From: Wojtek Swiatek <w@swtk.info>
To: wireguard@lists.zx2c4.com
Subject: How to debug wireguard on the server?
Date: Tue, 26 Feb 2019 10:59:06 +0100 [thread overview]
Message-ID: <CAPRYYOZY_fPDkQyebrY6vu7CTvzHoniHyhiZwNHLS6zfgk5JQg@mail.gmail.com> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 2606 bytes --]
Hello everyone
I am trying to set up wireguard on a Linux server (Ubuntu 18.04) and I am
having some issues. The configuration of the server:
[Interface]
Address = 192.168.20.1/24
ListenPort = 51820
PrivateKey = UbuntuPrivateKey
# the laptop I want to connect from
[Peer]
# this public key is derived from the laptop's private key LaptopPrivateKey
PublicKey = kExj276RLpqCZoDdOYHiq4FQHKA94y0eY1W/ptvT2y4=
AllowedIPs = 192.168.20.0/24
Bringing up the wg0 interface via wg-quick is OK:
root@srv ~# wg
interface: wg0
public key: A7MreEBC3maH305tVrU0HEoQrBhy+An6KlvZ+z9KFRA=
private key: (hidden)
listening port: 51820
peer: kExj276RLpqCZoDdOYHiq4FQHKA94y0eY1W/ptvT2y4=
allowed ips: 192.168.20.0/24
I have a client peer configured as well:
[Interface]
Address = 192.168.20.2/24
ListenPort = 51820
PrivateKey = LaptopPrivateKey
# the server I want to connect to
[Peer]
# this public key is derived from the server's private key UbuntuPrivateKey
PublicKey = A7MreEBC3maH305tVrU0HEoQrBhy+An6KlvZ+z9KFRA=
AllowedIPs = 192.168.20.0/24
# Address of the server
Endpoint = wireguard.example.com:51820
# Send periodic keepalives to ensure connection stays up behind NAT.
PersistentKeepalive = 25
When connecting from the client, I see handshake packets leaving it, and
arriving on the server - on its external interface:
root@srv ~# tcpdump -i eth0 port 51820 -vvv -X
tcpdump: listening on br0, link-type EN10MB (Ethernet), capture size 262144
bytes
10:35:29.386976 IP (tos 0x0, ttl 115, id 17333, offset 0, flags [none],
proto UDP (17), length 176)
91-244-238-14.rev.ltt.li.59958 > srv.swtk.info.51820: [udp sum ok] UDP,
length 148
0x0000: 4500 00b0 43b5 0000 7311 eeda 5bf4 ee0e E...C...s...[...
0x0010: c0a8 0a02 ea36 ca6c 009c 98e7 0100 0000 .....6.l........
0x0020: ac50 0f85 6ead 67f6 2c38 4b74 43c4 6388 .P..n.g.,8KtC.c.
0x0030: f594 1886 6699 f439 183e ad2b 0e02 4e13 ....f..9.>.+..N.
0x0040: c1a8 d14a f1c6 8d13 1f98 8c2c 6cfd dbf6 ...J.......,l...
0x0050: 9f2f 8d35 9073 bad1 ddd7 927e 0552 aadf ./.5.s.....~.R..
The same tcpdump command ran against wg0 does not show any traffic (but
maybe this is normal?)
The client keeps on sending handshake packets.
Q1: is there anything I should do in order for the packets to reach wg0, or
do they reach it but I just do not see that with tcpdump (sorry, I am not
well versed with virtual interfaces)
Q2: if there is nothing more to do than a wg-quick, is there a way to debug
the server to understand what happens with this handshake packet (= it is
rejected because ...)
Thanks!
[-- Attachment #1.2: Type: text/html, Size: 3766 bytes --]
[-- Attachment #2: Type: text/plain, Size: 148 bytes --]
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
next reply other threads:[~2019-03-20 22:38 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-26 9:59 Wojtek Swiatek [this message]
2019-03-21 6:21 ` How to debug wireguard on the server? Anatoli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAPRYYOZY_fPDkQyebrY6vu7CTvzHoniHyhiZwNHLS6zfgk5JQg@mail.gmail.com \
--to=w@swtk.info \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).