* netns.sh: Sending cookie response for denied handshake
@ 2017-10-06 10:59 René van Dorst
2017-10-06 11:22 ` René van Dorst
0 siblings, 1 reply; 6+ messages in thread
From: René van Dorst @ 2017-10-06 10:59 UTC (permalink / raw)
To: WireGuard list
Hi Jason,
I was testing the latest version on my Cubox i4pro with netns.sh script.
Standard F26 kernel 4.13.4-200.fc26.armv7hl, on the device compiled
Wireguard 0.0.20171005.
First test fails.
But after I connect and disconnect with my home tunnel "wg-quick up
wg0", the test runs fine.
Also reload the module keeps the test working.
So it seems only on a fresh reboot it fails the test.
MESG + CONSOLE log:
[root@cubox tests]# ./netns.sh
[+] ip netns add wg-test-960-0
[+] ip netns add wg-test-960-1
[+] ip netns add wg-test-960-2
[+] NS0: ip link set up dev lo
[+] NS0: ip link add dev wg0 type wireguard
[ 291.156574] wireguard: wg0: Interface created
[+] NS0: ip link set wg0 netns wg-test-960-1
[+] NS0: ip link add dev wg0 type wireguard
[ 291.244318] wireguard: wg0: Interface created
[+] NS0: ip link set wg0 netns wg-test-960-2
[+] wg genkey
[+] wg genkey
[+] wg pubkey
[+] wg pubkey
[+] wg genpsk
[+] NS1: ip addr add 192.168.241.1/24 dev wg0
[+] NS1: ip addr add fd00::1/24 dev wg0
[+] NS2: ip addr add 192.168.241.2/24 dev wg0
[+] NS2: ip addr add fd00::2/24 dev wg0
[+] NS1: wg set wg0 private-key /dev/fd/63 listen-port 1 peer
WEteJQshsIwGXnjC/Bzz2+jM2ZVCWJJAp2YTeIKQGiw= preshared-key /dev/fd/62
allowed-ips 192.168.241.2/32,fd00::2/128
[ 291.520731] wireguard: wg0: Peer 3 created
[+] NS2: wg set wg0 private-key /dev/fd/63 listen-port 2 peer
cxbjGbjkKFIVIv/Pv4LTkpcy+u5Mha/iTdkWyCo8t04= preshared-key /dev/fd/62
allowed-ips 192.168.241.1/32,fd00::1/128
[ 291.577721] wireguard: wg0: Peer 4 created
[+] NS1: ip link set up dev wg0
[+] NS2: ip link set up dev wg0
[+] NS1: ip link show dev wg0
[+] NS1: wg set wg0 peer WEteJQshsIwGXnjC/Bzz2+jM2ZVCWJJAp2YTeIKQGiw=
endpoint 127.0.0.1:2
[+] NS2: wg set wg0 peer cxbjGbjkKFIVIv/Pv4LTkpcy+u5Mha/iTdkWyCo8t04=
endpoint 127.0.0.1:1
[+] NS2: ping -c 10 -f -W 1 192.168.241.1
PING 192.168.241.1 (192.168.241.1) 56(84) bytes of data.
.[ 291.798677] wireguard: wg0: Sending handshake initiation to peer 4
(127.0.0.1:1)
[ 291.800599] wireguard: wg0: Sending cookie response for denied
handshake message for 127.0.0.1:2
[ 291.800696] wireguard: wg0: Receiving cookie response from 127.0.0.1:1
.........
