Maximum number of interfaces ?

Maximum number of interfaces ?

[Will van Gulik]

Hi,

I'm trying to use multiple wireguard tunnel in one VM at the same time, =
but it seems that only the first two I configured are working. I'm =
currently trying with 5 interfaces, I see the incoming packet in tcpdump =
but no reaction of the destination host with all the wg interfaces.

I'm not sure there is a limitation on that, I could totally have missed =
that. Should I use 1 interface with multiple peers rather than multiple =
interface ?

I'm testing that on a Debian with 4.8.7-1, running on a KVM host.

Any insight ?

Kind regards,

Will=

Re: Maximum number of interfaces + Debug

[Will van Gulik]

Hi Everyone,

I went a bit further and did compile the module with debug rather than =
using the repo's version, and I get a :
wireguard: Invalid packet from xxxx:yyy
in my dmesg. I would have hoped to get something more clear, but would a =
module version mismatch be an issue or does this mostly looks like a key =
issue ? I would be strange because I reissued them several times.

Any clue, ideas, else ?

Cheers,

Will

> On 03 Jan 2017, at 09:52, Will van Gulik <mailing-porcus@porcus.ch> =
wrote:
>=20
> Hi,
>=20
> I'm trying to use multiple wireguard tunnel in one VM at the same =
time, but it seems that only the first two I configured are working. I'm =
currently trying with 5 interfaces, I see the incoming packet in tcpdump =
but no reaction of the destination host with all the wg interfaces.
>=20
> I'm not sure there is a limitation on that, I could totally have =
missed that. Should I use 1 interface with multiple peers rather than =
multiple interface ?
>=20
> I'm testing that on a Debian with 4.8.7-1, running on a KVM host.
>=20
> Any insight ?
>=20
> Kind regards,
>=20
> Will
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Maximum number of interfaces + Debug

[Baptiste Jonglez]

[-- Attachment #1: Type: text/plain, Size: 1696 bytes --]

Hi Will,

On Thu, Jan 05, 2017 at 11:49:03PM +0100, Will van Gulik wrote:
> Hi Everyone,
> 
> I went a bit further and did compile the module with debug rather than using the repo's version, and I get a :
> wireguard: Invalid packet from xxxx:yyy
> in my dmesg. I would have hoped to get something more clear, but would a module version mismatch be an issue or does this mostly looks like a key issue ? I would be strange because I reissued them several times.

There have been backwards-incompatible changes recently: can you make sure
that you use the exact same wireguard version on all peers?

> Any clue, ideas, else ?
> 
> Cheers,
> 
> Will
> 
> > On 03 Jan 2017, at 09:52, Will van Gulik <mailing-porcus@porcus.ch> wrote:
> > 
> > Hi,
> > 
> > I'm trying to use multiple wireguard tunnel in one VM at the same time, but it seems that only the first two I configured are working. I'm currently trying with 5 interfaces, I see the incoming packet in tcpdump but no reaction of the destination host with all the wg interfaces.
> > 
> > I'm not sure there is a limitation on that, I could totally have missed that. Should I use 1 interface with multiple peers rather than multiple interface ?
> > 
> > I'm testing that on a Debian with 4.8.7-1, running on a KVM host.
> > 
> > Any insight ?
> > 
> > Kind regards,
> > 
> > Will
> > _______________________________________________
> > WireGuard mailing list
> > WireGuard@lists.zx2c4.com
> > https://lists.zx2c4.com/mailman/listinfo/wireguard
> 
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: Maximum number of interfaces + Debug

[Will van Gulik]

[-- Attachment #1: Type: text/plain, Size: 1958 bytes --]

Hi Baptiste,

> On 11 Jan 2017, at 10:58, Baptiste Jonglez <baptiste@bitsofnetworks.org> wrote:
> 
> Hi Will,
> 
> 
> There have been backwards-incompatible changes recently: can you make sure
> that you use the exact same wireguard version on all peers?

I was using the same version (Debian package 0.0.20161230-1 from Unstable). However my bug occured between the package version and the compiled version from 0.0.20170105 . So I'll retry with both same kernel modules. Because at least for that try, I have a mismatch. But for my previous experiments all the version were the same.

Additional question, is it better to use  one interface with a big subnet and multiple remote peers or an interface by peer with a /30 or a /31 ? 

