From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, HTML_MESSAGE,MAILING_LIST_MULTI,NORMAL_HTTP_TO_IP,NUMERIC_HTTP_ADDR, SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1,WEIRD_PORT autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D325DC2D0DD for ; Thu, 2 Jan 2020 08:07:32 +0000 (UTC) Received: from krantz.zx2c4.com (krantz.zx2c4.com [192.95.5.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 74CBC215A4 for ; Thu, 2 Jan 2020 08:07:32 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 74CBC215A4 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=attglobal.net Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=wireguard-bounces@lists.zx2c4.com Received: from krantz.zx2c4.com (localhost [IPv6:::1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 5b494bf4; Thu, 2 Jan 2020 08:07:05 +0000 (UTC) Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id c7c87e24 for ; Thu, 2 Jan 2020 08:07:03 +0000 (UTC) Received: from p-impout001.msg.pkvw.co.charter.net (p-impout006aa.msg.pkvw.co.charter.net [47.43.26.137]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 6d947bbb for ; Thu, 2 Jan 2020 08:07:03 +0000 (UTC) Received: from [192.168.0.2] ([76.91.204.161]) by cmsmtp with ESMTP id mvSciftC2Q44QmvSciI1z8; Thu, 02 Jan 2020 08:04:02 +0000 X-Authority-Analysis: v=2.3 cv=S/SnP7kP c=1 sm=1 tr=0 a=rO8gbEbqGp3jIVlhlq3uIg==:117 a=rO8gbEbqGp3jIVlhlq3uIg==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=r77TgQKjGQsHNAKrUKIA:9 a=07d9gI8wAAAA:8 a=mHFh7uMkAAAA:8 a=aceowhZSAAAA:8 a=xP1ufChRAAAA:8 a=UGG5zPGqAAAA:8 a=pGLkceISAAAA:8 a=5-8dunJOOWyT9Ihb07UA:9 a=4sa-Dnq4cnCMcqws:21 a=BX_f-WoVnNfCKLVC:21 a=QEXdDO2ut3YA:10 a=bTZ3FDUYaMkA:10 a=1SC-I_OoR3IA:10 a=UNj90DokZAQA:10 a=qiWi7Edwir4A:10 a=69WVnREnm1wA:10 a=NWVoK91CQyQA:10 a=S5G5rcVzBIwTvdc5o6_T:22 a=0-dW2UBFgGQgl3lKmnmz:22 a=iHPWAAos0tpp0sCtupoA:9 a=xjrB8ZgXxoJGeOz8:21 a=s8axbc5YkcgSiijI:21 a=sD9zZIMEhLQS816f:21 a=_W_S_7VecoQA:10 a=1FFeGIo4sIMA:10 a=RPAUK0fq2fAA:10 a=e2CUPOnPG4QKp8I52DXD:22 a=HQEt9TzzOQq8o8QOxM_l:22 a=NMZokWJXTV_zCymGmvQm:22 a=SuU39FtTVyGER4vBZ3Sa:22 a=17ibUXfGiVyGqR_YBevW:22 Subject: Re: wg-quick: syntax error, unexpected saddr From: Eddie References: <3d6ae658-2184-5da2-ddaa-c4060419bee5@attglobal.net> To: WireGuard mailing list X-Clacks-Overhead: GNU Terry Pratchett Message-ID: Date: Thu, 2 Jan 2020 00:04:01 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1 MIME-Version: 1.0 In-Reply-To: <3d6ae658-2184-5da2-ddaa-c4060419bee5@attglobal.net> Content-Language: en-US X-CMAE-Envelope: MS4wfN8JV/ytSrc0N2WEHiQHqWmiKtrKcio3jybtCLQhR+ebawofoF9le5zYi3a50rdK1UQuEVvZxlXZyeRiXkEoq5fSEwaFEfHtvceCmiSt2n70RTm6Eevn CDMkok5ioBeCDgk7XjWWwCHqNdOwHKskTyYLvaftYow4yHfhqlIEwB3f0vv0uq8uuPNPy+ogKyl2uQ== X-BeenThere: wireguard@lists.zx2c4.com X-Mailman-Version: 2.1.15 Precedence: list Reply-To: stunnel@attglobal.net List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============5443419366082060356==" Errors-To: wireguard-bounces@lists.zx2c4.com Sender: "WireGuard" This is a multi-part message in MIME format. --===============5443419366082060356== Content-Type: multipart/alternative; boundary="------------0D75387F5D6624EE35A73FE4" Content-Language: en-US This is a multi-part message in MIME format. --------------0D75387F5D6624EE35A73FE4 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Not sure if this helps, or not.  But this is the relevant part from a bash trace: + cmd nft -f /dev/fd/63 + echo '[#] nft -f /dev/fd/63' [#] nft -f /dev/fd/63 + nft -f /dev/fd/63 ++ echo -n 'add table ip wg-quick-wg0 add chain ip wg-quick-wg0 preraw { type filter hook prerouting priority -300; } add chain ip wg-quick-wg0 premangle { type filter hook prerouting priority -150; } add chain ip wg-quick-wg0 postmangle { type filter hook postrouting priority -150; } add rule ip wg-quick-wg0 preraw iifname != wg0 ip daddr 192.168.150.14 fib saddr type != local drop add rule ip wg-quick-wg0 postmangle meta l4proto udp mark 51820 ct mark set mark add rule ip wg-quick-wg0 premangle meta l4proto udp meta mark set ct mark ' /dev/fd/63:5:76-80: Error: syntax error, unexpected saddr ^^^^^ Cheers. On 1/1/2020 11:34 PM, Eddie wrote: > Ha.  Even older: > > root@The-Tardis:~# nft -v > nftables v0.6 (Support Edward Snowden) > > > And in reply to a couple of off-list messages: > > wireguard-tools-1.0.20191226 > > There are different reasons for using different VPNs.  Can you really > "totally" trust the one that you're using. > > Cheers. > > > > On 1/1/2020 10:22 PM, Edward Vielmetti wrote: >> Eddie - what version of nftables does Slackware come with? The output >> of `nft -v` should be helpful. >> >> There is a report from stackexchange that nftables at 0.7 gives this >> error, but at 0.8.1 or better it's OK. I was not easily able to >> verify that from the source code, but it would be where I'd start to >> look. There was >> >> The nftables 0.8.1 release notes (from 2018) are here: >> https://lwn.net/Articles/744480/ and it points to new syntax in this >> release. >> >> good luck! >> >> Ed >> >> On Thu, Jan 2, 2020 at 12:27 AM Eddie > > wrote: >> >> First time running wireguard as a native client on my Slackware 14.2 >> system throws this: >> >> root@The-Tardis:~# wg-quick up wg0 >> [#] ip link add wg0 type wireguard >> [#] wg setconf wg0 /dev/fd/63 >> [#] ip -4 address add 192.168.150.14/32 >> dev wg0 >> [#] ip link set mtu 1420 up dev wg0 >> [#] wg set wg0 fwmark 51820 >> [#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820 >> [#] ip -4 rule add not fwmark 51820 table 51820 >> [#] ip -4 rule add table main suppress_prefixlength 0 >> [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1 >> [#] nft -f /dev/fd/63 >> /dev/fd/63:5:76-80: Error: syntax error, unexpected saddr >> >> Fairly simple config to connect to my VPS: >> >> [Interface] >> Address = 192.168.150.14/32 >> PrivateKey = >> >> [Peer] >> PublicKey = >> Endpoint = www.xxx.yyy.zzz:51820 >> AllowedIPs = 0.0.0.0/0 >> >> Not sure what additional information you need collected at this >> point. >> >> I'm able to connect outbound successfully using NordVPN's version of >> wireguard, but that doesn't use wg-quick, which is where the >> issue is. >> >> Cheers. >> _______________________________________________ >> WireGuard mailing list >> WireGuard@lists.zx2c4.com >> https://lists.zx2c4.com/mailman/listinfo/wireguard >> >> >> >> -- >> Edward Vielmetti +1 734 330 2465 >> edward.vielmetti@gmail.com >> > > > _______________________________________________ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard --------------0D75387F5D6624EE35A73FE4 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit Not sure if this helps, or not.  But this is the relevant part from a bash trace:

+ cmd nft -f /dev/fd/63
+ echo '[#] nft -f /dev/fd/63'
[#] nft -f /dev/fd/63
+ nft -f /dev/fd/63
++ echo -n 'add table ip wg-quick-wg0
add chain ip wg-quick-wg0 preraw { type filter hook prerouting priority -300; }
add chain ip wg-quick-wg0 premangle { type filter hook prerouting priority -150; }
add chain ip wg-quick-wg0 postmangle { type filter hook postrouting priority -150; }
add rule ip wg-quick-wg0 preraw iifname != wg0 ip daddr 192.168.150.14 fib saddr type != local drop
add rule ip wg-quick-wg0 postmangle meta l4proto udp mark 51820 ct mark set mark
add rule ip wg-quick-wg0 premangle meta l4proto udp meta mark set ct mark
'
/dev/fd/63:5:76-80: Error: syntax error, unexpected saddr

                                                                           ^^^^^
Cheers.


On 1/1/2020 11:34 PM, Eddie wrote:
Ha.  Even older:

root@The-Tardis:~# nft -v
nftables v0.6 (Support Edward Snowden)


And in reply to a couple of off-list messages:

wireguard-tools-1.0.20191226

There are different reasons for using different VPNs.  Can you really "totally" trust the one that you're using.

Cheers.



On 1/1/2020 10:22 PM, Edward Vielmetti wrote:
Eddie - what version of nftables does Slackware come with? The output of `nft -v` should be helpful.

There is a report from stackexchange that nftables at 0.7 gives this error, but at 0.8.1 or better it's OK. I was not easily able to verify that from the source code, but it would be where I'd start to look. There was 

The nftables 0.8.1 release notes (from 2018) are here: https://lwn.net/Articles/744480/ and it points to new syntax in this release.

good luck!

Ed

On Thu, Jan 2, 2020 at 12:27 AM Eddie <stunnel@attglobal.net> wrote:
First time running wireguard as a native client on my Slackware 14.2
system throws this:

root@The-Tardis:~# wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 192.168.150.14/32 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] nft -f /dev/fd/63
/dev/fd/63:5:76-80: Error: syntax error, unexpected saddr

Fairly simple config to connect to my VPS:

[Interface]
Address = 192.168.150.14/32
PrivateKey = <Not the key you're looking for>

[Peer]
PublicKey = <Just being overly paranoid>
Endpoint = www.xxx.yyy.zzz:51820
AllowedIPs = 0.0.0.0/0

Not sure what additional information you need collected at this point.

I'm able to connect outbound successfully using NordVPN's version of
wireguard, but that doesn't use wg-quick, which is where the issue is.

Cheers.
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard


--
Edward Vielmetti +1 734 330 2465 



_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

--------------0D75387F5D6624EE35A73FE4-- --===============5443419366082060356== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard --===============5443419366082060356==--