--- 192.168.241.1 ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 98ms
[+] NS0: ip link del dev wg0
[+] NS1: ip link del dev wg0
[ 293.004307] wireguard: wg0: Peer 3 (127.0.0.1:2) destroyed
[ 293.013305] wireguard: wg0: Interface deleted
[+] NS2: ip link del dev wg0
[ 293.064291] wireguard: wg0: Peer 4 (127.0.0.1:1) destroyed
[ 293.084298] wireguard: wg0: Interface deleted
[+] ip netns del wg-test-960-1
[+] ip netns del wg-test-960-2
[+] ip netns del wg-test-960-0
MESG + CONSOLE log after the failed test to home tunnel:
[root@cubox tests]# wg-quick up wg0
[#] ip link add wg0 type wireguard
[ 430.786542] wireguard: wg0: Interface created
[#] wg setconf wg0 /dev/fd/63
[ 435.854103] wireguard: wg0: Peer 5 created
[#] ip address add 10.0.0.2/24 dev wg0
[#] ip address add fd00::2/128 dev wg0
[#] ip link set mtu 1440 dev wg0
[#] ip link set wg0 up
[ 435.897244] wireguard: wg0: Sending keepalive packet to peer 5
(192.168.2.222:36464)
[ 435.897289] wireguard: wg0: Sending handshake initiation to peer 5
(192.168.2.222:36464)
[ 435.917129] wireguard: wg0: Receiving handshake response from peer
5 (192.168.2.222:36464)
[ 435.917175] wireguard: wg0: Keypair 1 created for peer 5
[#] ip route add fd00::/64 dev wg0
[root@cubox tests]#
[root@cubox tests]# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=4.35 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=9.00 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=8.84 ms
^C
--- 10.0.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 4.354/7.402/9.008/2.156 ms
[root@cubox tests]# [ 454.590369] wireguard: wg0: Sending keepalive
packet to peer 5 (192.168.2.222:36464)
[ 479.676530] wireguard: wg0: Sending keepalive packet to peer 5
(192.168.2.222:36464)
wg-quick down wg0
[#] ip link delete dev wg0
[ 487.218969] wireguard: wg0: Keypair 1 destroyed for peer 5
[ 487.240952] wireguard: wg0: Peer 5 (192.168.2.222:36464) destroyed
[ 487.259973] wireguard: wg0: Interface deleted
MESG + CONSOLE log after to home tunnel and manual terminated the test.:
[root@cubox tests]# ./netns.sh
[+] ip netns add wg-test-1076-0
[+] ip netns add wg-test-1076-1
[+] ip netns add wg-test-1076-2
[+] NS0: ip link set up dev lo
[+] NS0: ip link add dev wg0 type wireguard
[ 490.497685] wireguard: wg0: Interface created
[+] NS0: ip link set wg0 netns wg-test-1076-1
[+] NS0: ip link add dev wg0 type wireguard
[ 490.576768] wireguard: wg0: Interface created
[+] NS0: ip link set wg0 netns wg-test-1076-2
[+] wg genkey
[+] wg genkey
[+] wg pubkey
[+] wg pubkey
[+] wg genpsk
[+] NS1: ip addr add 192.168.241.1/24 dev wg0
[+] NS1: ip addr add fd00::1/24 dev wg0
[+] NS2: ip addr add 192.168.241.2/24 dev wg0
[+] NS2: ip addr add fd00::2/24 dev wg0
[+] NS1: wg set wg0 private-key /dev/fd/63 listen-port 1 peer
1Eb46rPrWmtxhAKilAlPfuXpVHIQOpt3di3WEpPkOQ4= preshared-key /dev/fd/62
allowed-ips 192.168.241.2/32,fd00::2/128
[ 490.852081] wireguard: wg0: Peer 6 created
[+] NS2: wg set wg0 private-key /dev/fd/63 listen-port 2 peer
hIzK+p/m7yHGVhbJedaZe8kDLURQi0bDY9Rr9a49GhI= preshared-key /dev/fd/62
allowed-ips 192.168.241.1/32,fd00::1/128
[ 490.910017] wireguard: wg0: Peer 7 created
[+] NS1: ip link set up dev wg0
[+] NS2: ip link set up dev wg0
[+] NS1: ip link show dev wg0
[+] NS1: wg set wg0 peer 1Eb46rPrWmtxhAKilAlPfuXpVHIQOpt3di3WEpPkOQ4=
endpoint 127.0.0.1:2
[+] NS2: wg set wg0 peer hIzK+p/m7yHGVhbJedaZe8kDLURQi0bDY9Rr9a49GhI=
endpoint 127.0.0.1:1
[+] NS2: ping -c 10 -f -W 1 192.168.241.1
PING 192.168.241.1 (192.168.241.1) 56(84) bytes of data.
