Re: 7.3 -> 7.4 WireGuard AllowedIPs stopped working
@Stefan > Maybe this 'wg' tool just doesn't display the config correctly? Good catch, especially after I read the other reply. @obs...@loopw.com > are you certain that you upgraded your userland packages after upgrading? Good catch, I forgot to go through the "After the upgrade" section which is where I was supposed to run the pkg_add -u Duh myself. And thank you both for the advice, I'll move it all to hostname.wg0, one less dependency in the chain. Conclusion: bsd# ifconfig wg0 wgkey 'xxx' wgpeer 'xxx' wgpsk 'xxx' wgaip '10.x.x.10/32' bsd# bsd# ifconfig wg0 wg0: flags=80c3 mtu 1420 index 5 priority 0 llprio 3 wgport 51820 wgpubkey xxx wgpeer xxx wgpsk (present) tx: 0, rx: 0 wgaip 10.x.x.10/32 groups: wg inet 10.x.x.x netmask 0xff00 broadcast 10.x.x.255 bsd#
Re: 7.3 -> 7.4 WireGuard AllowedIPs stopped working
are you certain that you upgraded your userland packages after upgrading? wireguard-tools is critical to update in 7.4 (I think due in part to the wgdescr field being added, which is a sorely missing field imo) (for what its worth, I ran into the same problem, specifically because I’d typo’d pkg_add and didnt pay attention until things stopped working. Doh.) if you want to convert to the ifconfig syntax (away from using wg0.conf), you can put your peers in /etc/hostname.wg0 - Solene’s post about it covers how to do that. https://dataswamp.org/~solene/2021-10-09-openbsd-wireguard-exit.html the gist: PUBKEY=PASTE_PUBKEY_HERE PRIVKEY=$(openssl rand -base64 32) cat < /etc/hostname.wg0 wgkey $PRIVKEY wgpeer $PUBKEY wgaip 192.168.10.0/24 inet 192.168.10.1/24 wgport 4433 up EOF you can have multiple wgpeer lines. look at the wireguard entries in "man ifconfig" for more info. > On Oct 22, 2023, at 8:56 AM, Pierre Peyronnel > wrote: > > Hi there, > > Since upgrading from 7.3 to 7.4 my wireguard setup stopped working. > Now, it might be me. Still here's what I have. > > Stripping down wg0.conf, I have this message as soon as I add a [Peer] > section and its public key: > > bsd# cat /etc/wireguard/wg0.conf >> >> [Interface] >> PrivateKey = (hidden by me) >> ListenPort = 51820 >> >> [Peer] >> PublicKey = (hidden by me) >> #PresharedKey = (hidden by me) >> #AllowedIPs = 10.x.x.10/32 >> > > >> # wg setconf wg0 /etc/wireguard/wg0.conf >> Unable to modify interface: Address family not supported by protocol family >> > > Trying to set it up manually, I get the following result: > >> bsd# ifconfig wg0 wgpeer '(hidden by me)' wgpsk '(hidden by me)' wgaip >> '10.x.x.10/32' >> bsd# wg >> interface: wg0 >> public key: (hidden by me) >> private key: (hidden) >> listening port: 51820 >> >> peer: (hidden by me) >> preshared key: (hidden) >> allowed ips: (none) >> > > I see no way of setting the AllowedIPs anymore. > I did not see any change in 7.4 that cloud explain the behaviour or require > a change in my configuration > I'd be grateful for feedback. > > Thanks ! > Pierre
Re: 7.3 -> 7.4 WireGuard AllowedIPs stopped working
On Sun, Oct 22, 2023 at 05:56:28PM +0200, Pierre Peyronnel wrote: > Hi there, > > Since upgrading from 7.3 to 7.4 my wireguard setup stopped working. > Now, it might be me. Still here's what I have. > > Stripping down wg0.conf, I have this message as soon as I add a [Peer] > section and its public key: > > bsd# cat /etc/wireguard/wg0.conf > > > > [Interface] > > PrivateKey = (hidden by me) > > ListenPort = 51820 > > > > [Peer] > > PublicKey = (hidden by me) > > #PresharedKey = (hidden by me) > > #AllowedIPs = 10.x.x.10/32 > > > > > > # wg setconf wg0 /etc/wireguard/wg0.conf > > Unable to modify interface: Address family not supported by protocol family > > > > Trying to set it up manually, I get the following result: > > > bsd# ifconfig wg0 wgpeer '(hidden by me)' wgpsk '(hidden by me)' wgaip > > '10.x.x.10/32' > > bsd# wg > > interface: wg0 > > public key: (hidden by me) > > private key: (hidden) > > listening port: 51820 > > > > peer: (hidden by me) > > preshared key: (hidden) > > allowed ips: (none) > > Maybe this 'wg' tool just doesn't display the config correctly? ifconfig wg0 as root displays wgaip settings just fine here. For automatic setup you can set up wg0 via /etc/hostname.wg0, adding all the ifconfig wg0 commands you need on a single line. There is no need to use any files in /etc/wireguard anymore, nor is there a need for a wireguard config tool from packages. My /etc/hostname.wg0 looks like this (except that the random keys and IPs are in fact different): rdomain 1 wgkey "86oHs/awV8nlLe2KKHkMEAhmsRRIA8nLilzHwnFFP8A=" wgpeer "6e0ZhZs/q4R8JZjNTp973DlO0FDRrkCiHAnMinFfn1U=" wgaip 0.0.0.0/0 wgaip ::/0 wgendpoint 10.10.10.10 443 wgpsk "ksorfAqLmd+CteNrc+aNL/q/5ItL6B2qZDllYNEgvqk=" wgpka 25 wgrtable 0 mtu 1332 inet 10.2.2.4/24 inet6 2001:db8::4/64 !/sbin/route -T1 add -inet default 10.2.2.1 !/sbin/route -T1 add -inet6 default 2001:db8::1
