Quantcast
Channel: MikroTik
Viewing all articles
Browse latest Browse all 23620

General • Wireguard Client - Handshake for peer did not complete

$
0
0
Hi,

I have an Opsense with a Wireguard server on it and a Mikrotik with a Wireguard client. Unfortunately I always get a timeout with the Wirguard Client.

However, if I take the QR code and connect my cell phone to it on the same network, I am online. So the configuration actually has to be correct. What could be wrong here?

I changed the keys, they are not the real ones.

WIREGUARD: wireguard-client: XXXXXXXX=: Handshake for peer did not complete after 5 seconds, retrying (try 16)
Code:
# 2023-12-12 21:04:41 by RouterOS 7.12.1# software id = MVD7-Y3UP## model = RB962UiGS-5HacT2HnT/interface bridgeadd fast-forward=no name=BRIDGE/interface ethernetset [ find default-name=ether1 ] name=WAN1/interface wireguardadd listen-port=13233 mtu=1420 name=wireguard-client/interface listadd name=WAN/interface lte apnset [ find default=yes ] ip-type=ipv4 use-network-apn=no/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTikadd authentication-types=wpa2-psk mode=dynamic-keys name=WlanCompany \    supplicant-identity=""/interface wirelessset [ find default-name=wlan1 ] disabled=no mode=ap-bridge security-profile=\    WlanCompany ssid=WLAN_Companyset [ find default-name=wlan2 ] disabled=no mode=ap-bridge security-profile=\    WlanCompany ssid=WLAN_Company/ip hotspot profileset [ find default=yes ] html-directory=hotspot/ip pooladd name=COMPANY ranges=10.248.1.50-10.248.1.150/ip dhcp-serveradd address-pool=COMPANY interface=BRIDGE lease-time=10m name=COMPANY/system logging actionadd disk-file-count=1 disk-file-name=auth.log disk-lines-per-file=5000 name=\    auth target=disk/user groupadd name=dude/interface bridge portadd bridge=BRIDGE ingress-filtering=no interface=ether2add bridge=BRIDGE ingress-filtering=no interface=ether3add bridge=BRIDGE ingress-filtering=no interface=ether4add bridge=BRIDGE ingress-filtering=no interface=ether5add bridge=BRIDGE interface=wlan1add bridge=BRIDGE interface=wlan2/ip settingsset max-neighbor-entries=8192/ipv6 settingsset disable-ipv6=yes max-neighbor-entries=8192/interface list memberadd interface=WAN1 list=WAN/interface ovpn-server serverset auth=sha1,md5/interface wireguard peersadd allowed-address=10.10.150.0/24 client-address=10.10.140.63/32 \    client-endpoint=191.6.209.212 interface=wireguard-client \    persistent-keepalive=25s private-key=\    "kOoHLfgEJ1gRqQlxVONRF3eQ1eFRflXOkHpLkFuNx0M=" public-key=\    "1cp2GkWEw2bZtsizc0p1/m29AWTrVTMGW6oLQIPTxSg="/ip addressadd address=10.248.1.254/24 interface=BRIDGE network=10.248.1.0add address=10.10.140.63/24 interface=wireguard-client network=10.10.140.0/ip cloudset ddns-enabled=yes ddns-update-interval=10m/ip dhcp-clientadd interface=WAN1/ip dhcp-server networkadd address=10.248.1.0/24 dns-server=10.248.1.254 gateway=10.248.1.254/ip dnsset allow-remote-requests=yes servers=8.8.8.8/ip firewall address-listadd address=10.248.1.0/24 list=localadd address=192.168.181.0/24 list=localadd address=192.168.152.0/24 list=localadd address=8.8.8.8 list=DNSadd comment="Black List (SSH)" list="Black List (SSH)"add comment="Black List (Winbox)" list="Black List (Winbox)"add comment="Black List (Port Scanner WAN)" list=\    "Black List (Port Scanner WAN)"add comment="Black List (Port Scanner LAN)" list=\    "Black List (Port Scanner LAN)"add address=192.168.254.0/24 list=localadd address=10.16.0.0/16 list=localadd address=10.1.0.0/24 list=localadd address=192.168.155.0/24 list=localadd address=192.168.249.0/24 list=localadd address=10.10.140.0/24 list=localadd address=10.10.150.0/24 list=localadd address=10.10.141.0/24 list=local/ip firewall filteradd action=drop chain=input comment="Drop invalid connections" \    connection-state=invalidadd action=drop chain=input comment="Drop Netbios" connection-state="" \    dst-port=137,138 protocol=udpadd action=jump chain=forward connection-state=new jump-target=detect-ddosadd action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10sadd action=return