Hi folks,
would it be possible to improve wireguard logging in OpenBSD?
A message like
Receiving handshake initiation from peer 17
in /var/log/messages of 2 weeks ago isn't really helpful. Peer
17 might have become peer 8 over time, for example.
For forensic measures in case of an incident it is crucial to
have the peers public key. This string is constant over time
(unless it is not rotated for security). The first 16 or 10
chars should do., e.g.
% grep 3QUz9EgDY4 /var/log/messages
:
Aug 9 15:22:02 mygate /bsd: wg0: Sending handshake initiation to peer 17
(3QUz9EgDY4)
Aug 9 15:22:07 mygate /bsd: wg0: Handshake for peer 17 (3QUz9EgDY4) did not
complete after 5 seconds, retrying (try 19)
Aug 9 15:22:07 mygate /bsd: wg0: Sending handshake initiation to peer 17
(3QUz9EgDY4)
Aug 9 15:22:12 mygate /bsd: wg0: Handshake for peer 17 (3QUz9EgDY4) did not
complete after 5 seconds, retrying (try 20)
Aug 9 15:22:12 mygate /bsd: wg0: Sending handshake initiation to peer 17
(3QUz9EgDY4)
Aug 9 15:22:17 mygate /bsd: wg0: Handshake for peer 17 (3QUz9EgDY4) did not
complete after 20 retries, giving up
Aug 9 15:25:16 mygate /bsd: wg0: Zeroing out keys for peer 17 (3QUz9EgDY4)
Aug 11 08:09:58 mygate /bsd: wg0: Receiving handshake initiation from peer 8
(3QUz9EgDY4)
Aug 11 08:09:58 mygate /bsd: wg0: Sending handshake response to peer 8
(3QUz9EgDY4)
Aug 11 08:09:58 mygate /bsd: wg0: Receiving keepalive packet from peer 8
(3QUz9EgDY4)
Aug 11 08:09:58 mygate /bsd: wg0: Sending keepalive packet to peer 8
(3QUz9EgDY4)
Aug 11 08:10:24 mygate /bsd: wg0: Receiving keepalive packet from peer 8
(3QUz9EgDY4)
Aug 11 08:11:49 mygate /bsd: wg0: Receiving keepalive packet from peer 8
(3QUz9EgDY4)
Aug 11 08:12:08 mygate /bsd: wg0: Receiving keepalive packet from peer 8
(3QUz9EgDY4)
:
I had posted this suggestion a few days ago on misc; hope you
don't mind the double post. Surely the bugs list is better suited
for an enhancement request.
I highly appreciate your good work on OpenBSD.
Harri
