WireGuard Archive on lore.kernel.org
 help / color / Atom feed
From: Lucian Cristian <luci@powerneth.ro>
To: wireguard@lists.zx2c4.com
Subject: Re: WireGuard Bug?
Date: Sat, 18 May 2019 20:03:52 +0300
Message-ID: <e7eee97b-ce4e-5179-cf9c-4ed714140f27@powerneth.ro> (raw)
In-Reply-To: <VI1PR08MB430161EDE2737ABEF683CDC7900B0@VI1PR08MB4301.eurprd08.prod.outlook.com>

[-- Attachment #1.1: Type: text/plain, Size: 1390 bytes --]

On 17.05.2019 09:34, . . wrote:
> Hi,
>
> I am using WireGuard on a Raspberry Pi 3 B+ with Raspbian Stretch and 
> 4.14.98-v7+ kernel.
> Now this works great for me and is very efficient, however I tried to 
> add a lot of routes on one of the "spoke/client" nodes, 517 routes to 
> be exact.
> If I do this, WireGuard stops working, tcpdump shows the traffic being 
> sent out the wg0 interface but never actually being processed by 
> wireguard, meaning the encapsulated packet to the "hub" never leaves.
>
> So I tried doing this with wg instead of wg-quick and this works fine 
> until I actually add a lot of the routes to the routing table, the 
> sweet spot seems to be 384. If 383 routes are present in the routing 
> table, wg will still work but if I add one more, all previously 
> working ones dont anymore, if I reduce it again to <=383 then it 
> starts working again. wg itself doesnt mind having all those routes 
> (wg show) but I wonder if it tries to read the routing table as well 
> for some reason?
>
> Appreciate any insight/help on this, thanks.
> Chris
>
>
>
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard

did you tried using dynamic routing ? or it can't be applied ? I have 
262 routes available so can't confirm if dynamic routing will work


Regards


[-- Attachment #1.2: Type: text/html, Size: 2786 bytes --]

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html;
      charset=windows-1252">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">On 17.05.2019 09:34, . . wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:VI1PR08MB430161EDE2737ABEF683CDC7900B0@VI1PR08MB4301.eurprd08.prod.outlook.com">
      <meta http-equiv="Content-Type" content="text/html;
        charset=windows-1252">
      <style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
      <div style="font-family: Calibri, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
      </div>
      <span>Hi,<br>
      </span>
      <div><br>
      </div>
      <div>I am using WireGuard on a Raspberry Pi 3 B+ with Raspbian
        Stretch and 4.14.98-v7+ kernel.<br>
      </div>
      <div>Now this works great for me and is very efficient, however I
        tried to add a lot of routes on one of the "spoke/client" nodes,
        517 routes to be exact.<br>
      </div>
      <div>If I do this, WireGuard stops working, tcpdump shows the
        traffic being sent out the wg0 interface but never actually
        being processed by wireguard, meaning the encapsulated packet to
        the "hub" never leaves.<br>
      </div>
      <div><br>
      </div>
      <div>So I tried doing this with wg instead of wg-quick and this
        works fine until I actually add a lot of the routes to the
        routing table, the sweet spot seems to be 384. If 383 routes are
        present in the routing table, wg will still work but if I add
        one more, all previously working ones dont anymore, if I reduce
        it again to &lt;=383 then it starts working again. wg itself
        doesnt mind having all those routes (wg show) but I wonder if it
        tries to read the routing table as well for some reason?<br>
      </div>
      <div><br>
      </div>
      <div>Appreciate any insight/help on this, thanks.<br>
      </div>
      <span>Chris</span>
      <div id="Signature">
        <p><br>
        </p>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
WireGuard mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WireGuard@lists.zx2c4.com">WireGuard@lists.zx2c4.com</a>
<a class="moz-txt-link-freetext" href="https://lists.zx2c4.com/mailman/listinfo/wireguard">https://lists.zx2c4.com/mailman/listinfo/wireguard</a>
</pre>
    </blockquote>
    <p>did you tried using dynamic routing ? or it can't be applied ? I
      have 262 routes available so can't confirm if dynamic routing will
      work</p>
    <p><br>
    </p>
    <p>Regards<br>
    </p>
  </body>
</html>

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

  reply index

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-05-17  6:34 . .
2019-05-18 17:03 ` Lucian Cristian [this message]
  -- strict thread matches above, loose matches on Subject: below --
2019-05-12 13:44 Wireguard Bug? Ryan Whelan
2019-05-12 15:41 ` Jason A. Donenfeld
2019-05-12 23:02 ` Lonnie Abelbeck
2019-06-14 11:56 ` Jason A. Donenfeld

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e7eee97b-ce4e-5179-cf9c-4ed714140f27@powerneth.ro \
    --to=luci@powerneth.ro \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com zx2c4-wireguard@archiver.kernel.org
	public-inbox-index wireguard


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/ public-inbox