionutm80
just joined
Topic Author
Posts: 6
Joined: Tue Jan 18, 2022 2:15 pm

Re: Wireguard error "Handshake did not complete after 5 seconds"  [SOLVED]

Thu Oct 13, 2022 9:31 pm

I have found the bug after exporting the config of RB5009 and checking the settings for all 3 peers.Each time I tried to create the last peer, the one for the Android phone, I always click apply before ok. This activates the field endpoint adddress for the peer and of course each time I left this blank hence the handshake error. See below:
add allowed-address=192...2/32 interface=wireguard1 public-key=""
add allowed-address=192...3/32 interface=wireguard1 public-key=""
add allowed-address=192...5/32 endpoint-address="" interface=wireguard1 public-key=""

Now everything works!
 
holvoetn
Forum Guru
Forum Guru
Posts: 5317
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Wireguard error "Handshake did not complete after 5 seconds"

Thu Oct 13, 2022 9:36 pm

Good for you that you found the problem yourself !

You're less likely to forget it now :lol:
 
ormandj
just joined
Posts: 18
Joined: Tue Jun 15, 2021 12:25 am

Re: Wireguard error "Handshake did not complete after 5 seconds"

Tue Oct 18, 2022 4:10 pm

I have found the bug after exporting the config of RB5009 and checking the settings for all 3 peers.Each time I tried to create the last peer, the one for the Android phone, I always click apply before ok. This activates the field endpoint adddress for the peer and of course each time I left this blank hence the handshake error. See below:
add allowed-address=192...2/32 interface=wireguard1 public-key=""
add allowed-address=192...3/32 interface=wireguard1 public-key=""
add allowed-address=192...5/32 endpoint-address="" interface=wireguard1 public-key=""

Now everything works!
Did you report this as a bug? I would not expect apply to be materially different than “Ok” in function and this could definitely confuse future users who don’t have other devices or working configurations to compare against. Good work finding a solution!
 
molnarg
just joined
Posts: 1
Joined: Tue Nov 08, 2022 9:49 am

Re: Wireguard error "Handshake did not complete after 5 seconds"

Tue Nov 08, 2022 9:51 am

I’ve run into the same UI bug :/ Definitely worth reporting, it took a couple hours to debug.
 
lrossouw
just joined
Posts: 7
Joined: Fri Feb 08, 2013 4:44 pm
Location: Cape Town, South Africa

Re: Wireguard error "Handshake did not complete after 5 seconds"

Fri Dec 30, 2022 9:49 pm

What a stupid bug. Had the reverse, Android devices working fine but not an iOS device. Was the same bug. How do I report it?

Who is online

Users browsing this forum: No registered users and 20 guests