search

ciniml / WireGuard-ESP32-Arduino

WireGuard implementation for ESP32 Arduino
Other
782 stars 60 forks source link

Can't finish handshake with server #29

Open distancerunner opened 1 year ago

distancerunner commented 1 year ago

I have a WG server and there are connected several clients, without any trouble. I have a ESP32 Dev Module. I use Version 0.1.5 from this Wireguard lib implementation.

I added my credentials in your uptime_post example.

char private_key[] = "THISISVERYPRIVATE="; // private key of the client (ESP)
char public_key[]  = "THISISVERYPUBLIC="; // public key of the server (remote linux VPN server)
IPAddress local_ip(10,6,0,19);           // VPN IP for this VPN client
char endpoint_address[] = "dynvpnextra.someurl.com"; // VPN/Wireguard server hostname
int endpoint_port = 1194;

I'm not able to finish the handshake succesful.

My ESP shows these messages (I added some Log code to the Lib wireguardif.c file) 

[ 10678][I][wireguardif.c:638] wireguard_start_handshake(): [WireGuard] start handshake1 912e44bc,1194 - 0
[ 10687][I][wireguardif.c:639] wireguard_start_handshake(): [WireGuard] start handshake2 3ffcce44,1073425848 - 0
[ 10724][V][wireguardif.c:561] wireguardif_network_rx(): [[WireGuard] ] network_rx: 912e44bc:1194
[ 10724][I][wireguardif.c:582] wireguardif_network_rx(): [WireGuard] HANDSHAKE_RESPONSE: 912e44bc:1194
[ 10731][V][wireguardif.c:519] wireguardif_check_response_message(): [[WireGuard] ] wireguardif_check_response_message: 3ffcd7aa:1073534890
[ 10805][I][wireguardif.c:229] wireguardif_process_response_message(): [WireGuard] bad handshake from 912e44bc:1194
[ 15282][E][WiFiClient.cpp:242] connect(): connect on fd 48, errno: 118, "Host is unreachable"```

My vpn server recieves the datapackes, but is not able to make a correct handshake. peer 3 ((invalid address)) did is this, what I#m curious about. Here is the log for the not working ESP connection.

Mar 18 13:08:44 v22018025794161410 kernel: [1283036.084784] wireguard: wg0: Handshake for peer 3 ((invalid address)) did not complete after 5 seconds, retrying (try 11)
Mar 18 13:08:44 v22018025794161410 kernel: [1283036.084835] wireguard: wg0: Sending handshake initiation to peer 3 ((invalid address))
Mar 18 13:08:49 v22018025794161410 kernel: [1283041.204830] wireguard: wg0: Handshake for peer 3 ((invalid address)) did not complete after 5 seconds, retrying (try 12)
Mar 18 13:08:49 v22018025794161410 kernel: [1283041.205395] wireguard: wg0: Sending handshake initiation to peer 3 ((invalid address))
Mar 18 13:08:54 v22018025794161410 kernel: [1283046.325004] wireguard: wg0: Handshake for peer 3 ((invalid address)) did not complete after 5 seconds, retrying (try 13)
Mar 18 13:08:54 v22018025794161410 kernel: [1283046.325058] wireguard: wg0: Sending handshake initiation to peer 3 ((invalid address))
Mar 18 13:09:00 v22018025794161410 kernel: [1283051.700864] wireguard: wg0: Handshake for peer 3 ((invalid address)) did not complete after 5 seconds, retrying (try 14)
Mar 18 13:09:00 v22018025794161410 kernel: [1283051.701143] wireguard: wg0: Sending handshake initiation to peer 3 ((invalid address))
Mar 18 13:09:05 v22018025794161410 kernel: [1283056.820881] wireguard: wg0: Handshake for peer 3 ((invalid address)) did not complete after 5 seconds, retrying (try 15)
Mar 18 13:09:05 v22018025794161410 kernel: [1283056.821117] wireguard: wg0: Sending handshake initiation to peer 3 ((invalid address))
Mar 18 13:09:10 v22018025794161410 kernel: [1283062.197049] wireguard: wg0: Handshake for peer 3 ((invalid address)) did not complete after 5 seconds, retrying (try 16)
Mar 18 13:09:10 v22018025794161410 kernel: [1283062.197144] wireguard: wg0: Sending handshake initiation to peer 3 ((invalid address))

Here is an example with my mobile phone. The handshake is successful and a valid address is handled from the vpn server: (89.248.164.225:26167)

Mar 18 13:14:07 v22018025794161410 kernel: [1283358.607419] wireguard: wg0: Receiving handshake initiation from peer 1 (89.248.164.225:26167)
Mar 18 13:14:07 v22018025794161410 kernel: [1283358.607424] wireguard: wg0: Sending handshake response to peer 1 (89.248.164.225:26167)
Mar 18 13:14:07 v22018025794161410 kernel: [1283358.607815] wireguard: wg0: Keypair 9510 created for peer 1
Mar 18 13:14:07 v22018025794161410 kernel: [1283358.636344] wireguard: wg0: Packet has unallowed src IP (fe80::1cb9:b525:64b8:1e94) from peer 1 (89.248.164.225:26167)
Mar 18 13:14:07 v22018025794161410 kernel: [1283358.765923] wireguard: wg0: Packet has unallowed src IP (fe80::1cb9:b525:64b8:1e94) from peer 1 (89.247.164.225:26167)
cescobaz commented 6 months ago

Hello! I had the same issue and I figured out that this lib doesn't support preshared key so you have to disable/remove preshared key from your peer/server config.

https://github.com/ciniml/WireGuard-ESP32-Arduino/blob/3048281829d14a3050faa19cfbe47146e33c0765/src/WireGuard.cpp#L93