From: "Hendrik Friedel" <hendrik@friedels.name>
To: "Max R. P. Grossmann" <m@max.pm>, wireguard@lists.zx2c4.com
Subject: Re[4]: Connection works, ping does not
Date: Sat, 28 Nov 2020 16:50:06 +0000 [thread overview]
Message-ID: <em0d8407bb-2467-41ad-9d4d-5db6dabbe1c6@desktop-g0r648m> (raw)
In-Reply-To: <em1f4c294f-4708-4a7c-b268-300b1b5df65d@desktop-g0r648m>
Hello,
in the mail below the mtr results as picture, as "mtr" opens a GUI for
me.
Here the results again, but from the commandline:
homeserver.fritz.box (2003:xxxxxxxxx:feaa:27bb)
2020-11-28T17:39:11+0100
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host
Loss% Snt Last Avg Best
Wrst StDev
1. p200300cb972aa0009ec7a6fffefd3a69.dip0.t-ipconnect.de
0.0% 15 0.5 0.5 0.5
0.7 0.1
2. 2003:0:8501::1
0.0% 15 7.9 13.1 7.5
47.7 11.1
3. ???
4. ???
5. ddf-b2-v6.telia.net
0.0% 14 75.9 81.7 75.9
96.7 5.0
6. glasfaser-svc070650-ic356771.c.telia.net
76.9% 14 78.2 81.0 78.2
82.4 2.4
7. 2a00:6020:0:a::2
0.0% 14 82.5 79.7 72.0
83.2 3.4
8. lo1007.kr1.dc1-bor.dg-ao.de
0.0% 14 81.8 82.9 68.1
87.6 4.9
9. 2a00:6020:1000:3:dd0e:7f3d:d93e:f23d
0.0% 14 84.0 85.6 71.6
90.5 5.0
10. 2a00:yyyyyyyyyyy:fe7f:c33a
0.0% 14 84.3 84.1 77.4 88.9 3.8
and in the opposite direction
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host
Loss% Snt Last Avg Best
Wrst StDev
1. fritz.box
0.0% 15 0.5 0.5 0.4
0.8 0.0
2. ???
3. 2a00:6020:0:a::1
20.0% 15 7.5 7.6 7.5
8.5 0.0
4. ddf-b2-link.telia.net
0.0% 15 6.2 7.7 6.0
26.8 5.3
5. ???
6. hbg-b2-v6.telia.net
26.7% 15 12.9 13.0 12.8
14.0 0.0
7. 2003:0:1400:c004::1
33.3% 15 71.6 72.1 68.7
75.9 2.8
8. 2003:0:8501::1
0.0% 14 80.2 76.9 69.1
80.3 3.1
9. ddddddddddddd.dip0.t-ipconnect.de
0.0% 14 83.6 85.4 66.0 92.9 6.2
There are many packet losses, as far as I see.
But also many packets seem to go through (never 100% loss).
Does that help?
Regards,
Hendrik
>
>------ Originalnachricht ------
>Von: "Hendrik Friedel" <hendrik@friedels.name>
>An: "Max R. P. Grossmann" <m@max.pm>
>Cc: wireguard@lists.zx2c4.com
>Gesendet: 23.11.2020 21:37:24
>Betreff: Re[2]: Connection works, ping does not
>
>>Hello Max,
>>
>>thanks for your reply.
>>
>>>
>>>Could it be that some kind of firewall is restricting UDP traffic to your other server?
>>>
>>Well, locally, I do use this machine as Host for many tunnels.
>>
>>
>>>
>>>E.g. could you try to run `mtr --udp [other server's public IP address]` on your computer (while disabling your other WireGuard connection, if applicable) and report back whether there is any kind of packet loss?
>>I used traceroute on the commandline for this:
>>
>>Remote_
>>
>>wg-quick up wgnet0
>>[#] ip link add wgnet0 type wireguard
>>[#] wg setconf wgnet0 /dev/fd/63
>>[#] ip -4 address add 10.192.122.3/32 dev wgnet0
>>[#] ip link set mtu 1420 up dev wgnet0
>>[#] wg set wgnet0 fwmark 51820
>>[#] ip -4 route add 0.0.0.0/0 dev wgnet0 table 51820
>>[#] ip -4 rule add not fwmark 51820 table 51820
>>[#] ip -4 rule add table main suppress_prefixlength 0
>>
>>root@openmediavault:/etc/wireguard# wg show
>>interface: wgnet0
>> public key: cebXSaxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxMFw=
>> private key: (hidden)
>> listening port: 42759
>> fwmark: 0xca6c
>>
>>peer: oNjmmmmmmmmmmmmmmmmmmmmmmmmmmmmU=
>> endpoint: [2003:cb:97ff:33d8:9ec7:a6ff:fefd:3a6d]:51820
>> allowed ips: 0.0.0.0/0
>> transfer: 0 B received, 444 B sent
>> persistent keepalive: every 25 seconds
>>
>>
>>Local:
>>traceroute to 2a00:sdfs:sdfsdf:sdfs:erre:ereee:sdf:c33a (2a00:sdfs:sdfsdf:sdfs:erre:ereee:sdf:c33a), 30 hops max, 80 byte packets
>> 1 p200300cb9733ca009ec7a6fffefd3a69.dip0.t-ipconnect.de (2003:cb:9733:ca00:9ec7:a6ff:fefd:3a69) 0.946 ms 3.435 ms 3.645 ms
>> 2 2003:0:8501::1 (2003:0:8501::1) 13.884 ms 13.839 ms 14.193 ms
>> 3 * * *
>> 4 2001:2000:3019:6b::1 (2001:2000:3019:6b::1) 86.609 ms 88.002 ms 87.874 ms
>> 5 ddf-b2-v6.telia.net (2001:2000:3018:21::1) 88.137 ms 89.508 ms 89.639 ms
>> 6 * * *
>> 7 2a00:6020:0:b::2 (2a00:6020:0:b::2) 81.576 ms 81.989 ms 2a00:6020:0:a::2 (2a00:6020:0:a::2) 82.201 ms
>> 8 lo1007.kr1.dc1-bor.dg-ao.de (2a00:6020:1000:3::1) 86.281 ms 84.259 ms 85.760 ms
>> 9 2a00:xxxx:1000:3:yyyy:7f3d:d93e:f23d (2a00:xxxx:1000:3:yyyy:7f3d:d93e:f23d) 88.483 ms !X 87.579 ms !X 88.447 ms !X
>>
>>And here the mtr results (wg up and down)
>>https://1drv.ms/u/s!AvbzKdYzkh6gl0BVLcuR9eeWUaqj?e=9wKxSC
>>https://1drv.ms/u/s!AvbzKdYzkh6gl0HVwPz1FabOtemM?e=c7bCcB
>>
>>>If not, you may wish to check whether the port on the machine is reachable, e.g. by running `nc -v -l -u -p 12345` on your server and then executing `echo test | nc -u [server's IP] 12345`, to check whether the message arrives at the server.
>>
>>I am using the machine that is here, locally as server for many tunnels. So, the wireguard port is reachable.
>>On the remote machine, I have NOT done any port forwarding. Is that neccessary at all? I thought that only the machine that is NOT initiating the connection needs a port forwarding.
>>
>>Greetings,
>>Hendrik
>>
>>>
>>>
>>>Best,
>>>
>>>Max
>>>
>>>On 20/11/22 07:39pm, Hendrik Friedel wrote:
>>>> Hello,
>>>>
>>>> (I posted this a while ago, but it never appeared on the list; if the list is the wrong place for this question, please let me know; I would appreciate a hint for a more appropriate place)
>>>>
>>>> I am using wireguard to connect two machines.
>>>> My local server is connected to the internet via a router. I am using theis Server also for connecting other devices (e.g. mobile phones) to my home network. This works great.
>>>>
>>>> But when connecting to another server (both debian 10), I only get a successful connection, but no ping.
>>>> *My server:*
>>>>
>>>> wg show
>>>> interface: wgnet0
>>>> public key: xxxxx=
>>>> private key: (hidden)
>>>> listening port: 51820
>>>>
>>>> peer: sdfsdfsdfsdfsdfsdf=
>>>> endpoint: 109.41.64.83:15167
>>>> allowed ips: 10.192.122.2/32
>>>> latest handshake: 1 minute, 7 seconds ago
>>>> transfer: 10.95 MiB received, 40.35 MiB sent
>>>>
>>>> peer: yyyy=
>>>> endpoint: 185.22.142.254:51380
>>>> allowed ips: 10.192.122.3/32
>>>> transfer: 0 B received, 5.20 KiB sent
>>>>
>>>> peer: yyyy=
>>>> endpoint: 93.214.229.137:64119
>>>> allowed ips: 10.192.122.4/32
>>>>
>>>> peer: yyyy=
>>>> endpoint: 93.214.225.116:49819
>>>> allowed ips: 10.192.122.5/32
>>>>
>>>> peer: yyyy=
>>>> allowed ips: 10.192.122.6/32
>>>>
>>>> peer: yyyy=
>>>> allowed ips: 10.192.122.7/32
>>>>
>>>>
>>>> more /etc/wireguard/wgnet0.conf
>>>> [Interface]
>>>> Address = 10.192.122.1/24
>>>> SaveConfig = true
>>>> PostUp = iptables -A FORWARD -i wgnet0 -j ACCEPT; iptables -A FORWARD -o wgnet0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>>>> PostDown = iptables -D FORWARD -i wgnet0 -j ACCEPT; iptables -D FORWARD -o wgnet0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
>>>> ListenPort = 51820
>>>> PrivateKey = aaa=
>>>>
>>>> [Peer]
>>>> PublicKey = yyyy=
>>>> AllowedIPs = 10.192.122.2/32
>>>> Endpoint = 123.41.67.233:18314
>>>>
>>>> [Peer]
>>>> PublicKey = xxx=
>>>> AllowedIPs = 10.192.122.3/32
>>>> Endpoint = 123.22.142.254:51380
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ip route
>>>> default via 192.168.177.1 dev eth0 proto static
>>>> 10.192.122.0/24 dev wgnet0 proto kernel scope link src 10.192.122.1
>>>>
>>>> and the other side/server:
>>>>
>>>> interface: wgnet0
>>>> public key: xxxxx=
>>>> private key: (hidden)
>>>> listening port: 54004
>>>> fwmark: 0xca6c
>>>>
>>>> peer: yyyyy=
>>>> endpoint: [2003:cb:aaa:bbb:9ec7:a6ff:fefd:3a6d]:51820
>>>> allowed ips: 0.0.0.0/0
>>>> transfer: 0 B received, 2.75 KiB sent
>>>> persistent keepalive: every 25 seconds
>>>>
>>>>
>>>>
>>>> more wgnet0.conf
>>>> [Interface]
>>>> Address = 10.192.122.3/32
>>>> PrivateKey = xxxxx=
>>>>
>>>> [Peer]
>>>> PublicKey = yyyyy=
>>>> Endpoint = v.myfritz.net:51820
>>>> AllowedIPs = 0.0.0.0/0
>>>> PersistentKeepalive = 25
>>>>
>>>> It seems to me, that the connection is successfully established , but data is only transmitted in one direction.
>>>>
>>>> How can I find the reason?
>>>>
>>>> Regards,
>>>> Hendrik
>>>>
>
next prev parent reply other threads:[~2020-11-28 16:50 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-22 19:39 Connection works, ping does not Hendrik Friedel
2020-11-23 17:02 ` Max R. P. Grossmann
2020-11-23 20:37 ` Re[2]: " Hendrik Friedel
2020-11-23 22:16 ` Re[3]: " Hendrik Friedel
2020-11-28 16:50 ` Hendrik Friedel [this message]
2020-11-29 14:20 ` Re[4]: " Nikolai Lusan
2020-11-29 15:42 ` Re[6]: " Hendrik Friedel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=em0d8407bb-2467-41ad-9d4d-5db6dabbe1c6@desktop-g0r648m \
--to=hendrik@friedels.name \
--cc=m@max.pm \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.