Jump to content
  • 0

Ограничить логи Wireguard handshake


r13
 Share

Question

@Le ecureuil

В логах для работающего пира каждые 2 с небольшим минуты наблюдаю пару сообщений

[I] Mar  8 14:54:58 kernel: wireguard: Wireguard1: receiving handshake initiation from peer "VVzo/VdTNI4XH/****/PZHHc=" (11) (128.4.16.19:48951)
[I] Mar  8 14:54:58 kernel: wireguard: Wireguard1: sending handshake response to peer "VVzo/VdTNI4XH/****/PZHHc=" (11) (128.4.16.19:48951)
[I] Mar  8 14:57:01 kernel: wireguard: Wireguard1: receiving handshake initiation from peer "VVzo/VdTNI4XH/****/PZHHc=" (11) (128.4.16.19:48951)
[I] Mar  8 14:57:01 kernel: wireguard: Wireguard1: sending handshake response to peer "VVzo/VdTNI4XH/****/PZHHc=" (11) (128.4.16.19:48951)
[I] Mar  8 14:59:28 kernel: wireguard: Wireguard1: receiving handshake initiation from peer "VVzo/VdTNI4XH/****/PZHHc=" (11) (128.4.16.19:48951)
[I] Mar  8 14:59:28 kernel: wireguard: Wireguard1: sending handshake response to peer "VVzo/VdTNI4XH/****/PZHHc=" (11) (128.4.16.19:48951)

Предлагаю убрать их в отладочный лог,

по аналогии ехо запросами у ppp соединений, где если все правильно помню сервер перестает логировать после 6 ехо запросов от клиента

В текущем варианте при нескольких клиентах такая активность весьма ощутимо "нагружает" лог

Link to comment
Share on other sites

13 answers to this question

Recommended Posts

  • 0
12 минуты назад, bigpu сказал:

В вашем кейсе Кинетик - сервер WG и на нем несколько клиентов?

Да, так. 

Link to comment
Share on other sites

  • 0
17 минут назад, r13 сказал:

Да, так. 

под логом имеется ввиду журнал или лог "сохранить на компьютер" ?

В последний у меня тоже много флуда от отключенного соединения WG где Кинетик уже клиент. Но в журнале все в порядке.

Link to comment
Share on other sites

  • 0
27 минут назад, bigpu сказал:

под логом имеется ввиду журнал или лог "сохранить на компьютер" ?

В последний у меня тоже много флуда от отключенного соединения WG где Кинетик уже клиент. Но в журнале все в порядке.

Это одно и тоже.

Для wg это не флуд а нормальное поведение,у него короткие сессии, до 3х минут, поэтому между 2й и 3й минутой происходит пересогласование.

Вопрос нужно ли логировать все эти пересогласования.

ЗЫ такой лог только со стороны "сервера"

Edited by r13
Link to comment
Share on other sites

  • 0
Цитата

Это одно и тоже.

Ок, но смысл тогда, в моей ситуации, писать в лог многочисленные траблы при отключенном соединении?

Да и как бы логируется почаще чем раз в 2-3 минуты:

Скрытый текст

Mar  7 22:36:10 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:36:11 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:36:11 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:36:22 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:36:23 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:36:23 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:36:34 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:36:34 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:36:34 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:36:45 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:36:46 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:36:46 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:36:57 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:36:58 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:36:58 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:37:09 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:37:09 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:37:09 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:37:20 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:37:20 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:37:20 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:37:31 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:37:32 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:37:32 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:37:43 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:37:44 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:37:44 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:37:55 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:37:56 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:37:56 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:38:07 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:38:07 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:38:07 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:38:18 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:38:19 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:38:19 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:38:30 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:38:30 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:38:30 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:38:41 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:38:42 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:38:42 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:38:53 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:38:53 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:38:53 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:39:04 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:39:05 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:39:05 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:39:16 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:39:17 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:39:17 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:39:28 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:39:28 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:39:28 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:39:39 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:39:40 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:39:40 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:39:51 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:39:51 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:39:51 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:40:02 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:40:03 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".

 

Link to comment
Share on other sites

  • 0
14 минуты назад, bigpu сказал:

Ок, но смысл тогда, в моей ситуации, писать в лог многочисленные траблы при отключенном соединении?