chain=detect-ddos src-address-list=DNSadd action=add-dst-to-address-list address-list=ddosed address-list-timeout=\    10m chain=detect-ddosadd action=add-src-to-address-list address-list=ddoser address-list-timeout=\    10m chain=detect-ddosadd action=drop chain=forward comment="Drop DDOS" connection-state=new \    dst-address-list=ddosed src-address-list=ddoseradd action=drop chain=input comment=\    "Drop anyone in the Port Scanner (WAN) list." in-interface-list=WAN log=\    yes log-prefix="BL_Black List (Port Scanner WAN)" src-address-list=\    "Black List (Port Scanner WAN)"add action=drop chain=forward comment=\    "Drop anyone in the Port Scanner (WAN) list." in-interface-list=WAN log=\    yes log-prefix="BL_Black List (Port Scanner WAN)" src-address-list=\    "Black List (Port Scanner WAN)"add action=add-src-to-address-list address-list=\    "Black List (Port Scanner WAN)" address-list-timeout=4w2d chain=input \    comment="Add TCP port scanner to Port Scanner (WAN) list." \    in-interface-list=WAN log=yes log-prefix=\    "Add_Black List (Port Scanner WAN)" protocol=tcp psd=21,3s,3,1add action=drop chain=input comment=\    "Drop anyone in the Port Scanner (LAN) list." in-interface-list=WAN log=\    yes log-prefix="BL_Black List (Port Scanner LAN)" src-address-list=\    "Black List (Port Scanner LAN)"add action=drop chain=forward comment=\    "Drop anyone in the Port Scanner (LAN) list." in-interface-list=WAN log=\    yes log-prefix="BL_Black List (Port Scanner LAN)" src-address-list=\    "Black List (Port Scanner LAN)"add action=add-src-to-address-list address-list=\    "Black List (Port Scanner LAN)" address-list-timeout=4w2d chain=forward \    comment="Add TCP port scanner to Port Scanner (LAN) list." \    in-interface-list=WAN log=yes log-prefix=\    "Add_Black List (Port Scanner LAN)" protocol=tcp psd=21,3s,3,1add action=drop chain=input comment="Drop anyone in Black List (Winbox)." \    in-interface-list=WAN log=yes log-prefix="BL_Black List (Winbox)" \    src-address-list="Black List (Winbox)"add action=jump chain=input comment="Jump to Black List (Winbox) chain." \    dst-port=8291 in-interface-list=WAN jump-target=\    "Black List (Winbox) Chain" protocol=tcpadd action=add-src-to-address-list address-list="Black List (Winbox)" \    address-list-timeout=4w2d chain="Black List (Winbox) Chain" comment="Trans\    fer repeated attempts from Black List (Winbox) Stage 6 to Black List (Winb\    ox)." connection-state=new in-interface-list=WAN log=yes log-prefix=\    "Add_Black List (Winbox)" src-address-list="Black List (Winbox) Stage 6"add action=add-src-to-address-list address-list="Black List (Winbox) Stage 6" \    address-list-timeout=1m chain="Black List (Winbox) Chain" comment=\    "Add succesive attempts to Black List (Winbox) Stage 6." \    connection-state=new in-interface-list=WAN log=yes log-prefix=\    "Add_Black List (Winbox) S6" src-address-list=\    "Black List (Winbox) Stage 5"add action=add-src-to-address-list address-list="Black List (Winbox) Stage 5" \    address-list-timeout=1m chain="Black List (Winbox) Chain" comment=\    "Add succesive attempts to Black List (Winbox) Stage 5." \    connection-state=new in-interface-list=WAN log=yes log-prefix=\    "Add_Black List (Winbox) S5" src-address-list=\    "Black List (Winbox) Stage 4"add action=add-src-to-address-list address-list="Black List (Winbox) Stage 4" \    address-list-timeout=1m chain="Black List (Winbox) Chain" comment=\    "Add succesive attempts to Black List (Winbox) Stage 4." \    connection-state=new in-interface-list=WAN log=yes log-prefix=\    "Add_Black List (Winbox) S4" src-address-list=\    "Black List (Winbox) Stage 3"add action=add-src-to-address-list address-list="Black List (Winbox) Stage 3" \    address-list-timeout=1m chain="Black List (Winbox) Chain" comment=\    "Add succesive attempts to Black List (Winbox) Stage 3." \    connection-state=new in-interface-list=WAN log=yes log-prefix=\    "Add_Black List (Winbox) S3" src-address-list=\    "Black List (Winbox) Stage 2"add action=add-src-to-address-list