All of lore.kernel.org
 help / color / mirror / Atom feed
* [wireguard-dev] Help about configuration
@ 2017-09-20 15:11 nicolas prochazka
       [not found] ` <CAHmME9qrtSm1Y-h9FfyXWVCmrvmtciFau0jG2144Yrwu=BRMig@mail.gmail.com>
  0 siblings, 1 reply; 4+ messages in thread
From: nicolas prochazka @ 2017-09-20 15:11 UTC (permalink / raw)
  To: WireGuard mailing list

Hello, can somebody tells me what I do wrong :
I can ping from server 1 --> client 1  ( ping fd00:14::8b5:8aff:fe85:f3ee ) .
but not from client 1 --> server1  ( ping fd00:14::8b5:8aff:fe85:f3ec )

we can notice
RX packets:230 errors:1112 dropped:0 overruns:0 frame:1112
on server side  seems strange

wireguard : v0.0.20170918]
kernel : 4.9.23 on client1
kernel : 4.4.0 on server 1


Regards,
Nicolas Prochazka

Server 1 :
ifconfig neocoretech_rd
neocoretech_rd Link encap:UNSPEC  HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet6 addr: fd00:14::8b5:8aff:fe85:f3ec/32 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1420  Metric:1
          RX packets:230 errors:1112 dropped:0 overruns:0 frame:1112
          TX packets:390 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:24672 (24.6 KB)  TX bytes:39104 (39.1 KB)


[52.209.226.5]~/resources/tunnelHelper>wg showconf neocoretech_rd
[Interface]
ListenPort = 6081
PrivateKey = mNHgDu3Nbusb3Xd8tI8imBkFgvnUSCjKGVP5qT8pi2Q=

[Peer]
PublicKey = 5zSx+CxgcjLKE2shpkTrLFgCHNOPM6r7TcuZ5cSx2AA=
AllowedIPs = fd00:14::8b5:8aff:fe85:f3ee/128
Endpoint = 77.156.254.18:25813

wg show neocoretech_rd
interface: neocoretech_rd
  public key: lrJtbn/Jfdb1NyIP78ls11uqAzjcWzDuD+x05RxFk20=
  private key: (hidden)
  listening port: 6081

peer: 5zSx+CxgcjLKE2shpkTrLFgCHNOPM6r7TcuZ5cSx2AA=
  endpoint: 77.156.254.18:25813
  allowed ips: fd00:14::8b5:8aff:fe85:f3ee/128
  latest handshake: 1 minute, 10 seconds ago
  transfer: 23.95 KiB received, 36.07 KiB sent



Client 1 :
ifconfig wg0
wg0       Link encap:UNSPEC  HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet6 addr: fd00:14::8b5:8aff:fe85:f3ee/8 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1420  Metric:1
          RX packets:230 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1366 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:23632 (23.0 KiB)  TX bytes:230352 (224.9 KiB)


[optimizer] wg showconf wg0
[Interface]
ListenPort = 6081
PrivateKey = IM0tv9xWcVBPhD7+Tny7LHnYu1YHBGCJbBr6fgCdZns=

[Peer]
PublicKey = lrJtbn/Jfdb1NyIP78ls11uqAzjcWzDuD+x05RxFk20=
AllowedIPs = ::/0
Endpoint = 52.209.226.5:6081
PersistentKeepalive = 25

wg show wg0
interface: wg0
  public key: 5zSx+CxgcjLKE2shpkTrLFgCHNOPM6r7TcuZ5cSx2AA=
  private key: (hidden)
  listening port: 6081

peer: lrJtbn/Jfdb1NyIP78ls11uqAzjcWzDuD+x05RxFk20=
  endpoint: 52.209.226.5:6081
  allowed ips: ::/0
  latest handshake: 37 seconds ago
  transfer: 22.99 KiB received, 215.96 KiB sent
  persistent keepalive: every 25 seconds

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [wireguard-dev] Help about configuration
       [not found]   ` <CAHmME9r0hXW8CT5wO10X-b-9HUBDzzvSAbnn69aFav+6ovxQGA@mail.gmail.com>
@ 2017-09-20 15:21     ` Jason A. Donenfeld
  2017-09-20 18:09       ` nicolas prochazka
  0 siblings, 1 reply; 4+ messages in thread
From: Jason A. Donenfeld @ 2017-09-20 15:21 UTC (permalink / raw)
  To: nicolas prochazka; +Cc: WireGuard mailing list

[-- Attachment #1: Type: text/plain, Size: 3107 bytes --]

Seems likely the wrong source IP is being used for sending the ping. Use
tcpdump on the initiating computer to make sure the source IP of the ping
packet matches the allowed-ips of the other machine.

--
Sent from my telephone.

