* wg-quick can't down my vpn I/F and DNS problem
@ 2017-05-02 15:27 Bzzzz
2017-05-02 16:31 ` Jason A. Donenfeld
0 siblings, 1 reply; 6+ messages in thread
From: Bzzzz @ 2017-05-02 15:27 UTC (permalink / raw)
To: wireguard
Debian jessie + backports - arch amd64
wireguard-dkms 0.0.20170421-wg1~zesty
wireguard-tools 0.0.20170421-wg1~zesty
======================================
Hi list,
I've a very simple setup:
LAN: 192.168.1.0/24
VPN: 10.11.12.0/24
if wg-quick raises the VPN smoothly and although it's working perfectly
and damned fast, if fails when trying to take it down with the
following error:
wg-quick: `vpnserver' is not a WireGuard interface
the only way I found to stop it is to use 2 lines:
ip link del vpnserver
rmmod wireguard
why is that?
The 2 machines I test on are also DNS, but once the vpn's connected, I
lose all possibility of name resolution - It might be tied to
resolvconf, but I'm not tough enough to know what to do.
(NB: I *want* these because bind is passing through dnscrypt-proxy,
leaving no traces of DNS external requests)
How can I fix that?
Jean-Yves
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: wg-quick can't down my vpn I/F and DNS problem
2017-05-02 15:27 wg-quick can't down my vpn I/F and DNS problem Bzzzz
@ 2017-05-02 16:31 ` Jason A. Donenfeld
2017-05-02 16:54 ` Bzzzz
0 siblings, 1 reply; 6+ messages in thread
From: Jason A. Donenfeld @ 2017-05-02 16:31 UTC (permalink / raw)
To: Bzzzz; +Cc: WireGuard mailing list
If your wg-quick config file is in /etc/wireguard and ends in ".conf"
then you can use `wg-quick down vpnserver`. Otherwise, please specify
the full path when calling wg-quick down.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: wg-quick can't down my vpn I/F and DNS problem
2017-05-02 16:31 ` Jason A. Donenfeld
@ 2017-05-02 16:54 ` Bzzzz
2017-05-02 17:08 ` Jason A. Donenfeld
0 siblings, 1 reply; 6+ messages in thread
From: Bzzzz @ 2017-05-02 16:54 UTC (permalink / raw)
To: Jason A. Donenfeld; +Cc: WireGuard mailing list
On Tue, 2 May 2017 18:31:14 +0200
"Jason A. Donenfeld" <Jason@zx2c4.com> wrote:
Oops, sorry for the PM, I put my answer back in the loop.
> If your wg-quick config file is in /etc/wireguard and ends in ".conf"
> then you can use `wg-quick down vpnserver`. Otherwise, please specify
> the full path when calling wg-quick down.
Hi Jason, very nice work BTW,
this is _exactly_ what I do, on the server and the client, I've:
/etc/wireguard/vpnserver.conf
/etc/wireguard/vpnclient.conf
I created 4 scripts: SERVER||CLIENT_WG_UP||DOWN.sh that use this syntax,
(it either fails when typing it in command line).
So the command issued are:
wg-quick up vpnserver (works perfectly)
wg-quick down vpnserver (fails)
and d=C2=B0 for the client.
My setup is basic (but may be wrong) on both srv & cli, here's the srv
one:
[Interface]
Address =3D 10.11.12.1/24
ListenPort =3D 1194
PresharedKey =3D =E2=80=A6
PrivateKey =3D =E2=80=A6
[Peer]
PublicKey =3D =E2=80=A6
AllowedIPs =3D 0.0.0.0/0
The VPN is working, I made a try yesterday, passing by my cell phone
to reach my site and was amazed by the speed 'cos I keep my phone in gsm
mode, otherwise it eats my battery alive (so ~20kB max speed on an old
Xperia x10).
This isn't really a problem, as I use 2 lines that do the work
correctly; however, the DNS problem is a real concern.
Jean-Yves
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: wg-quick can't down my vpn I/F and DNS problem
2017-05-02 16:54 ` Bzzzz
@ 2017-05-02 17:08 ` Jason A. Donenfeld
2017-05-02 17:17 ` Bzzzz
2017-05-09 22:20 ` Bzzzz
0 siblings, 2 replies; 6+ messages in thread
From: Jason A. Donenfeld @ 2017-05-02 17:08 UTC (permalink / raw)
To: Bzzzz; +Cc: WireGuard mailing list
[-- Attachment #1: Type: text/plain, Size: 1702 bytes --]
DNS is solved using the PostUp line. See the man page example -- `man
wg-quick`.
For your down error, can you send precise command line output?
--
Sent from my telephone.