.[ 491.105139] wireguard: wg0: Sending handshake initiation to peer 7
(127.0.0.1:1)
[ 491.108754] wireguard: wg0: Receiving handshake initiation from
peer 6 (127.0.0.1:2)
[ 491.108765] wireguard: wg0: Sending handshake response to peer 6
(127.0.0.1:2)
[ 491.112220] wireguard: wg0: Keypair 2 created for peer 6
[ 491.114402] wireguard: wg0: Receiving handshake response from peer
7 (127.0.0.1:1)
[ 491.114446] wireguard: wg0: Keypair 3 created for peer 7
--- 192.168.241.1 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 15ms
rtt min/avg/max/mdev = 0.350/1.544/10.808/3.089 ms, pipe 2, ipg/ewma
1.745/3.616 ms
[+] NS2: ip -stats link show dev wg0
[+] NS2: ping -c 10 -f -W 1 192.168.241.1
PING 192.168.241.1 (192.168.241.1) 56(84) bytes of data.
--- 192.168.241.1 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 4ms
rtt min/avg/max/mdev = 0.330/0.427/0.609/0.080 ms, ipg/ewma 0.546/0.464 ms
[+] NS1: ping -c 10 -f -W 1 192.168.241.2
PING 192.168.241.2 (192.168.241.2) 56(84) bytes of data.
--- 192.168.241.2 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 0.355/0.484/0.751/0.128 ms, ipg/ewma 0.614/0.550 ms
[+] NS2: ping6 -c 10 -f -W 1 fd00::1
PING fd00::1(fd00::1) 56 data bytes
--- fd00::1 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 0.376/0.490/0.732/0.120 ms, ipg/ewma 0.627/0.529 ms
[+] NS1: ping6 -c 10 -f -W 1 fd00::2
PING fd00::2(fd00::2) 56 data bytes
--- fd00::2 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 0.409/0.506/0.801/0.106 ms, ipg/ewma 0.662/0.575 ms
[+] NS2: wait for iperf:5201
[+] NS2: iperf3 -s -1 -B 192.168.241.2
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
[+] NS1: iperf3 -Z -n 1G -c 192.168.241.2
Connecting to host 192.168.241.2, port 5201
Accepted connection from 192.168.241.1, port 52278
[ 6] local 192.168.241.2 port 5201 connected to 192.168.241.1 port 52280
[ 5] local 192.168.241.1 port 52280 connected to 192.168.241.2 port 5201
[ ID] Interval Transfer Bandwidth
[ 6] 0.00-1.00 sec 23.6 MBytes 198 Mbits/sec
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 5] 0.00-1.00 sec 25.0 MBytes 210 Mbits/sec 0 477 KBytes
^C[ 6] 1.00-1.44 sec 11.4 MBytes 216 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth
[ 6] 0.00-1.44 sec 0.00 Bytes 0.00 bits/sec sender
[ 6] 0.00-1.44 sec 35.0 MBytes 203 Mbits/sec receiver
iperf3: interrupt - the server has terminated
[ 5] 1.00-1.43 sec 11.0 MBytes 216 Mbits/sec 0 526 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth Retr
[ 5] 0.00-1.43 sec 36.0 MBytes 212 Mbits/sec 0 sender
[ 5] 0.00-1.43 sec 0.00 Bytes 0.00 bits/sec receiver
iperf3: interrupt - the client has terminated
[+] NS0: ip link del dev wg0
[+] NS1: ip link del dev wg0
[ 493.248506] wireguard: wg0: Keypair 2 destroyed for peer 6
[ 493.268504] wireguard: wg0: Peer 6 (127.0.0.1:2) destroyed
[ 493.280524] wireguard: wg0: Interface deleted
[+] NS2: ip link del dev wg0
[ 493.310507] wireguard: wg0: Keypair 3 destroyed for peer 7
[ 493.325499] wireguard: wg0: Peer 7 (127.0.0.1:1) destroyed
[ 493.341519] wireguard: wg0: Interface deleted
[+] ip netns del wg-test-1076-1
[+] ip netns del wg-test-1076-2
[+] ip netns del wg-test-1076-0
EXTRA INFO:
[root@cubox tests]# uname -a
Linux cubox 4.13.4-200.fc26.armv7hl #1 SMP Thu Sep 28 22:34:11 UTC
2017 armv7l armv7l armv7l GNU/Linux
[root@cubox tests]# cat /proc/cpuinfo
processor : 0-3
model name : ARMv7 Processor rev 10 (v7l)
BogoMIPS : 6.00
Features : half thumb fastmult vfp edsp thumbee neon vfpv3 tls vfpd32
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x2
CPU part : 0xc09
CPU revision : 10
Hardware : Freescale i.MX6 Quad/DualLite (Device Tree)
Revision : 0000
Serial : 0000000000000000