address-list="Black List (Winbox) Stage 2" \    address-list-timeout=1m chain="Black List (Winbox) Chain" comment=\    "Add succesive attempts to Black List (Winbox) Stage 2." \    connection-state=new in-interface-list=WAN log=yes log-prefix=\    "Add_Black List (Winbox) S2" src-address-list=\    "Black List (Winbox) Stage 1"add action=add-src-to-address-list address-list="Black List (Winbox) Stage 1" \    address-list-timeout=1m chain="Black List (Winbox) Chain" comment=\    "Add initial attempt to Black List (Winbox) Stage 1." connection-state=\    new in-interface-list=WAN log=yes log-prefix="Add_Black List (Winbox) S1"add action=return chain="Black List (Winbox) Chain" comment=\    "Return From Black List (Winbox) chain."add action=drop chain=input comment="Drop anyone in Black List (SSH)." \    in-interface-list=WAN log=yes log-prefix="BL_Black List (SSH)" \    src-address-list="Black List (SSH)"add action=jump chain=input comment="Jump to Black List (SSH) chain." \    dst-port=45735 in-interface-list=WAN jump-target="Black List (SSH) Chain" \    protocol=tcpadd action=add-src-to-address-list address-list="Black List (SSH)" \    address-list-timeout=4w2d chain="Black List (SSH) Chain" comment="Transfer\    _repeated attempts from Black List (SSH) Stage 3 to Black List (SSH)." \    connection-state=new in-interface-list=WAN log=yes log-prefix=\    "Add_Black List (SSH)" src-address-list="Black List (SSH) Stage 3"add action=add-src-to-address-list address-list="Black List (SSH) Stage 3" \    address-list-timeout=1m chain="Black List (SSH) Chain" comment=\    "Add successive attempts to Black List (SSH) Stage 3." connection-state=\    new in-interface-list=WAN log=yes log-prefix="Add_Black List (SSH) S3" \    src-address-list="Black List (SSH) Stage 2"add action=add-src-to-address-list address-list="Black List (SSH) Stage 2" \    address-list-timeout=1m chain="Black List (SSH) Chain" comment=\    "Add successive attempts to Black List (SSH) Stage 2." connection-state=\    new in-interface-list=WAN log=yes log-prefix="Add_Black List (SSH) S2" \    src-address-list="Black List (SSH) Stage 1"add action=add-src-to-address-list address-list="Black List (SSH) Stage 1" \    address-list-timeout=1m chain="Black List (SSH) Chain" comment=\    "Add initial attempt to Black List (SSH) Stage 1." connection-state=new \    in-interface-list=WAN log=yes log-prefix="Add_Black List (SSH) S1"add action=return chain="Black List (SSH) Chain" comment=\    "Return From Black List (SSH) chain."add action=accept chain=input comment="Accept established connections" \    connection-state=establishedadd action=accept chain=input comment="Accept related connections" \    connection-state=relatedadd action=accept chain=input comment="Accept SSH for secure shell" dst-port=\    45735 log=yes log-prefix=SSH_LOGIN protocol=tcpadd action=accept chain=input comment="Accept SSH for secure shell" dst-port=\    13234 log=yes log-prefix=SSH_LOGIN protocol=tcpadd action=accept chain=input comment="Accept SSH for secure shell" dst-port=\    13233 in-interface=WAN1 protocol=udpadd action=accept chain=input comment="Accept SSH for secure shell" dst-port=\    51820 in-interface=WAN1 protocol=udpadd action=accept chain=input comment="Allow limited pings" limit=\    50/5s,2:packet protocol=icmpadd action=drop chain=input comment="Drop excess pings" protocol=icmpadd action=accept chain=input comment="Accept VPN" protocol=ipsec-espadd action=accept chain=input comment="Accept Winbox access" dst-port=8291 \    protocol=tcp src-address-list=localadd action=accept chain=input comment="Accept VPN" dst-port=500,4500,1701 \    protocol=udpadd action=accept chain=input comment="Accept Winbox MAC" dst-port=20561 \    in-interface-list=!WAN protocol=udp src-address-list=localadd action=accept chain=input comment="Accept NDP" dst-port=5678 \    in-interface-list=!WAN protocol=udp src-address-list=localadd action=accept chain=input comment="Accept DNS Querry" dst-port=53 \    in-interface-list=!WAN protocol=udp src-address-list=localadd action=accept chain=input