1

I have a WireGuard VPN server running. How do I set a timeout so that connected clients will get disconnected if they are idle for the given time (or maybe even disconnection irrespective of being idle or not)? Where do I specify this parameter, I see no mention of it in the Wire Guard Documentation.

Aravindan Sridhar
  • 29
  • 1
  • 3

1 Answers1

3

There is no such parameter in WireGuard as, clients can go quiet at any time and expect to be able to talk to the server again at any time later.

Specifically, the protocol requires a client to handshake with the server to begin a session. To maintain the session a client must handshake at least once every 180 seconds. In practice, the handshake happens some time between 120 and 180 seconds.

If a client stops talking and at a later time wants to start talking again, providing the server is active then,if the time since last talking is:

  • <120 seconds, carry on as normal
  • >=120 seconds, <=180 seconds carry on and handshake within 60 seconds.
  • > 180 seconds, handshake and carry on

The server and client maintain timers so that they always know what to do and when to do it.

Thus, WireGuard is a connectionless protocol and there is no need to worry about timeouts. A client is either talking (and handshaking as required) or silent.

user9517
  • 115,471
  • 20
  • 215
  • 297
  • 1
    Great info thanks! I still would like to enforce a timeout on top of this. Is there any workaround or tool to do this? – Aravindan Sridhar Dec 10 '20 at 15:32
  • I don't understand what you don't understand about there being no such option. – user9517 Dec 10 '20 at 17:51
  • @AravindanSridhar down and up the interface can force this node to send handshake to peer with EndPoint. If the peer do not have EndPoint setting, you have to wait a few minutes, or down and up the interface of that peer. – bronze man Jun 13 '23 at 06:21
  • "Thus, WireGuard is a connectionless protocol and there is no need to worry about timeouts. A client is either talking (and handshaking as required) or silent." I am worried about client handshake timeouts and i can do nothing when i restarted my server... – bronze man Jun 13 '23 at 06:29
  • You actually need to have timeout if you need to have redundant route – Kiwy Aug 30 '23 at 09:58