How to debug wireguard on the server?

From: Wojtek Swiatek <w@swtk.info>
To: wireguard@lists.zx2c4.com
Subject: How to debug wireguard on the server?
Date: Tue, 26 Feb 2019 10:59:06 +0100	[thread overview]
Message-ID: <CAPRYYOZY_fPDkQyebrY6vu7CTvzHoniHyhiZwNHLS6zfgk5JQg@mail.gmail.com> (raw)

[-- Attachment #1.1: Type: text/plain, Size: 2606 bytes --]

Hello everyone

I am trying to set up wireguard on a Linux server (Ubuntu 18.04) and I am
having some issues. The configuration of the server:

[Interface]
Address = 192.168.20.1/24
ListenPort = 51820
PrivateKey = UbuntuPrivateKey

# the laptop I want to connect from
[Peer]
# this public key is derived from the laptop's private key LaptopPrivateKey
PublicKey = kExj276RLpqCZoDdOYHiq4FQHKA94y0eY1W/ptvT2y4=
AllowedIPs = 192.168.20.0/24

Bringing up the wg0 interface via wg-quick is OK:

root@srv ~# wg
interface: wg0
  public key: A7MreEBC3maH305tVrU0HEoQrBhy+An6KlvZ+z9KFRA=
  private key: (hidden)
  listening port: 51820

peer: kExj276RLpqCZoDdOYHiq4FQHKA94y0eY1W/ptvT2y4=
  allowed ips: 192.168.20.0/24

I have a client peer configured as well:

[Interface]
Address = 192.168.20.2/24
ListenPort = 51820
PrivateKey = LaptopPrivateKey

# the server I want to connect to
[Peer]
# this public key is derived from the server's private key UbuntuPrivateKey
PublicKey = A7MreEBC3maH305tVrU0HEoQrBhy+An6KlvZ+z9KFRA=
AllowedIPs = 192.168.20.0/24
# Address of the server
Endpoint = wireguard.example.com:51820
# Send periodic keepalives to ensure connection stays up behind NAT.
PersistentKeepalive = 25

When connecting from the client, I see handshake packets leaving it, and
arriving on the server - on its external interface:

root@srv ~# tcpdump -i eth0 port 51820 -vvv -X
tcpdump: listening on br0, link-type EN10MB (Ethernet), capture size 262144
bytes
10:35:29.386976 IP (tos 0x0, ttl 115, id 17333, offset 0, flags [none],
proto UDP (17), length 176)
    91-244-238-14.rev.ltt.li.59958 > srv.swtk.info.51820: [udp sum ok] UDP,
length 148
        0x0000:  4500 00b0 43b5 0000 7311 eeda 5bf4 ee0e  E...C...s...[...
        0x0010:  c0a8 0a02 ea36 ca6c 009c 98e7 0100 0000  .....6.l........
        0x0020:  ac50 0f85 6ead 67f6 2c38 4b74 43c4 6388  .P..n.g.,8KtC.c.
        0x0030:  f594 1886 6699 f439 183e ad2b 0e02 4e13  ....f..9.>.+..N.
        0x0040:  c1a8 d14a f1c6 8d13 1f98 8c2c 6cfd dbf6  ...J.......,l...
        0x0050:  9f2f 8d35 9073 bad1 ddd7 927e 0552 aadf  ./.5.s.....~.R..

The same tcpdump command ran against wg0 does not show any traffic (but
maybe this is normal?)

The client keeps on sending handshake packets.

Q1: is there anything I should do in order for the packets to reach wg0, or
do they reach it but I just do not see that with tcpdump (sorry, I am not
well versed with virtual interfaces)
Q2: if there is nothing more to do than a wg-quick, is there a way to debug
the server to understand what happens with this handshake packet (= it is
rejected because ...)

Thanks!

[-- Attachment #1.2: Type: text/html, Size: 3766 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard