unable to set allowed-ips

unable to set allowed-ips

[Thomas Sattler]

Hi there ...

I'm unable to set allowed-ips, I get

   "Unable to set device: Invalid argument"

when running

  # wg set wg0 peer 7KoA... allowed-ips 192.168.237.16/32


The last few line in strace are:

stat64("/var/run/wireguard/wg0.sock", 0xffc7a530) = -1 ENOENT (No such file 
or directory)
socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
ioctl(3, _IOC(0, 0x89, 0xf1, 0x00), 0xffc7a61c) = -1 EINVAL (Invalid argument)
dup(2)                                  = 4
fcntl64(4, F_GETFL)                     = 0x2 (flags O_RDWR)
fstat64(4, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 3), ...}) = 0
write(4, "Unable to set device: Invalid ar"..., 39Unable to set device: 
Invalid argument
) = 39
close(4)                                = 0
exit_group(1)                           = ?
+++ exited with 1 +++


I'm running a crosscompiled 64bit kernel on 32bit Gentoo
userland. (As I installed it more than 10 years ago.)

Kernel version is 4.10.5, WireGuard is 0.0.20170320.1

I'm neither using a Gentoo kernel nor Gentoo's WireGuard
package but compiled them on my own enabling all Kernel
Requirements mentioned at https://www.wireguard.io/install

Trying to connect an Arch Linux based system (where I can
set allowed-ips) both show that they did a handshake but
as the Gentoo box won't set allowed-ips for the Arch box,
the Gentoo box rejects its packages, complaining about
packets having unallowed src IPs. :-(

I tried several kernels and WireGuard snapshots within the
last weeks and also spend some time searching for "allowed-
ips" and "Invalid argument" but couldn't yet find anything.

Thomas


P.S.: In case it helps, here the output from 'wg' so far:

Gentoo:

   interface: wg0
     public key: 74DO...
     private key: (hidden)
     pre-shared key: (hidden)
     listening port: 22

   peer: 7KoA...
     endpoint: 192.168.2.16:22
     allowed ips: (none)
     latest handshake: 26 minutes, 32 seconds ago
     transfer: 890.99 KiB received, 240 B sent
     persistent keepalive: every 5 minutes, 36 seconds

Arch Linux:


   interface: wg0
     public key: 7KoA...
     private key: (hidden)
     pre-shared key: (hidden)
     listening port: 22

   peer: 74DO...
     endpoint: 192.168.2.17:22
     allowed ips: 192.168.237.17/32
     latest handshake: 29 minutes, 9 seconds ago
     transfer: 14.00 KiB received, 2.21 MiB sent

Re: unable to set allowed-ips

[Jason A. Donenfeld]

[-- Attachment #1: Type: text/plain, Size: 164 bytes --]

Be sure userland wg(8) is built from the same source as kernel land
wireguard module.

I'll have the module actually detect this mismatch itself in later versions.

[-- Attachment #2: Type: text/html, Size: 285 bytes --]

Re: unable to set allowed-ips

[Thomas Sattler]

Am 24.03.2017 um 02:15 schrieb Jason A. Donenfeld:
> Be sure userland wg(8) is built from the same source as kernel
> land wireguard module.

I'm not sure whether I understood that comment, but in case I did:
I cloned  https://git.zx2c4.com/WireGuard  and then run these two
commands:

  $ cd /usr/src/WireGuard/src/tools && make

and

  $ cd /usr/src/linux && 
/usr/src/WireGuard/contrib/kernel-tree/create-patch.sh | patch -sp1

The obvious difference seems to be that I used different compilers for
them:

  - sys-devel/gcc-4.9.4 for wg(8) and
  - cross-x86_64-pc-linux-gnu/gcc-4.9.4 for the kernel

Just in case the compiler is not the cause: Maybe my kernel config is
the problem? While I double checked to have everything activated that
was mentioned at https://www.wireguard.io/install (except IPv6 stuff)
there might be some other feature I have unset or set incompatible?

Thomas