[root@cubox tests]# gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/armv7hl-redhat-linux-gnueabi/7/lto-wrapper
Target: armv7hl-redhat-linux-gnueabi
Configured with: ../configure --enable-bootstrap
--enable-languages=c,c++,objc,obj-c++,fortran,ada,go,lto --prefix=/usr
--mandir=/usr/share/man --infodir=/usr/share/info
--with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-shared
--enable-threads=posix --enable-checking=release --enable-multilib
--with-system-zlib --enable-__cxa_atexit
--disable-libunwind-exceptions --enable-gnu-unique-object
--enable-linker-build-id --with-gcc-major-version-only
--with-linker-hash-style=gnu --enable-plugin --enable-initfini-array
--with-isl --disable-libmpx --enable-gnu-indirect-function
--disable-sjlj-exceptions --with-tune=cortex-a8 --with-arch=armv7-a
--with-float=hard --with-fpu=vfpv3-d16 --with-abi=aapcs-linux
--build=armv7hl-redhat-linux-gnueabi
Thread model: posix
gcc version 7.2.1 20170915 (Red Hat 7.2.1-2) (GCC)
Greats,
René van Dorst.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: netns.sh: Sending cookie response for denied handshake
2017-10-06 10:59 netns.sh: Sending cookie response for denied handshake René van Dorst
@ 2017-10-06 11:22 ` René van Dorst
2017-10-06 12:54 ` Jason A. Donenfeld
0 siblings, 1 reply; 6+ messages in thread
From: René van Dorst @ 2017-10-06 11:22 UTC (permalink / raw)
To: wireguard
Also WireGuard 0.0.20171001 has it.
[root@cubox tests]# ./netns.sh
[+] ip netns add wg-test-863-0
[+] ip netns add wg-test-863-1
[+] ip netns add wg-test-863-2
[+] NS0: ip link set up dev lo
[+] NS0: ip link add dev wg0 type wireguard
[ 172.621122] wireguard: loading out-of-tree module taints kernel.
[ 172.628391] wireguard: module verification failed: signature and/or
required
key missing - tainting
kernel
[ 172.642541] wireguard: routing table self-tests: pass
[ 172.650545] wireguard: nonce counter self-tests: pass
[ 172.660875] wireguard: curve25519 self-tests: pass
[ 172.665806] wireguard: chacha20poly1305 self-tests: pass
[ 172.673951] wireguard: blake2s self-tests: pass
[ 173.014255] wireguard: ratelimiter self-tests: pass
[ 173.019415] wireguard: WireGuard 0.0.20171001 loaded. See
www.wireguard.com f
or information.
[ 173.027933] wireguard: Copyright (C) 2015-2017 Jason A. Donenfeld
<Jason@zx2c
4.com>. All Rights
Reserved.
[ 173.040380] wireguard: wg0: Interface created
[+] NS0: ip link set wg0 netns wg-test-863-1
[+] NS0: ip link add dev wg0 type wireguard
[ 173.128583] wireguard: wg0: Interface created
[+] NS0: ip link set wg0 netns wg-test-863-2
[+] wg genkey
[+] wg genkey
[+] wg pubkey
[+] wg pubkey
[+] wg genpsk
[+] NS1: ip addr add 192.168.241.1/24 dev wg0
[+] NS1: ip addr add fd00::1/24 dev wg0
[+] NS2: ip addr add 192.168.241.2/24 dev wg0
[+] NS2: ip addr add fd00::2/24 dev wg0
[+] NS1: wg set wg0 private-key /dev/fd/63 listen-port 1 peer
xU8gpc+t5m8/Aa7+Vs
JXj/U7yS05L3+5ffVxLOOuWDw= preshared-key /dev/fd/62 allowed-ips
192.168.241.2/32
,fd00::2/128
[ 173.412056] wireguard: wg0: Peer 1 created
[+] NS2: wg set wg0 private-key /dev/fd/63 listen-port 2 peer
XdjZJkqTsFnVFO/gHW
Hf6Xqribof8bHd2BeFUZAjA2Y= preshared-key /dev/fd/62 allowed-ips
192.168.241.1/32
,fd00::1/128
[ 173.457206] wireguard: wg0: Peer 2 created
[+] NS1: ip link set up dev wg0
[+] NS2: ip link set up dev wg0
[+] NS1: ip link show dev wg0
[+] NS1: wg set wg0 peer xU8gpc+t5m8/Aa7+VsJXj/U7yS05L3+5ffVxLOOuWDw=
endpoint 1
27.0.0.1:2
[+] NS2: wg set wg0 peer XdjZJkqTsFnVFO/gHWHf6Xqribof8bHd2BeFUZAjA2Y=
endpoint 1
27.0.0.1:1
[+] NS2: ping -c 10 -f -W 1 192.168.241.1
PING 192.168.241.1 (192.168.241.1) 56(84) bytes of data.