Cheers, 

Will

> 
>> Any clue, ideas, else ?
>> 
>> Cheers,
>> 
>> Will
>> 
>>> On 03 Jan 2017, at 09:52, Will van Gulik <mailing-porcus@porcus.ch> wrote:
>>> 
>>> Hi,
>>> 
>>> I'm trying to use multiple wireguard tunnel in one VM at the same time, but it seems that only the first two I configured are working. I'm currently trying with 5 interfaces, I see the incoming packet in tcpdump but no reaction of the destination host with all the wg interfaces.
>>> 
>>> I'm not sure there is a limitation on that, I could totally have missed that. Should I use 1 interface with multiple peers rather than multiple interface ?
>>> 
>>> I'm testing that on a Debian with 4.8.7-1, running on a KVM host.
>>> 
>>> Any insight ?
>>> 
>>> Kind regards,
>>> 
>>> Will
>>> _______________________________________________
>>> WireGuard mailing list
>>> WireGuard@lists.zx2c4.com
>>> https://lists.zx2c4.com/mailman/listinfo/wireguard
>> 
>> _______________________________________________
>> WireGuard mailing list
>> WireGuard@lists.zx2c4.com <mailto:WireGuard@lists.zx2c4.com>
>> https://lists.zx2c4.com/mailman/listinfo/wireguard <https://lists.zx2c4.com/mailman/listinfo/wireguard>

[-- Attachment #2: Type: text/html, Size: 6061 bytes --]

Re: Maximum number of interfaces + Debug

[Baptiste Jonglez]

[-- Attachment #1: Type: text/plain, Size: 2373 bytes --]

On Wed, Jan 11, 2017 at 10:49:26PM +0100, Will van Gulik wrote:
> Hi Baptiste,
> 
> > On 11 Jan 2017, at 10:58, Baptiste Jonglez <baptiste@bitsofnetworks.org> wrote:
> > 
> > Hi Will,
> > 
> > 
> > There have been backwards-incompatible changes recently: can you make sure
> > that you use the exact same wireguard version on all peers?
> 
> I was using the same version (Debian package 0.0.20161230-1 from
> Unstable). However my bug occured between the package version and the
> compiled version from 0.0.20170105 . So I'll retry with both same kernel
> modules. Because at least for that try, I have a mismatch. But for my
> previous experiments all the version were the same.

Ok then, I don't know what the issue might be.

> Additional question, is it better to use one interface with a big subnet
> and multiple remote peers or an interface by peer with a /30 or a /31 ?

It depends on your use-case.  As far as I remember, you were using OSPF on
top of Wireguard, weren't you?  In that case, you are forced to use one
interface per peer (with AllowedIPs = ::/0 on each interface).

Baptiste

> >> Any clue, ideas, else ?
> >> 
> >> Cheers,
> >> 
> >> Will
> >> 
> >>> On 03 Jan 2017, at 09:52, Will van Gulik <mailing-porcus@porcus.ch> wrote:
> >>> 
> >>> Hi,
> >>> 
> >>> I'm trying to use multiple wireguard tunnel in one VM at the same time, but it seems that only the first two I configured are working. I'm currently trying with 5 interfaces, I see the incoming packet in tcpdump but no reaction of the destination host with all the wg interfaces.
> >>> 
> >>> I'm not sure there is a limitation on that, I could totally have missed that. Should I use 1 interface with multiple peers rather than multiple interface ?
> >>> 
> >>> I'm testing that on a Debian with 4.8.7-1, running on a KVM host.
> >>> 
> >>> Any insight ?
> >>> 
> >>> Kind regards,
> >>> 
> >>> Will
> >>> _______________________________________________
> >>> WireGuard mailing list
> >>> WireGuard@lists.zx2c4.com
> >>> https://lists.zx2c4.com/mailman/listinfo/wireguard
> >> 
> >> _______________________________________________
> >> WireGuard mailing list
> >> WireGuard@lists.zx2c4.com <mailto:WireGuard@lists.zx2c4.com>
> >> https://lists.zx2c4.com/mailman/listinfo/wireguard <https://lists.zx2c4.com/mailman/listinfo/wireguard>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: Maximum number of interfaces + Debug

[Jason A. Donenfeld]

Send pcaps!

Re: Maximum number of interfaces + Debug

[Will van Gulik]

I'll do my tests again with kernel modules and will do pcaps too ;)

Thanks !

> On 12 Jan 2017, at 00:59, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> 
> Send pcaps!