WireGuard consistent disconnection - Ubuntu Server and Android Client

Question

Problem Description: Wireguard Android client disconnects after every ~10mins.

Attempts I have made: 1. Tweaking the KeepAlive 2. Changing the IP address (private) and restarting the service multiple times 3. MTU tweaks

Observation: After client disconnection, the port is changed from the client side. (See the log below)

[Oct10 20:01] wireguard: wg0: Receiving keepalive packet from peer 1 (CLIENT_IP:47581)
[ +32.141624] wireguard: wg0: Receiving handshake initiation from peer 1 (CLIENT_IP:40667)

Provided Info:Server: Ubuntu 20.4 / Client: Android / wireguard-tools v1.0.20200513

Server Config:

[Interface]
Address = 10.88.88.1/24
#SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 8080
PrivateKey = key

[Peer]
PublicKey = key
AllowedIPs = 10.88.88.2/32, 192.168.1.0/24
PersistentKeepalive = 10

Client Config:

[Interface]
PrivateKey = KEY
Address = 10.88.88.2/32
DNS = 8.8.8.8, 1.1.1.1
MTU = 1412
[Peer]
PublicKey = KEY
Endpoint = Server_IP:PORT
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 10

Wireguard Logs: Probably during one of the disconnection/connection

[Oct10 19:50] wireguard: wg0: Receiving handshake initiation from peer 1 (CLIENT_IP:47581)
[  +0.000007] wireguard: wg0: Sending handshake response to peer 1 (CLIENT_IP:47581)
[  +0.000136] wireguard: wg0: Keypair 44 destroyed for peer 1
[  +0.000002] wireguard: wg0: Keypair 46 created for peer 1
[  +0.134181] wireguard: wg0: Receiving keepalive packet from peer 1 (CLIENT_IP:47581)
[Oct10 19:52] wireguard: wg0: Sending keepalive packet to peer 1 (CLIENT_IP:47581)
[  +0.145818] wireguard: wg0: Receiving keepalive packet from peer 1 (CLIENT_IP:47581)
[ +22.076924] wireguard: wg0: Receiving handshake initiation from peer 1 (CLIENT_IP:47581)
[  +0.000008] wireguard: wg0: Sending handshake response to peer 1 (CLIENT_IP:47581)
[  +0.000135] wireguard: wg0: Keypair 45 destroyed for peer 1
[  +0.000002] wireguard: wg0: Keypair 47 created for peer 1
[  +0.145898] wireguard: wg0: Receiving keepalive packet from peer 1 (CLIENT_IP:47581)
[Oct10 19:54] wireguard: wg0: Receiving handshake initiation from peer 1 (CLIENT_IP:47581)
[  +0.000007] wireguard: wg0: Sending handshake response to peer 1 (CLIENT_IP:47581)
[  +0.000136] wireguard: wg0: Keypair 46 destroyed for peer 1
[  +0.000002] wireguard: wg0: Keypair 48 created for peer 1
[  +0.114982] wireguard: wg0: Receiving keepalive packet from peer 1 (CLIENT_IP:47581)
[Oct10 19:55] wireguard: wg0: Receiving keepalive packet from peer 1 (CLIENT_IP:47581)
[  +0.018194] wireguard: wg0: Sending keepalive packet to peer 1 (CLIENT_IP:47581)
[Oct10 19:56] wireguard: wg0: Receiving handshake initiation from peer 1 (CLIENT_IP:47581)
[  +0.000008] wireguard: wg0: Sending handshake response to peer 1 (CLIENT_IP:47581)
[  +0.000135] wireguard: wg0: Keypair 47 destroyed for peer 1
[  +0.000003] wireguard: wg0: Keypair 49 created for peer 1
[  +0.216988] wireguard: wg0: Receiving keepalive packet from peer 1 (CLIENT_IP:47581)
[Oct10 19:57] wireguard: wg0: Sending keepalive packet to peer 1 (CLIENT_IP:47581)
[  +0.132072] wireguard: wg0: Receiving keepalive packet from peer 1 (CLIENT_IP:47581)
[  +0.002179] wireguard: wg0: Receiving keepalive packet from peer 1 (CLIENT_IP:47581)
[Oct10 19:58] wireguard: wg0: Receiving handshake initiation from peer 1 (CLIENT_IP:47581)
[  +0.000007] wireguard: wg0: Sending handshake response to peer 1 (CLIENT_IP:47581)
[  +0.000135] wireguard: wg0: Keypair 48 destroyed for peer 1
[  +0.000002] wireguard: wg0: Keypair 50 created for peer 1
[  +0.204722] wireguard: wg0: Receiving keepalive packet from peer 1 (CLIENT_IP:47581)
[Oct10 20:00] wireguard: wg0: Receiving handshake initiation from peer 1 (CLIENT_IP:47581)
[  +0.000007] wireguard: wg0: Sending handshake response to peer 1 (CLIENT_IP:47581)
[  +0.000138] wireguard: wg0: Keypair 49 destroyed for peer 1
[  +0.000002] wireguard: wg0: Keypair 51 created for peer 1
[Oct10 20:01] wireguard: wg0: Receiving keepalive packet from peer 1 (CLIENT_IP:47581)
[ +32.141624] wireguard: wg0: Receiving handshake initiation from peer 1 (CLIENT_IP:40667)
[  +0.000007] wireguard: wg0: Sending handshake response to peer 1 (CLIENT_IP:40667)
[  +0.000136] wireguard: wg0: Keypair 50 destroyed for peer 1
[  +0.000002] wireguard: wg0: Keypair 52 created for peer 1
[  +0.130602] wireguard: wg0: Receiving keepalive packet from peer 1 (CLIENT_IP:40667)
[Oct10 20:03] wireguard: wg0: Receiving handshake initiation from peer 1 (CLIENT_IP:40667)
[  +0.000008] wireguard: wg0: Sending handshake response to peer 1 (CLIENT_IP:40667)
[  +0.000135] wireguard: wg0: Keypair 51 destroyed for peer 1
[  +0.000002] wireguard: wg0: Keypair 53 created for peer 1
[  +0.138579] wireguard: wg0: Receiving keepalive packet from peer 1 (CLIENT_IP:40667)
[Oct10 20:04] wireguard: wg0: Sending keepalive packet to peer 1 (CLIENT_IP:40667)
[  +0.032138] wireguard: wg0: Receiving keepalive packet from peer 1 (CLIENT_IP:40667)
[Oct10 20:05] wireguard: wg0: Receiving keepalive packet from peer 1 (CLIENT_IP:40667)
[ +31.605691] wireguard: wg0: Receiving handshake initiation from peer 1 (CLIENT_IP:40667)
[  +0.000008] wireguard: wg0: Sending handshake response to peer 1 (CLIENT_IP:40667)
[  +0.000135] wireguard: wg0: Keypair 52 destroyed for peer 1
[  +0.000002] wireguard: wg0: Keypair 54 created for peer 1
[  +0.171474] wireguard: wg0: Receiving keepalive packet from peer 1 (CLIENT_IP:40667)
[Oct10 20:07] wireguard: wg0: Receiving handshake initiation from peer 1 (CLIENT_IP:40667)
[  +0.000008] wireguard: wg0: Sending handshake response to peer 1 (CLIENT_IP:40667)
[  +0.000137] wireguard: wg0: Keypair 53 destroyed for peer 1
[  +0.000002] wireguard: wg0: Keypair 55 created for peer 1
[  +0.197794] wireguard: wg0: Receiving keepalive packet from peer 1 (CLIENT_IP:40667)
[Oct10 20:09] wireguard: wg0: Receiving handshake initiation from peer 1 (CLIENT_IP:40667)
[  +0.000007] wireguard: wg0: Sending handshake response to peer 1 (CLIENT_IP:40667)
[  +0.000135] wireguard: wg0: Keypair 54 destroyed for peer 1
[  +0.000002] wireguard: wg0: Keypair 56 created for peer 1
[  +0.199167] wireguard: wg0: Receiving keepalive packet from peer 1 (CLIENT_IP:40667)
[ +19.727691] wireguard: wg0: Receiving keepalive packet from peer 1 (CLIENT_IP:40667)
[  +0.173295] wireguard: wg0: Sending keepalive packet to peer 1 (CLIENT_IP:40667)
[Oct10 20:10] wireguard: wg0: Receiving keepalive packet from peer 1 (CLIENT_IP:40667)
[  +0.148877] wireguard: wg0: Sending keepalive packet to peer 1 (CLIENT_IP:40667)
[ +19.819577] wireguard: wg0: Receiving keepalive packet from peer 1 (CLIENT_IP:40667)
[  +0.148292] wireguard: wg0: Sending keepalive packet to peer 1 (CLIENT_IP:40667)
[Oct10 20:11] wireguard: wg0: Sending keepalive packet to peer 1 (CLIENT_IP:4066)

Answer 1

Sounds like the client is behind a finicky NAT that resets its UDP state every 10 minutes. You might not be able to do anything about that.

However, sending keepalives from both sides of the connection will probably just make things worse, as it creates more opportunities for the two sides to get out of sync.

Remove the PersistentKeepalive setting from the server side -- usually you should use this setting only on the side of the connection that also includes the Endpoint setting.