On May 2, 2017 18:55, "Bzzzz" <lazyvirus@gmx.com> wrote:
> On Tue, 2 May 2017 18:31:14 +0200
> "Jason A. Donenfeld" <Jason@zx2c4.com> wrote:
>
> Oops, sorry for the PM, I put my answer back in the loop.
>
> > If your wg-quick config file is in /etc/wireguard and ends in ".conf"
> > then you can use `wg-quick down vpnserver`. Otherwise, please specify
> > the full path when calling wg-quick down.
>
> Hi Jason, very nice work BTW,
>
> this is _exactly_ what I do, on the server and the client, I've:
> /etc/wireguard/vpnserver.conf
> /etc/wireguard/vpnclient.conf
>
> I created 4 scripts: SERVER||CLIENT_WG_UP||DOWN.sh that use this syntax,
> (it either fails when typing it in command line).
>
> So the command issued are:
> wg-quick up vpnserver (works perfectly)
> wg-quick down vpnserver (fails)
> and d° for the client.
>
> My setup is basic (but may be wrong) on both srv & cli, here's the srv
> one:
>
> [Interface]
> Address = 10.11.12.1/24
> ListenPort = 1194
> PresharedKey = …
> PrivateKey = …
> [Peer]
> PublicKey = …
> AllowedIPs = 0.0.0.0/0
>
> The VPN is working, I made a try yesterday, passing by my cell phone
> to reach my site and was amazed by the speed 'cos I keep my phone in gsm
> mode, otherwise it eats my battery alive (so ~20kB max speed on an old
> Xperia x10).
>
> This isn't really a problem, as I use 2 lines that do the work
> correctly; however, the DNS problem is a real concern.
>
> Jean-Yves
>
[-- Attachment #2: Type: text/html, Size: 2425 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: wg-quick can't down my vpn I/F and DNS problem
2017-05-02 17:08 ` Jason A. Donenfeld
@ 2017-05-02 17:17 ` Bzzzz
2017-05-09 22:20 ` Bzzzz
1 sibling, 0 replies; 6+ messages in thread
From: Bzzzz @ 2017-05-02 17:17 UTC (permalink / raw)
To: Jason A. Donenfeld; +Cc: WireGuard mailing list
On Tue, 2 May 2017 19:08:10 +0200
"Jason A. Donenfeld" <Jason@zx2c4.com> wrote:
> DNS is solved using the PostUp line. See the man page example -- `man
> wg-quick`.
OK, I'm gonna see that.
> For your down error, can you send precise command line output?
Here's the startup:
# ./SERVER_WG_UP.sh=20
D=C3=A9marrage du SERVEUR VPN WireGuard
[#] ip link add vpnserver type wireguard
[#] wg setconf vpnserver /dev/fd/63
[#] ip address add 10.11.12.1/24 dev vpnserver
[#] ip link set vpnserver up
[#] wg set vpnserver fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev vpnserver table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
SERVEUR VPN WireGuard d=C3=A9marr=C3=A9
The ifconfig output:
vpnserver Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.11.12.1
P-t-P:10.11.12.1 Mask:255.255.255.0 UP POINTOPOINT RUNNING NOARP
MTU:1420 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:4 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1=20
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
The wg show vpnserver command output:
# wg show vpnserver
interface: vpnserver
public key: =E2=80=A6
private key: (hidden)
preshared key: (hidden)
listening port: 1194
fwmark: 0xca6c
peer: =E2=80=A6
allowed ips: 0.0.0.0/0
And finally the down command output:
# wg-quick down vpnserver
wg-quick: `vpnserver' is not a WireGuard interface
Jean-Yves
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: wg-quick can't down my vpn I/F and DNS problem
2017-05-02 17:08 ` Jason A. Donenfeld
2017-05-02 17:17 ` Bzzzz
@ 2017-05-09 22:20 ` Bzzzz
1 sibling, 0 replies; 6+ messages in thread
From: Bzzzz @ 2017-05-09 22:20 UTC (permalink / raw)
To: WireGuard mailing list
On Tue, 2 May 2017 19:08:10 +0200
"Jason A. Donenfeld" <Jason@zx2c4.com> wrote:
> DNS is solved using the PostUp line. See the man page example -- `man
> wg-quick`.
DNS problem solved: I deactivated openresolv.
JY
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-05-09 22:09 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-02 15:27 wg-quick can't down my vpn I/F and DNS problem Bzzzz
2017-05-02 16:31 ` Jason A. Donenfeld
2017-05-02 16:54 ` Bzzzz
2017-05-02 17:08 ` Jason A. Donenfeld
2017-05-02 17:17 ` Bzzzz
2017-05-09 22:20 ` Bzzzz
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.