.[ 173.687604] wireguard: wg0: Sending handshake initiation to peer 2
(127.0.0.
1:1)
[ 173.689508] wireguard: wg0: Sending cookie response for denied
handshake mess
age for 127.0.0.1:2
[ 173.689608] wireguard: wg0: Receiving cookie response from 127.0.0.1:1
.........
--- 192.168.241.1 ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 98ms
[+] NS0: ip link del dev wg0
[+] NS1: ip link del dev wg0
[ 174.898691] wireguard: wg0: Peer 1 (127.0.0.1:2) destroyed
[ 174.908717] wireguard: wg0: Interface deleted
[+] NS2: ip link del dev wg0
[ 174.960702] wireguard: wg0: Peer 2 (127.0.0.1:1) destroyed
[ 174.982706] wireguard: wg0: Interface deleted
[+] ip netns del wg-test-863-1
[+] ip netns del wg-test-863-2
[+] ip netns del wg-test-863-0
[root@cubox tests]#
[+] ip netns add wg-test-863-2
[+] NS0: ip link set up dev lo
[+] NS0: ip link add dev wg0 type wireguard
[ 172.621122] wireguard: loading out-of-tree module taints kernel.
[ 172.628391] wireguard: module verification failed: signature and/or
required key missing - tainting kernel
[ 172.642541] wireguard: routing table self-tests: pass
[ 172.650545] wireguard: nonce counter self-tests: pass
[ 172.660875] wireguard: curve25519 self-tests: pass
[ 172.665806] wireguard: chacha20poly1305 self-tests: pass
[ 172.673951] wireguard: blake2s self-tests: pass
[ 173.014255] wireguard: ratelimiter self-tests: pass
[ 173.019415] wireguard: WireGuard 0.0.20171001 loaded. See
www.wireguard.com for information.
[ 173.027933] wireguard: Copyright (C) 2015-2017 Jason A. Donenfeld
<Jason@zx2c4.com>. All Rights Reserved.
[ 173.040380] wireguard: wg0: Interface created
[+] NS0: ip link set wg0 netns wg-test-863-1
[+] NS0: ip link add dev wg0 type wireguard
[ 173.128583] wireguard: wg0: Interface created
[+] NS0: ip link set wg0 netns wg-test-863-2
[+] wg genkey
[+] wg genkey
[+] wg pubkey
[+] wg pubkey
[+] wg genpsk
[+] NS1: ip addr add 192.168.241.1/24 dev wg0
[+] NS1: ip addr add fd00::1/24 dev wg0
[+] NS2: ip addr add 192.168.241.2/24 dev wg0
[+] NS2: ip addr add fd00::2/24 dev wg0
[+] NS1: wg set wg0 private-key /dev/fd/63 listen-port 1 peer
xU8gpc+t5m8/Aa7+VsJXj/U7yS05L3+5ffVxLOOuWDw= preshared-key /dev/fd/62
allowed-ips 192.168.241.2/32,fd00::2/128
[ 173.412056] wireguard: wg0: Peer 1 created
[+] NS2: wg set wg0 private-key /dev/fd/63 listen-port 2 peer
XdjZJkqTsFnVFO/gHWHf6Xqribof8bHd2BeFUZAjA2Y= preshared-key /dev/fd/62
allowed-ips 192.168.241.1/32,fd00::1/128
[ 173.457206] wireguard: wg0: Peer 2 created
[+] NS1: ip link set up dev wg0
[+] NS2: ip link set up dev wg0
[+] NS1: ip link show dev wg0
[+] NS1: wg set wg0 peer xU8gpc+t5m8/Aa7+VsJXj/U7yS05L3+5ffVxLOOuWDw=
endpoint 127.0.0.1:2
[+] NS2: wg set wg0 peer XdjZJkqTsFnVFO/gHWHf6Xqribof8bHd2BeFUZAjA2Y=
endpoint 127.0.0.1:1
[+] NS2: ping -c 10 -f -W 1 192.168.241.1
PING 192.168.241.1 (192.168.241.1) 56(84) bytes of data.
