As a follow up, wireguard-tools v1.0.20200102 also has the issue. I did think of updating nftables to the latest, but that then started dragging in too many other updated dependencies I wasn't comfortable with. So, as nftables currently isn't used on Slack, I renamed the binary so that wg-quick wouldn't find it, which allowed the connection to be made. Now all I need do is work out why the handshakes between client and server are working, but traffic doesn't flow. Cheers. On 1/2/2020 12:04 AM, Eddie wrote: > Not sure if this helps, or not. But this is the relevant part from a > bash trace: > > + cmd nft -f /dev/fd/63 > + echo '[#] nft -f /dev/fd/63' > [#] nft -f /dev/fd/63 > + nft -f /dev/fd/63 > ++ echo -n 'add table ip wg-quick-wg0 > add chain ip wg-quick-wg0 preraw { type filter hook prerouting > priority -300; } > add chain ip wg-quick-wg0 premangle { type filter hook prerouting > priority -150; } > add chain ip wg-quick-wg0 postmangle { type filter hook postrouting > priority -150; } > add rule ip wg-quick-wg0 preraw iifname != wg0 ip daddr 192.168.150.14 > fib saddr type != local drop > add rule ip wg-quick-wg0 postmangle meta l4proto udp mark 51820 ct > mark set mark > add rule ip wg-quick-wg0 premangle meta l4proto udp meta mark set ct mark > ' > /dev/fd/63:5:76-80: Error: syntax error, unexpected saddr > > ^^^^^ > Cheers. > > > On 1/1/2020 11:34 PM, Eddie wrote: >> Ha. Even older: >> >> root@The-Tardis:~# nft -v >> nftables v0.6 (Support Edward Snowden) >> >> >> And in reply to a couple of off-list messages: >> >> wireguard-tools-1.0.20191226 >> >> There are different reasons for using different VPNs. Can you really >> "totally" trust the one that you're using. >> >> Cheers. >> >> >> >> On 1/1/2020 10:22 PM, Edward Vielmetti wrote: >>> Eddie - what version of nftables does Slackware come with? The >>> output of `nft -v` should be helpful. >>> >>> There is a report from stackexchange that nftables at 0.7 gives this >>> error, but at 0.8.1 or better it's OK. I was not easily able to >>> verify that from the source code, but it would be where I'd start to >>> look. There was >>> >>> The nftables 0.8.1 release notes (from 2018) are here: >>> https://lwn.net/Articles/744480/ and it points to new syntax in this >>> release. >>> >>> good luck! >>> >>> Ed >>> >>> On Thu, Jan 2, 2020 at 12:27 AM Eddie >> > wrote: >>> >>> First time running wireguard as a native client on my Slackware >>> 14.2 >>> system throws this: >>> >>> root@The-Tardis:~# wg-quick up wg0 >>> [#] ip link add wg0 type wireguard >>> [#] wg setconf wg0 /dev/fd/63 >>> [#] ip -4 address add 192.168.150.14/32 >>> dev wg0 >>> [#] ip link set mtu 1420 up dev wg0 >>> [#] wg set wg0 fwmark 51820 >>> [#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820 >>> [#] ip -4 rule add not fwmark 51820 table 51820 >>> [#] ip -4 rule add table main suppress_prefixlength 0 >>> [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1 >>> [#] nft -f /dev/fd/63 >>> /dev/fd/63:5:76-80: Error: syntax error, unexpected saddr >>> >>> Fairly simple config to connect to my VPS: >>> >>> [Interface] >>> Address = 192.168.150.14/32 >>> PrivateKey = >>> >>> [Peer] >>> PublicKey = >>> Endpoint = www.xxx.yyy.zzz:51820 >>> AllowedIPs = 0.0.0.0/0 >>> >>> Not sure what additional information you need collected at this >>> point. >>> >>> I'm able to connect outbound successfully using NordVPN's >>> version of >>> wireguard, but that doesn't use wg-quick, which is where the >>> issue is. >>> >>> Cheers. >>> _______________________________________________ >>> WireGuard mailing list >>> WireGuard@lists.zx2c4.com >>> https://lists.zx2c4.com/mailman/listinfo/wireguard >>> >>> >>> >>> -- >>> Edward Vielmetti +1 734 330 2465 >>> edward.vielmetti@gmail.com >>> >> >> >> _______________________________________________ >> WireGuard mailing list >> WireGuard@lists.zx2c4.com >> https://lists.zx2c4.com/mailman/listinfo/wireguard > > > _______________________________________________ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard