How do you debug issues with WireGuard? Things usually go great but every now and then my subsonic server stops streaming (or my client stops getting the music) so his never happens on local network but o my when using WireGuard. Are there tools for debugging it? Cc @selfhosted@lemmy.world @selfhost@lemmy.ml
You do the usual network checks first, check if wireguard packages come in, check latest handshake. Depending on your network setup you might want to set a lower MTU than default, or enable PersistentKeepalive.
If none of that shows something useful you can enable debug logging via debugfs:
echo module wireguard +p > /sys/kernel/debug/dynamic_debug/control
You’ll then have additional messages in dmesg. You can switch it off by doing -p instead.
+1 for MTU and persistent keepalive. The last one helps if the connection is lost after a certain amount of time and does not recover, the first is often the problem when connection is intermittent or just “weird”.
Setting MTU requires knowing the MTU of your connection. Many ISPs provide IPv4 encapsulated in IPv6 protocol (Dual Stack Lite, I believe), meaning that from the regular package size you have to deduct the overhead of the encapsulation and if I remember correctly, also the package overhead for wireguard.
And maybe PPPoE.
traceroute --mtu 1.1.1.1
Pick the lowest value displayed for
F=xxxx
like e.gF=1492
and subtract 80.For my DSL connection the optimal value is 1412.
Personally, I just looked at my firewall’s logs on the WG port and the handshake info. Once you have a handshake I don’t think there’s much that can go wrong on the WG side, maybe there’s a problem with lost packets or network roaming?