Wireguard handshake counter

octopus · January 31, 2026, 8:47pm

Something happened with wireguard handshake counter.
It generate negative values and only count to 1 minutes.

egc · January 31, 2026, 8:50pm

Then your system time might be off

octopus · January 31, 2026, 9:08pm

System time is right.

brada4 · January 31, 2026, 9:10pm

Negative time difference disproves it.

Add both wg tunnel ends as ntp noselect peers to record time skews

psherman · January 31, 2026, 9:17pm

What is the output of date?

octopus · January 31, 2026, 9:29pm

root@Defcon:~# date
Sat Jan 31 22:29:19 CET 2026

psherman · January 31, 2026, 9:34pm

Seems right. What version of OpenWrt?

ubus call system board

octopus · January 31, 2026, 10:49pm

root@Defcon:~# ubus call system board
{
        "kernel": "6.6.119",
        "hostname": "Defcon",
        "system": "ARMv8 Processor rev 4",
        "model": "GL.iNet GL-MT6000",
        "board_name": "glinet,gl-mt6000",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "24.10.5",
                "revision": "r29087-d9c5716d1d",
                "target": "mediatek/filogic",
                "description": "OpenWrt 24.10.5 r29087-d9c5716d1d",
                "builddate": "1766005702"
        }
}

mk24 · February 1, 2026, 12:00am

It could be because the clock at the other end is wrong, and ahead of the actual time.

Wireguard doesn't use certificates that expire at a definite time, but I think the two system times have to be close for a successful handshake.