Getting wg(4) NetBSD server to work with WireGuard(R) macOS client

Fri, 10 Jan 2025 19:56:55 -0800 

Hello,

I'm trying to get a wg(4) NetBSD server to work with a WireGuard(R)
macOS client. I have succeeded in getting a handshake and can send
bytes, but I don't receive bytes via ping or in Firefox. Meanwhile,
mosh works fine.

Here's my step-by-step:

On the NetBSD server:

        # (umask 0077; wg-keygen > /etc/wg0)
        # wg-keygen --pub < /etc/wg/wg0 > /etc/wg/wg0.pub
        # cat /etc/wg0.pub
        1WaiYse6arup/pNqos7CyvtsTm6O8PN+/s/6UZdk0kc=

        # ifconfig wg0 create
        # ifconfig wg0 inet 10.2.0.1/24

        [sever has no ipv6]

        # wgconfig wg0 set private-key /etc/wg0
        # wgconfig wg0 set listen-port 9443
        # wgconfig wg0 add peer sevastopol \
                1WaiYse6arup/pNqos7CyvtsTm6O8PN+/s/6UZdk0kc= \
                --allowed-ips=10.2.0.42/32

        # ifconfig wg0 down
        # ifconfig wg0 up
        # ifconfig wg0
        wg0: flags=0x8041<UP,RUNNING,MULTICAST> mtu 1420                        
       
                status: active
                inet6 fe80::1457:1bc8:34cf:69c0%wg0/64 flags 0 scopeid 0x3
                inet 10.2.0.1/24 flags 0

On the hosting service firewall:

        accept  UDP     9443    0.0.0.0/0
        accept  UDP     51820   0.0.0.0/0

On the macOS WireGuard(R) client:

        Name = sevastopol
        PublicKey = 8Oe88+HZAJ39RePuIcw3OQjQtC+onX0/lXk2rxC9HUw=

        [Interface]
        PrivateKey = [*** redacted ***]
        Address = 10.2.0.42/24

        [Peer]
        PublicKey = 1WaiYse6arup/pNqos7CyvtsTm6O8PN+/s/6UZdk0kc=
        AllowedIPs = 1.0.0.0/8, 2.0.0.0/8, 3.0.0.0/8, 4.0.0.0/6, 8.0.0.0/7,
        11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2,
        128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.32.0.0/11,
        172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4,
        192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16,
        192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10,
        193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4
        Endpoint = starbeastie.rnkn.xyz:9443

        $ ping -c5 10.2.0.1
        PING 10.2.0.1 (10.2.0.1): 56 data bytes
        Request timeout for icmp_seq 0
        Request timeout for icmp_seq 1
        Request timeout for icmp_seq 2
        Request timeout for icmp_seq 3

        --- 10.2.0.1 ping statistics ---
        5 packets transmitted, 0 packets received, 100.0% packet loss

Back on the NetBSD server:

        # wgconfig wg0
        interface: wg0
                private-key: (hidden)
                listen-port: 9443
                peer: sevastopol
                        public-key: 8Oe88+HZAJ39RePuIcw3OQjQtC+onX0/lXk2rxC9HUw=
                        endpoint: 1.146.105.131:1085
                        preshared-key: (hidden)
                        allowed-ips: 10.2.0.42/32
                        latest-handshake: Sat Jan 11 13:40:49 2025

What am I doing wrong here?

Thanks in advance,

-- 
Paul W. Rankin
https://rnkn.xyz

Reply via email to