How enhance the wireguard log output?

Some clients could connect some not.
how could I enhance the wireguard output. I wish to see failing handshakes and may the cause why it fails.

Openwrt 15.05
wireguard-tools 0.0.20191219-1


hi @vgaetera


there is no directory ' dynamic_debug'

This requires building your own image with custom kernel config.


Any other possibilities to get a verbose wireguard output?

The most you can get are logs at the tcpdump/iptables level:

Typical reasons for a failed handshake:

  • Incorrect routing/firewall settings.
  • Incorrect keys configuration.
  • Time synchronization issues.
1 Like

how much timedifference is allowed?

As far I see over teamviewer im on the same second. Other devices work well.
the device which do not wish to connect is a fresh set-up ubuntu.
I tried the debug thing on the client. But even I enable it, journalctl -u wg-quick@vpn.service do not show more.
if I do a journalctl |grep wireguard I only get something like

kernel: wireguard: vpn: Peer 29 created

I'd say NTP client should be configured and work properly on both peers.
But even that may not be enough in some cases in a long term.
You can start troubleshooting with diagnostics from OpenWrt and Ubuntu.

If I work with simple wg-quick up VPN I did not get much information from journalctl -kf even from the debug command.

That moment I used systemd I got much more log output. Even with that I only get sucessfull information. No failures.
Meanwhile I was able to connenct. But I'm not able to destinguish what was the key for this problem.

Unfortunately, further speculation without the proper diagnostics is just guesswork.
Since the issue is not reliably reproducible, let's consider it a transient one.

I still search for a way to get failed connection or handshakes. So I'm ready for the moment I need them.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.