comment="Accept NTP Querry" dst-port=123 \    in-interface-list=!WAN protocol=udp src-address-list=localadd action=accept chain=input comment="Accept DHCP Querry" dst-port=67 \    in-interface-list=!WAN protocol=udp src-address-list=local src-port=68add action=accept chain=input comment="Accept SNMP" dst-port=161 \    in-interface-list=!WAN protocol=udp src-address-list=localadd action=accept chain=input comment="Accept Winbox http" dst-port=1455 \    in-interface-list=!WAN protocol=tcp src-address-list=localadd action=accept chain=input comment="CAPsMAN accept all local traffic" \    src-address-type=localadd action=drop chain=input comment="Drop everything else" log-prefix=\    "IN DROP REST -> "add action=accept chain=forward comment="PF Mailserver" dst-port=443 \    protocol=tcpadd action=accept chain=forward comment="PF Mailserver" dst-port=80 protocol=\    tcpadd action=accept chain=forward comment="Accept established connections" \    connection-state=establishedadd action=accept chain=forward comment="Accept related connections" \    connection-state=relatedadd action=accept chain=forward comment="Accept VPN" in-interface=\    wireguard-clientadd action=accept chain=forward comment="Accept VPN" out-interface=\    wireguard-clientadd action=accept chain=forward comment="Accept VPN" in-interface=\    wireguard-client out-interface=BRIDGEadd action=accept chain=forward comment="Accept VPN" in-interface=BRIDGE \    out-interface=wireguard-client# l2tp-DM not readyadd action=accept chain=forward comment="Accept VPN" in-interface=*C# l2tp-DM not readyadd action=accept chain=forward comment="Accept VPN" out-interface=*Cadd action=accept chain=forward comment="Allow Forward to WAN1" \    out-interface=WAN1add action=drop chain=forward comment="Drop invalid connections" \    connection-state=invalidadd action=log chain=forward comment="Log everything else" log-prefix=\    "DROP FORWARD"add action=drop chain=forward comment="Drop everything else"/ip firewall natadd action=dst-nat chain=dstnat disabled=yes dst-port=443 in-interface=WAN1 \    log=yes protocol=tcp to-addresses=192.168.0.10 to-ports=443add action=dst-nat chain=dstnat disabled=yes dst-port=80 in-interface=WAN1 \    log=yes protocol=tcp to-addresses=192.168.0.10 to-ports=80add action=masquerade chain=srcnat out-interface=WAN1/ip firewall service-portset sip disabled=yes/ip ipsec identity# Peer does not existadd peer=*2 remote-id=ignore/ip routeadd disabled=yes distance=1 dst-address=192.168.254.0/24 gateway=*C pref-src=\    10.16.248.4 routing-table=main scope=10 suppress-hw-offload=no \    target-scope=10add disabled=yes distance=1 dst-address=192.168.249.0/24 gateway=*C pref-src=\    10.16.248.4 routing-table=main scope=10 suppress-hw-offload=no \    target-scope=10add disabled=yes distance=1 dst-address=192.168.155.0/24 gateway=*C pref-src=\    10.16.248.4 routing-table=main scope=10 suppress-hw-offload=no \    target-scope=10add disabled=yes distance=1 dst-address=10.10.150.0/24 gateway=\    wireguard-client pref-src="" routing-table=main scope=30 \    suppress-hw-offload=no target-scope=10add disabled=yes distance=1 dst-address=195.4.209.213/32 gateway=\    wireguard-client pref-src="" routing-table=main scope=30 \    suppress-hw-offload=no target-scope=10/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset ssh port=45735set api disabled=yes/ip sshset strong-crypto=yes/routing bfd configurationadd disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5/system clockset time-zone-name=Europe/Vienna/system identityset name=WBH10ROU03/system leds settingsset all-leds-off=after-1min/system loggingadd action=auth disabled=yes topics=accountadd prefix=WIREGUARD topics=wireguard/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp client serversadd address=0.pool.ntp.orgadd address=1.pool.ntp.orgadd address=2.pool.ntp.orgadd address=3.pool.ntp.org/system routerboard settingsset auto-upgrade=yes silent-boot=yes

Statistics: Posted by dima1002 — Tue Dec 12, 2023 10:11 pm



Viewing all articles
Browse latest Browse all 23620

Trending Articles