feat(snownet): set wireguard keep-alive (#3829)

In my local testing, I noticed that not using the tunnel for a bit ends up expiring the WG session which causes a new handshake if you then run a ping or something else. Having the keep-alive should help with not paying that extra RT that is required for a new session,
2026-01-28 10:18:51 +00:00 · 2024-03-02 07:23:09 +11:00
parent 96ad6115f9
commit e9ef15dc43
1 changed files with 6 additions and 1 deletions
--- a/rust/connlib/snownet/src/node.rs
+++ b/rust/connlib/snownet/src/node.rs
@@ -565,13 +565,18 @@ where
    ) -> Connection {
        agent.handle_timeout(self.last_now);

+        /// We set a Wireguard keep-alive to ensure the WG session doesn't timeout on an idle connection.
+        ///
+        /// Without such a timeout, using a tunnel after the REKEY_TIMEOUT requires handshaking a new session which delays the new application packet by 1 RTT.
+        const WG_KEEP_ALIVE: Option<u16> = Some(10);
+
        Connection {
            agent,
            tunnel: Tunn::new(
                self.private_key.clone(),
                remote,
                Some(key),
-                None,
+                WG_KEEP_ALIVE,
                self.index.next(),
                Some(self.rate_limiter.clone()),
            ),