.[ 173.687604] wireguard: wg0: Sending handshake initiation to peer 2
(127.0.0.1:1)
[ 173.689508] wireguard: wg0: Sending cookie response for denied
handshake message for 127.0.0.1:2
[ 173.689608] wireguard: wg0: Receiving cookie response from 127.0.0.1:1
.........
--- 192.168.241.1 ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 98ms
[+] NS0: ip link del dev wg0
[+] NS1: ip link del dev wg0
[ 174.898691] wireguard: wg0: Peer 1 (127.0.0.1:2) destroyed
[ 174.908717] wireguard: wg0: Interface deleted
[+] NS2: ip link del dev wg0
[ 174.960702] wireguard: wg0: Peer 2 (127.0.0.1:1) destroyed
[ 174.982706] wireguard: wg0: Interface deleted
[+] ip netns del wg-test-863-1
[+] ip netns del wg-test-863-2
[+] ip netns del wg-test-863-0
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: netns.sh: Sending cookie response for denied handshake
2017-10-06 11:22 ` René van Dorst
@ 2017-10-06 12:54 ` Jason A. Donenfeld
2017-10-06 13:48 ` René van Dorst
0 siblings, 1 reply; 6+ messages in thread
From: Jason A. Donenfeld @ 2017-10-06 12:54 UTC (permalink / raw)
To: René van Dorst; +Cc: WireGuard mailing list
Hey Ren=C3=A9,
Fascinating. Can you tell me if this fixes it? http://ix.io/ARe
Jason
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: netns.sh: Sending cookie response for denied handshake
2017-10-06 12:54 ` Jason A. Donenfeld
@ 2017-10-06 13:48 ` René van Dorst
2017-10-06 13:58 ` Jason A. Donenfeld
0 siblings, 1 reply; 6+ messages in thread
From: René van Dorst @ 2017-10-06 13:48 UTC (permalink / raw)
To: Jason A. Donenfeld; +Cc: WireGuard mailing list
Hi Jason,
Quoting "Jason A. Donenfeld" <Jason@zx2c4.com>:
> Hey René,
>
> Fascinating. Can you tell me if this fixes it? http://ix.io/ARe
>
> Jason
After a bit of more testing and testing you patch.
Old situation:
I noticed that netns.sh fails before uptime reach 5m (300s).
Connecting to my home tunnel always works within 5mins.
Test oneliner: dmesg -w & sleep 2 && while [ 1 ]; do date; uptime;
/usr/src/WireGuard/src/tests/netns.sh; sleep 10; done
Patched situation:
It works (tested it 3 times)
LOGGING with patch:
Fri Oct 6 15:36:17 CEST 2017
15:36:17 up 1 min, 1 user, load average: 0.75, 0.34, 0.13
[+] ip netns add wg-test-835-0
[+] ip netns add wg-test-835-1
[+] ip netns add wg-test-835-2
[+] NS0: ip link set up dev lo
[+] NS0: ip link add dev wg0 type wireguard
[ 107.537250] wireguard: loading out-of-tree module taints kernel.
[ 107.544470] wireguard: module verification failed: signature and/or
required key missing - tainting kernel
[ 107.558578] wireguard: routing table self-tests: pass
[ 107.566686] wireguard: nonce counter self-tests: pass
[ 107.577013] wireguard: curve25519 self-tests: pass
[ 107.581938] wireguard: chacha20poly1305 self-tests: pass
[ 107.590082] wireguard: blake2s self-tests: pass
[ 107.944704] wireguard: ratelimiter self-tests: pass
[ 107.949734] wireguard: WireGuard 0.0.20171005-dirty loaded. See
www.wireguard.com for information.
[ 107.958781] wireguard: Copyright (C) 2015-2017 Jason A. Donenfeld
<Jason@zx2c4.com>. All Rights Reserved.