Re: 7.3 -> 7.4 WireGuard AllowedIPs stopped working
Hello Judah, > Silly question perhaps but are you trying to run this with the Allowed > IPs commented out as shown in your example? > If you remove the '#' from the front of that line does it work? It does not hurt to ask. The comment doesn't change a thing. With or without it you get that error message, and the file gets ignored. I left it like that because I found it even more striking to get a message about an address when you have not even specified one. In any case, the command line version shows the issue as well. Now, knowing that it works for you, I'm thinking it may be a driver issue, from an underlying network card, not a wireguard issue per se ? My wg0.conf file contains several peers initially, i just kept the minimum that works and does not work (it works if I remove all [Peer] sections) I have: > ix0 at pci1 dev 0 function 0 "Intel X540T" rev 0x01, msix, 1 queue, address (...) and > rgephy0 at re0 phy 7: RTL8169S/8110S/8211 PHY, rev. 5 > re0 at pci3 dev 0 function 0 "Realtek 8168" rev 0x09: RTL8168F/8111F (0x4800), msi, address (...) On Sun, 22 Oct 2023 at 18:35, Judah Kocher wrote: > > Hello Pierre, > > Silly question perhaps but are you trying to run this with the Allowed > IPs commented out as shown in your example? > > If you remove the '#' from the front of that line does it work? I can > confirm that wireguard is working just fine for me after the update to > 7.4 on multiple devices, including one with a practically identical > configuration to what you shared. > > Judah > > On 10/22/23 11:56, Pierre Peyronnel wrote: > > Hi there, > > > > Since upgrading from 7.3 to 7.4 my wireguard setup stopped working. > > Now, it might be me. Still here's what I have. > > > > Stripping down wg0.conf, I have this message as soon as I add a [Peer] > > section and its public key: > > > > bsd# cat /etc/wireguard/wg0.conf > >> [Interface] > >> PrivateKey = (hidden by me) > >> ListenPort = 51820 > >> > >> [Peer] > >> PublicKey = (hidden by me) > >> #PresharedKey = (hidden by me) > >> #AllowedIPs = 10.x.x.10/32 > >> > > > >> # wg setconf wg0 /etc/wireguard/wg0.conf > >> Unable to modify interface: Address family not supported by protocol family > >> > > Trying to set it up manually, I get the following result: > > > >> bsd# ifconfig wg0 wgpeer '(hidden by me)' wgpsk '(hidden by me)' wgaip > >> '10.x.x.10/32' > >> bsd# wg > >> interface: wg0 > >>public key: (hidden by me) > >>private key: (hidden) > >>listening port: 51820 > >> > >> peer: (hidden by me) > >>preshared key: (hidden) > >>allowed ips: (none) > >> > > I see no way of setting the AllowedIPs anymore. > > I did not see any change in 7.4 that cloud explain the behaviour or require > > a change in my configuration > > I'd be grateful for feedback. > > > > Thanks ! > > Pierre > > -- > Judah Kocher > Assistant Chief > Cochranville Fire Company > 484-266-9257 >
Re: 7.3 -> 7.4 WireGuard AllowedIPs stopped working
Hello Pierre, Silly question perhaps but are you trying to run this with the Allowed IPs commented out as shown in your example? If you remove the '#' from the front of that line does it work? I can confirm that wireguard is working just fine for me after the update to 7.4 on multiple devices, including one with a practically identical configuration to what you shared. Judah On 10/22/23 11:56, Pierre Peyronnel wrote: Hi there, Since upgrading from 7.3 to 7.4 my wireguard setup stopped working. Now, it might be me. Still here's what I have. Stripping down wg0.conf, I have this message as soon as I add a [Peer] section and its public key: bsd# cat /etc/wireguard/wg0.conf [Interface] PrivateKey = (hidden by me) ListenPort = 51820 [Peer] PublicKey = (hidden by me) #PresharedKey = (hidden by me) #AllowedIPs = 10.x.x.10/32 # wg setconf wg0 /etc/wireguard/wg0.conf Unable to modify interface: Address family not supported by protocol family Trying to set it up manually, I get the following result: bsd# ifconfig wg0 wgpeer '(hidden by me)' wgpsk '(hidden by me)' wgaip '10.x.x.10/32' bsd# wg interface: wg0 public key: (hidden by me) private key: (hidden) listening port: 51820 peer: (hidden by me) preshared key: (hidden) allowed ips: (none) I see no way of setting the AllowedIPs anymore. I did not see any change in 7.4 that cloud explain the behaviour or require a change in my configuration I'd be grateful for feedback. Thanks ! Pierre -- Judah Kocher Assistant Chief Cochranville Fire Company 484-266-9257