From e9b3b6210d13b60978a7cca0ca0a0fee1bbe634b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zolt=C3=A1n=20Papp?= <zoltan.pmail@gmail.com>
Date: Fri, 20 Dec 2024 12:10:39 +0100
Subject: [PATCH] Improve WireGuard handshake success rate

The controller peer sends WireGuard
handshake requests only
---
 client/internal/peer/conn.go | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/client/internal/peer/conn.go b/client/internal/peer/conn.go
index 8bbea6a2b..3902c44fb 100644
--- a/client/internal/peer/conn.go
+++ b/client/internal/peer/conn.go
@@ -531,11 +531,18 @@ func (conn *Conn) listenGuardEvent(ctx context.Context) {
 }
 
 func (conn *Conn) configureWGEndpoint(addr *net.UDPAddr) error {
+	var endpoint *net.UDPAddr
+
+	// Force to only one side send handshake request to avoid the handshake congestion in WireGuard connection.
+	// Configure up the WireGuard endpoint only on the initiator side.
+	if isWireGuardInitiator(conn.config) {
+		endpoint = addr
+	}
 	return conn.config.WgConfig.WgInterface.UpdatePeer(
 		conn.config.WgConfig.RemoteKey,
 		conn.config.WgConfig.AllowedIps,
 		defaultWgKeepAlive,
-		addr,
+		endpoint,
 		conn.config.WgConfig.PreSharedKey,
 	)
 }
@@ -761,6 +768,11 @@ func isController(config ConnConfig) bool {
 	return config.LocalKey > config.Key
 }
 
+// isWireGuardInitiator returns true if the local peer is the initiator of the WireGuard connection
+func isWireGuardInitiator(config ConnConfig) bool {
+	return isController(config)
+}
+
 func isRosenpassEnabled(remoteRosenpassPubKey []byte) bool {
 	return remoteRosenpassPubKey != nil
 }