On Sep 20, 2017 17:11, "nicolas prochazka" <prochazka.nicolas@gmail.com>
wrote:

Hello, can somebody tells me what I do wrong :
I can ping from server 1 --> client 1  ( ping fd00:14::8b5:8aff:fe85:f3ee )
.
but not from client 1 --> server1  ( ping fd00:14::8b5:8aff:fe85:f3ec )

we can notice
RX packets:230 errors:1112 dropped:0 overruns:0 frame:1112
on server side  seems strange

wireguard : v0.0.20170918]
kernel : 4.9.23 on client1
kernel : 4.4.0 on server 1


Regards,
Nicolas Prochazka

Server 1 :
ifconfig neocoretech_rd
neocoretech_rd Link encap:UNSPEC  HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet6 addr: fd00:14::8b5:8aff:fe85:f3ec/32 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1420  Metric:1
          RX packets:230 errors:1112 dropped:0 overruns:0 frame:1112
          TX packets:390 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:24672 (24.6 KB)  TX bytes:39104 (39.1 KB)


[52.209.226.5]~/resources/tunnelHelper>wg showconf neocoretech_rd
[Interface]
ListenPort = 6081
PrivateKey = mNHgDu3Nbusb3Xd8tI8imBkFgvnUSCjKGVP5qT8pi2Q=

[Peer]
PublicKey = 5zSx+CxgcjLKE2shpkTrLFgCHNOPM6r7TcuZ5cSx2AA=
AllowedIPs = fd00:14::8b5:8aff:fe85:f3ee/128
Endpoint = 77.156.254.18:25813

wg show neocoretech_rd
interface: neocoretech_rd
  public key: lrJtbn/Jfdb1NyIP78ls11uqAzjcWzDuD+x05RxFk20=
  private key: (hidden)
  listening port: 6081

peer: 5zSx+CxgcjLKE2shpkTrLFgCHNOPM6r7TcuZ5cSx2AA=
  endpoint: 77.156.254.18:25813
  allowed ips: fd00:14::8b5:8aff:fe85:f3ee/128
  latest handshake: 1 minute, 10 seconds ago
  transfer: 23.95 KiB received, 36.07 KiB sent



Client 1 :
ifconfig wg0
wg0       Link encap:UNSPEC  HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet6 addr: fd00:14::8b5:8aff:fe85:f3ee/8 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1420  Metric:1
          RX packets:230 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1366 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:23632 (23.0 KiB)  TX bytes:230352 (224.9 KiB)


[optimizer] wg showconf wg0
[Interface]
ListenPort = 6081
PrivateKey = IM0tv9xWcVBPhD7+Tny7LHnYu1YHBGCJbBr6fgCdZns=

[Peer]
PublicKey = lrJtbn/Jfdb1NyIP78ls11uqAzjcWzDuD+x05RxFk20=
AllowedIPs = ::/0
Endpoint = 52.209.226.5:6081
PersistentKeepalive = 25

wg show wg0
interface: wg0
  public key: 5zSx+CxgcjLKE2shpkTrLFgCHNOPM6r7TcuZ5cSx2AA=
  private key: (hidden)
  listening port: 6081

peer: lrJtbn/Jfdb1NyIP78ls11uqAzjcWzDuD+x05RxFk20=
  endpoint: 52.209.226.5:6081
  allowed ips: ::/0
  latest handshake: 37 seconds ago
  transfer: 22.99 KiB received, 215.96 KiB sent
  persistent keepalive: every 25 seconds
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

[-- Attachment #2: Type: text/html, Size: 4547 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [wireguard-dev] Help about configuration
  2017-09-20 15:21     ` Jason A. Donenfeld
@ 2017-09-20 18:09       ` nicolas prochazka
  2017-09-20 21:17         ` Jason A. Donenfeld
  0 siblings, 1 reply; 4+ messages in thread
From: nicolas prochazka @ 2017-09-20 18:09 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: WireGuard mailing list

