Ramiro Aceves <[email protected]> writes: > El 28/1/26 a las 1:19, Greg Troxel escribió: >> Ramiro Aceves <[email protected]> writes: >> >>> I am using this two commands to monitor interfaces in the RPi ZeroW: >>> >>> tcpdump icmp -i wg0 ---> to monitor the wireguard interface >>> tcpdump icmp -i bwfm0 ---> to monitor the WIFI link to the home router. >> Don't use filters, or filter out stuff you dno't want to see. The >> wireguard packets surely are some UDP port or similar and encrypted, so >> icmp will not match. > > Thanks for answering. The problem is that because of by my lack of > understanding about networking I do not know what to monitor ;-) I > knew that ping uses ICMP packets so I wanted to see them alone and > discarded everything. I saw that bwmf0 tcmpdump out put was with high > traffic and was lost watching so many lines of (for me) cryptic > messages ;-) >
That's why I suggested, or meant to suggest, writing to a file, so that you can go over it later and filter out what you know doesn't matter. Generally when debugging it's important to avoid excluding things that you don't expect that might matter. >>> raspaZeroW# ping -c 1 44.27.132.76 >> you are pinging your own address? That should stay local. > > Yes, I am pinging my 44 net assigned address from the RPiZero. Should > it correspond to:? > > 44.27.132.76 wg0 UHl - - - wg0 > 44.27.132.76/32 44.27.132.76 U - - - wg0 I think it should stay local. For example, if I ping my (inner) side of a gif tunnel, the RTT is 340 us, clearly local. But I haven't set up wireguard, and I haven't read the driver. > I believe that pings from outside reach the RPI through the tunnel in > wg0 but the ICMP reply try to go via the default route 192.168.1.1. I > do not know, perhaps I am saying silly things. I think you are correct, and the problem is that your tunnel setup does not really make sense. > root@freebsd-nuc8i7:/home/ramiro # netstat -rn > Routing tables > > Internet: > Destination Gateway Flags Netif Expire > 0.0.0.0/1 link#3 US wg0 > default 192.168.1.1 UGS em0 > 44.27.132.76 link#2 UH lo0 > 44.27.227.1 192.168.1.1 UGHS em0 > 127.0.0.1 link#2 UH lo0 > 128.0.0.0/1 link#3 US wg0 > 192.168.1.0/24 link#1 U em0 > 192.168.1.200 link#2 UHS lo0 Here, in addition to what you have in NetBSD, there are a pair of half-default routes that route all traffic into the tunnel, or at least that's what I think is going on. Often when doing "VPN" what's what people want. > The intended usage for this setup would be setting up a lighttpd WEB > server in the RPiZeroW that would be accessible from the hole > internet. So you really do want all outgoing packets -- except for the wrapped packets -- to go via wg. >> The next question is what prefix is supposed to be reachable via wg? > > I do not understand, sorry. I meant whether the tunnel is supposed to let you connect to the entire internet, or just the (remaining part of) net 44. Back when I used net 44, it was over-the-air only, and there were not gateways to the internet, on purpose, for rules compliance. Now it seems to be normal internet for ham community.
