WireGuard connection spams uplink
I ported a a WireGuard connection from wg-quick to NM, and as soon as I start using the connection the uplink is spammed with many megabytes of traffic per second, consuming one entire core of my CPU.
The output of sudo wg
shows:
interface: wg0
public key: (hidden)
private key: (hidden)
listening port: 51817
fwmark: 0xca6c
peer: (hidden)
preshared key: (hidden)
endpoint: (hidden)
allowed ips: 192.168.0.0/24, 0.0.0.0/0
latest handshake: 50 seconds ago
transfer: 3.85 KiB received, 164.91 MiB sent
persistent keepalive: every 25 seconds
The working wg-quick config:
[Interface]
PrivateKey = (hidden)
Address = 192.168.0.201/24
DNS = 192.168.0.1
[Peer]
PublicKey = (hidden)
PresharedKey = (hidden)
AllowedIPs = 192.168.0.0/24,0.0.0.0/0
Endpoint = (hidden)
PersistentKeepalive = 25
and the output of nmcli c show Home
(ipv6
and proxy
are disabled)
connection.id: Home
connection.uuid: (hidden)
connection.stable-id: --
connection.type: wireguard
connection.interface-name: wg0
connection.autoconnect: nein
connection.autoconnect-priority: 0
connection.autoconnect-retries: -1 (default)
connection.multi-connect: 0 (default)
connection.auth-retries: -1
connection.timestamp: 1683967930
connection.read-only: nein
connection.permissions: user:(hidden)
connection.zone: --
connection.master: --
connection.slave-type: --
connection.autoconnect-slaves: -1 (default)
connection.secondaries: --
connection.gateway-ping-timeout: 0
connection.metered: unbekannt
connection.lldp: default
connection.mdns: -1 (default)
connection.llmnr: -1 (default)
connection.dns-over-tls: -1 (default)
connection.mptcp-flags: 0x0 (default)
connection.wait-device-timeout: -1
connection.wait-activation-delay: -1
ipv4.method: manual
ipv4.dns: 192.168.0.1
ipv4.dns-search: --
ipv4.dns-options: --
ipv4.dns-priority: 0
ipv4.addresses: 192.168.0.201/24
ipv4.gateway: 192.168.0.1
ipv4.routes: --
ipv4.route-metric: -1
ipv4.route-table: 0 (unspec)
ipv4.routing-rules: --
ipv4.replace-local-rule: -1 (default)
ipv4.ignore-auto-routes: nein
ipv4.ignore-auto-dns: ja
ipv4.dhcp-client-id: --
ipv4.dhcp-iaid: --
ipv4.dhcp-timeout: 0 (default)
ipv4.dhcp-send-hostname: ja
ipv4.dhcp-hostname: --
ipv4.dhcp-fqdn: --
ipv4.dhcp-hostname-flags: 0x0 (none)
ipv4.never-default: nein
ipv4.may-fail: ja
ipv4.required-timeout: -1 (default)
ipv4.dad-timeout: -1 (default)
ipv4.dhcp-vendor-class-identifier: --
ipv4.link-local: 0 (default)
ipv4.dhcp-reject-servers: --
ipv4.auto-route-ext-gw: -1 (default)
wireguard.private-key: <hidden>
wireguard.private-key-flags: 0 (keine)
wireguard.listen-port: 51817
wireguard.fwmark: 0xca6c
wireguard.peer-routes: ja
wireguard.mtu: 0
wireguard.ip4-auto-default-route: -1 (default)
wireguard.ip6-auto-default-route: -1 (default)