[ 107.971666] wireguard: wg0: Interface created
[+] NS0: ip link set wg0 netns wg-test-835-1
[+] NS0: ip link add dev wg0 type wireguard
[ 108.055197] wireguard: wg0: Interface created
[+] NS0: ip link set wg0 netns wg-test-835-2
[+] wg genkey
[+] wg genkey
[+] wg pubkey
[+] wg pubkey
[+] wg genpsk
[+] NS1: ip addr add 192.168.241.1/24 dev wg0
[+] NS1: ip addr add fd00::1/24 dev wg0
[+] NS2: ip addr add 192.168.241.2/24 dev wg0
[+] NS2: ip addr add fd00::2/24 dev wg0
[+] NS1: wg set wg0 private-key /dev/fd/63 listen-port 1 peer
Fsp5iHWTDVoAHmtuDw6K2CBAG5/Xow4+09hdGvdXv1w= preshared-key /dev/fd/62
allowed-ips 192.168.241.2/32,fd00::2/128
[ 108.338023] wireguard: wg0: Peer 1 created
[+] NS2: wg set wg0 private-key /dev/fd/63 listen-port 2 peer
6VAZNmgmrNrfpYiU0BsThCXhF9wn7Z6UJybMy4vnWH0= preshared-key /dev/fd/62
allowed-ips 192.168.241.1/32,fd00::1/128
[ 108.390021] wireguard: wg0: Peer 2 created
[+] NS1: ip link set up dev wg0
[+] NS2: ip link set up dev wg0
[+] NS1: ip link show dev wg0
[+] NS1: wg set wg0 peer Fsp5iHWTDVoAHmtuDw6K2CBAG5/Xow4+09hdGvdXv1w=
endpoint 127.0.0.1:2
[+] NS2: wg set wg0 peer 6VAZNmgmrNrfpYiU0BsThCXhF9wn7Z6UJybMy4vnWH0=
endpoint 127.0.0.1:1
[+] NS2: ping -c 10 -f -W 1 192.168.241.1
PING 192.168.241.1 (192.168.241.1) 56(84) bytes of data.
.[ 108.622524] wireguard: wg0: Sending handshake initiation to peer 2
(127.0.0.1:1)
[ 108.625439] wireguard: wg0: Receiving handshake initiation from
peer 1 (127.0.0.1:2)
[ 108.625472] wireguard: wg0: Sending handshake response to peer 1
(127.0.0.1:2)
[ 108.628233] wireguard: wg0: Keypair 1 created for peer 1
[ 108.630247] wireguard: wg0: Receiving handshake response from peer
2 (127.0.0.1:1)
[ 108.630312] wireguard: wg0: Keypair 2 created for peer 2
--- 192.168.241.1 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 13ms
rtt min/avg/max/mdev = 0.298/1.309/8.785/2.495 ms, ipg/ewma 1.535/2.950 ms
[+] NS2: ip -stats link show dev wg0
[+] NS2: ping -c 10 -f -W 1 192.168.241.1
PING 192.168.241.1 (192.168.241.1) 56(84) bytes of data.
--- 192.168.241.1 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 0.325/0.427/0.624/0.087 ms, ipg/ewma 0.556/0.465 ms
[+] NS1: ping -c 10 -f -W 1 192.168.241.2
PING 192.168.241.2 (192.168.241.2) 56(84) bytes of data.