hello,
you're right, sorry , it's just a old nat rule .
regards,
Nicolas

2017-09-20 17:21 GMT+02:00 Jason A. Donenfeld <Jason@zx2c4.com>:
> Seems likely the wrong source IP is being used for sending the ping. Use
> tcpdump on the initiating computer to make sure the source IP of the ping
> packet matches the allowed-ips of the other machine.
>
> --
> Sent from my telephone.
>
> On Sep 20, 2017 17:11, "nicolas prochazka" <prochazka.nicolas@gmail.com>
> wrote:
>
> Hello, can somebody tells me what I do wrong :
> I can ping from server 1 --> client 1  ( ping fd00:14::8b5:8aff:fe85:f3ee )
> .
> but not from client 1 --> server1  ( ping fd00:14::8b5:8aff:fe85:f3ec )
>
> we can notice
> RX packets:230 errors:1112 dropped:0 overruns:0 frame:1112
> on server side  seems strange
>
> wireguard : v0.0.20170918]
> kernel : 4.9.23 on client1
> kernel : 4.4.0 on server 1
>
>
> Regards,
> Nicolas Prochazka
>
> Server 1 :
> ifconfig neocoretech_rd
> neocoretech_rd Link encap:UNSPEC  HWaddr
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>           inet6 addr: fd00:14::8b5:8aff:fe85:f3ec/32 Scope:Global
>           UP POINTOPOINT RUNNING NOARP  MTU:1420  Metric:1
>           RX packets:230 errors:1112 dropped:0 overruns:0 frame:1112
>           TX packets:390 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1
>           RX bytes:24672 (24.6 KB)  TX bytes:39104 (39.1 KB)
>
>
> [52.209.226.5]~/resources/tunnelHelper>wg showconf neocoretech_rd
> [Interface]
> ListenPort = 6081
> PrivateKey = mNHgDu3Nbusb3Xd8tI8imBkFgvnUSCjKGVP5qT8pi2Q=
>
> [Peer]
> PublicKey = 5zSx+CxgcjLKE2shpkTrLFgCHNOPM6r7TcuZ5cSx2AA=
> AllowedIPs = fd00:14::8b5:8aff:fe85:f3ee/128
> Endpoint = 77.156.254.18:25813
>
> wg show neocoretech_rd
> interface: neocoretech_rd
>   public key: lrJtbn/Jfdb1NyIP78ls11uqAzjcWzDuD+x05RxFk20=
>   private key: (hidden)
>   listening port: 6081
>
> peer: 5zSx+CxgcjLKE2shpkTrLFgCHNOPM6r7TcuZ5cSx2AA=
>   endpoint: 77.156.254.18:25813
>   allowed ips: fd00:14::8b5:8aff:fe85:f3ee/128
>   latest handshake: 1 minute, 10 seconds ago
>   transfer: 23.95 KiB received, 36.07 KiB sent
>
>
>
> Client 1 :
> ifconfig wg0
> wg0       Link encap:UNSPEC  HWaddr
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>           inet6 addr: fd00:14::8b5:8aff:fe85:f3ee/8 Scope:Global
>           UP POINTOPOINT RUNNING NOARP  MTU:1420  Metric:1
>           RX packets:230 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:1366 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1
>           RX bytes:23632 (23.0 KiB)  TX bytes:230352 (224.9 KiB)
>
>
> [optimizer] wg showconf wg0
> [Interface]
> ListenPort = 6081
> PrivateKey = IM0tv9xWcVBPhD7+Tny7LHnYu1YHBGCJbBr6fgCdZns=
>
> [Peer]
> PublicKey = lrJtbn/Jfdb1NyIP78ls11uqAzjcWzDuD+x05RxFk20=
> AllowedIPs = ::/0
> Endpoint = 52.209.226.5:6081
> PersistentKeepalive = 25
>
> wg show wg0
> interface: wg0
>   public key: 5zSx+CxgcjLKE2shpkTrLFgCHNOPM6r7TcuZ5cSx2AA=
>   private key: (hidden)
>   listening port: 6081
>
> peer: lrJtbn/Jfdb1NyIP78ls11uqAzjcWzDuD+x05RxFk20=
>   endpoint: 52.209.226.5:6081
>   allowed ips: ::/0
>   latest handshake: 37 seconds ago
>   transfer: 22.99 KiB received, 215.96 KiB sent
>   persistent keepalive: every 25 seconds
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>
>

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [wireguard-dev] Help about configuration
  2017-09-20 18:09       ` nicolas prochazka
@ 2017-09-20 21:17         ` Jason A. Donenfeld
  0 siblings, 0 replies; 4+ messages in thread
From: Jason A. Donenfeld @ 2017-09-20 21:17 UTC (permalink / raw)
  To: nicolas prochazka; +Cc: WireGuard mailing list

Hi Nicolas,

Great that fixed it. Sometimes WireGuard can be a good diagnostic for
figuring out various network misconfigurations, because WireGuard's
allowed-ips binding is very strict and explicit.

By the way, you might want to change your private key to something
new, since your first email contained these in plaintext.

Jason

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-09-20 20:50 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-20 15:11 [wireguard-dev] Help about configuration nicolas prochazka
     [not found] ` <CAHmME9qrtSm1Y-h9FfyXWVCmrvmtciFau0jG2144Yrwu=BRMig@mail.gmail.com>
     [not found]   ` <CAHmME9r0hXW8CT5wO10X-b-9HUBDzzvSAbnn69aFav+6ovxQGA@mail.gmail.com>
2017-09-20 15:21     ` Jason A. Donenfeld
2017-09-20 18:09       ` nicolas prochazka
2017-09-20 21:17         ` Jason A. Donenfeld

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.