Да и как бы логируется почаще чем раз в 2-3 минуты:

  Показать содержимое

Mar  7 22:36:10 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:36:11 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:36:11 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:36:22 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:36:23 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:36:23 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:36:34 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:36:34 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:36:34 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:36:45 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:36:46 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:36:46 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:36:57 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:36:58 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:36:58 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:37:09 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:37:09 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:37:09 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:37:20 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:37:20 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:37:20 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:37:31 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:37:32 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:37:32 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:37:43 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:37:44 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:37:44 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:37:55 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:37:56 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:37:56 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:38:07 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:38:07 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:38:07 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:38:18 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:38:19 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:38:19 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:38:30 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:38:30 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:38:30 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:38:41 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:38:42 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:38:42 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:38:53 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:38:53 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:38:53 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:39:04 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:39:05 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:39:05 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:39:16 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:39:17 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:39:17 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:39:28 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:39:28 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:39:28 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:39:39 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:39:40 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:39:40 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:39:51 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:39:51 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".
Mar  7 22:39:51 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" endpoint "xxx" is unavailable, schedule retry.
Mar  7 22:40:02 ndm: Wireguard::Interface: "Wireguard2": peer "xxx=" went offline, update configuration.
[E] Mar  7 22:40:03 ndm: Wireguard::Interface: "Wireguard2": unable to resolve peer "xxx=" endpoint "xxx".

 

Одно и тоже имелось ввиду про журнал или лог "сохранить на компьютер".

У вас другая ситуация. если это сервер, то отключите keepalive в настройках.

Edited by r13
Link to comment
Share on other sites

  • 0
В 08.03.2020 в 23:22, r13 сказал:

@Le ecureuil

В логах для работающего пира каждые 2 с небольшим минуты наблюдаю пару сообщений


[I] Mar  8 14:54:58 kernel: wireguard: Wireguard1: receiving handshake initiation from peer "VVzo/VdTNI4XH/****/PZHHc=" (11) (128.4.16.19:48951)
[I] Mar  8 14:54:58 kernel: wireguard: Wireguard1: sending handshake response to peer "VVzo/VdTNI4XH/****/PZHHc=" (11) (128.4.16.19:48951)
[I] Mar  8 14:57:01 kernel: wireguard: Wireguard1: receiving handshake initiation from peer "VVzo/VdTNI4XH/****/PZHHc=" (11) (128.4.16.19:48951)
[I] Mar  8 14:57:01 kernel: wireguard: Wireguard1: sending handshake response to peer "VVzo/VdTNI4XH/****/PZHHc=" (11) (128.4.16.19:48951)
[I] Mar  8 14:59:28 kernel: wireguard: Wireguard1: receiving handshake initiation from peer "VVzo/VdTNI4XH/****/PZHHc=" (11) (128.4.16.19:48951)
[I] Mar  8 14:59:28 kernel: wireguard: Wireguard1: sending handshake response to peer "VVzo/VdTNI4XH/****/PZHHc=" (11) (128.4.16.19:48951)

Предлагаю убрать их в отладочный лог,

по аналогии ехо запросами у ppp соединений, где если все правильно помню сервер перестает логировать после 6 ехо запросов от клиента

В текущем варианте при нескольких клиентах такая активность весьма ощутимо "нагружает" лог

В следующем драфте должно быть чуть получше.

  • Upvote 1
Link to comment
Share on other sites

  • 0
В 12.03.2020 в 16:25, Le ecureuil сказал:

В следующем драфте должно быть чуть получше.

Да, теперь отлично! Спасибо.

Link to comment
Share on other sites

  • 0
8 минут назад, Le ecureuil сказал:

Как хоть получается в итоге? А то я не все случаи протестировал.

по одному handshake на клиента/сервер логгирутся, и далее тихо...

Тоже еще потестирую.

Link to comment
Share on other sites

  • 0
12 минуты назад, r13 сказал:

по одному handshake на клиента/сервер логгирутся, и далее тихо...

Тоже еще потестирую.

Когда отваливается, то опять начинает писать?

Link to comment
Share on other sites

  • 0
7 минут назад, Le ecureuil сказал:

Когда отваливается, то опять начинает писать?

При подключении после отвала? Тоже однократно.

  • Thanks 1
Link to comment
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...