--- 192.168.241.2 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 0.350/0.489/0.772/0.137 ms, ipg/ewma 0.589/0.567 ms
[+] NS2: ping6 -c 10 -f -W 1 fd00::1
PING fd00::1(fd00::1) 56 data bytes
--- fd00::1 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 0.359/0.510/0.734/0.111 ms, ipg/ewma 0.632/0.544 ms
[+] NS1: ping6 -c 10 -f -W 1 fd00::2
PING fd00::2(fd00::2) 56 data bytes
--- fd00::2 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 0.374/0.514/0.744/0.116 ms, ipg/ewma 0.650/0.555 ms
[+] NS2: wait for iperf:5201
[+] NS2: iperf3 -s -1 -B 192.168.241.2
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
[+] NS1: iperf3 -Z -n 1G -c 192.168.241.2
Connecting to host 192.168.241.2, port 5201
Accepted connection from 192.168.241.1, port 57634
[ 6] local 192.168.241.2 port 5201 connected to 192.168.241.1 port 57636
[ 5] local 192.168.241.1 port 57636 connected to 192.168.241.2 port 5201
[ ID] Interval Transfer Bandwidth
[ 6] 0.00-1.00 sec 23.4 MBytes 197 Mbits/sec
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 5] 0.00-1.00 sec 25.0 MBytes 210 Mbits/sec 0 528 KBytes
[ 6] 1.00-2.00 sec 25.3 MBytes 212 Mbits/sec
[ 5] 1.00-2.00 sec 25.3 MBytes 212 Mbits/sec 0 528 KBytes
[ 6] 2.00-3.00 sec 25.2 MBytes 212 Mbits/sec
[ 5] 2.00-3.00 sec 25.5 MBytes 214 Mbits/sec 0 528 KBytes
[ 6] 3.00-4.00 sec 25.5 MBytes 214 Mbits/sec
[ 5] 3.00-4.00 sec 25.5 MBytes 214 Mbits/sec 0 585 KBytes
[ 6] 4.00-5.00 sec 26.0 MBytes 218 Mbits/sec
[ 5] 4.00-5.00 sec 25.8 MBytes 217 Mbits/sec 0 585 KBytes
[ 6] 5.00-6.00 sec 25.3 MBytes 212 Mbits/sec
[ 5] 5.00-6.00 sec 25.6 MBytes 214 Mbits/sec 0 585 KBytes
^C[ 6] 6.00-6.44 sec 11.3 MBytes 215 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 6.00-6.43 sec 11.2 MBytes 221 Mbits/sec 0 585 KBytes
[ ID] Interval Transfer Bandwidth
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth Retr
[ 6] 0.00-6.44 sec 0.00 Bytes 0.00 bits/sec sender
[ 5] 0.00-6.43 sec 164 MBytes 214 Mbits/sec 0 sender
[ 6] 0.00-6.44 sec 162 MBytes 211 Mbits/sec receiver
[ 5] 0.00-6.43 sec 0.00 Bytes 0.00 bits/sec receiver
iperf3: interrupt - the client has terminated
iperf3: interrupt - the server has terminated
[+] NS0: ip link del dev wg0
[+] NS1: ip link del dev wg0
[ 115.792219] net_ratelimit: 1 callbacks suppressed
[ 115.796990] wireguard: wg0: Keypair 1 destroyed for peer 1
[ 115.813215] wireguard: wg0: Peer 1 (127.0.0.1:2) destroyed
[ 115.825231] wireguard: wg0: Interface deleted
[+] NS2: ip link del dev wg0
[ 115.863200] wireguard: wg0: Keypair 2 destroyed for peer 2
[ 115.883191] wireguard: wg0: Peer 2 (127.0.0.1:1) destroyed
[ 115.900206] wireguard: wg0: Interface deleted
[+] ip netns del wg-test-835-1
[+] ip netns del wg-test-835-2
[+] ip netns del wg-test-835-0
Greats,
René
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: netns.sh: Sending cookie response for denied handshake
2017-10-06 13:48 ` René van Dorst
@ 2017-10-06 13:58 ` Jason A. Donenfeld
2017-10-06 14:03 ` Jason A. Donenfeld
0 siblings, 1 reply; 6+ messages in thread
From: Jason A. Donenfeld @ 2017-10-06 13:58 UTC (permalink / raw)
To: René van Dorst; +Cc: WireGuard mailing list
Hi Ren=C3=A9,
That makes sense. Jiffies is initialized to -300*HZ:
http://elixir.free-electrons.com/linux/latest/source/include/linux/jiffies.=
h#L170
Jason
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: netns.sh: Sending cookie response for denied handshake
2017-10-06 13:58 ` Jason A. Donenfeld
@ 2017-10-06 14:03 ` Jason A. Donenfeld
0 siblings, 0 replies; 6+ messages in thread
From: Jason A. Donenfeld @ 2017-10-06 14:03 UTC (permalink / raw)
To: René van Dorst; +Cc: WireGuard mailing list
Upstream commit:
https://git.zx2c4.com/WireGuard/commit/?id=64669564122e5112a01536cbe28e8c2159eb056b
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-10-06 13:34 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-10-06 10:59 netns.sh: Sending cookie response for denied handshake René van Dorst
2017-10-06 11:22 ` René van Dorst
2017-10-06 12:54 ` Jason A. Donenfeld
2017-10-06 13:48 ` René van Dorst
2017-10-06 13:58 ` Jason A. Donenfeld
2017-10-06 14:03 ` Jason A. Donenfeld
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.