[ wireguard-dev ] About configuring allowedip
Hello, i'm trying to do this with wireguard, withtout success : peer1 ---> peer2 : config ok , works peer3 ---> peer1 : config ok , works peer3 --->peer1 ---> peer2 : not ok . I suspect allowed-ip configuration, but all my tests does not works. perhaps I must create two wireguard interface on peer 1 and do forwarding/routing ? i'm using ipv6 as internal ip. so my question is : - two interface ? - specifiq magic allowedip ? ( allowed ip is confusing for, it is using for routing and for evicting paquet ? ) Regards, Nicolas ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [ wireguard-dev ] About configuring allowedip
Nicolas: Could you provide the configuration files? Because from your little graphic or schema I can not even derive what you are configuring. I guess there is something overlapping prefixes maybe? Jason: I think we are approaching the point in time when there will be a -dev and a -users ML :) > On 23 Feb 2017, at 14:03, Nicolas Prochazka > wrote: > > Hello, i'm trying to do this with wireguard, withtout success : > > peer1 ---> peer2 : config ok , works > peer3 ---> peer1 : config ok , works > peer3 --->peer1 ---> peer2 : not ok . > > I suspect allowed-ip configuration, but all my tests does not works. > perhaps I must create two wireguard interface on peer 1 and do > forwarding/routing ? > i'm using ipv6 as internal ip. > > so my question is : > - two interface ? > - specifiq magic allowedip ? > ( allowed ip is confusing for, it is using for routing and for evicting > paquet ? ) > > Regards, > Nicolas > ___ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
[ANNOUNCE] WireGuard Snapshot `0.0.20170223` Available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello, A new snapshot, `0.0.20170223`, has been tagged in the git repository. Please note that this snapshot is, like the rest of the project at this point in time, experimental, and does not consitute a real release that would be considered secure and bug-free. WireGuard is generally thought to be fairly stable, and most likely will not crash your computer (though it may). However, as this is a pre-release snapshot, it comes with no guarantees, and its security is not yet to be depended on; it is not applicable for CVEs. With all that said, if you'd like to test this snapshot out, there are a few relevent changes. == Changes == * device: disable ICMP redirects We now no longer send ICMP redirect messages when forwarding packets between two WireGuard peers on the same interface. * socket: do not try to create v6 socket when disabled This allows WireGuard to work on systems booted with ipv6.disable=1. * wg-quick: allow config files without trailing newline * tools: give "off" value for fwmark * tools: fix bash completion spaces * tools: add wg show [interface] dump The wg(8) command learns a new way of dumping information, which should be a boost for script writers. * contrib: add wg-json utility Using the aforementioned new dump command, it's trivial to transform into JSON using a bash script, so this is provided as an example. * extract-keys: respect compat directives The extract-keys helper now builds with the new compat system, which should enable wireshark dissectors and such to work. As always, the source is available at https://git.zx2c4.com/WireGuard/ and information about the project is available at https://www.wireguard.io/ . This snapshot is available in tarball form here: https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20170223.tar.xz SHA2-256: 6d2c8cd29c4f9fb404546a4749ec050739a26b4a49b5864f1dec531377c3c50d BLAKE2b-256: bb6167ea4a2f54127912947161fd0dc785b388017bfabb0b64debd7fc2d12fbc If you're a snapshot package maintainer, please bump your package version. If you're a user, the WireGuard team welcomes any and all feedback on this latest snapshot. Thank you, Jason Donenfeld -BEGIN PGP SIGNATURE- iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAliu/5gQHGphc29uQHp4 MmM0LmNvbQAKCRBJ/HASpd4Druf/EAC9bRArn/2M1xVUmB0r9FJddtjfaDAhe/Ub 1q8xYE8My1PrO8R47vHs/jluX70sCQUwsHq1O7IxOAbDJR6bQWiyAFpPwRQ49UgR kyoJaL04t9OBkhUcwcP62iHSgPuB/EIprDpO0Jm8XvfYZHTSVJSHOw688rqcUlNW TmKf1WoDVzRFfCjXeoEa6tj4nPfJ668/5OOQzQv3cM7dXF+bkZhvq76mS0PNE7zW tTAIc/OuxhCeKc3LW2dtRgDNGGOoSg8+mrjas7XB8STR8TZC4b+m5hfGhoq7y8nJ tJ6Z70qJgXOHUTHuCE4ER/kFNGc/sPB0TxQOGkQR62M3B0uYZmBE8ODr90N6/8yc r4aPz8SqFRNk4C3VfKegpvRNfX/P4ASHJtBf9+G4NbmPuuWOOocegL9632drlURp aI89VeL2pRgTbTfePr+1wy6zhs8vSJ4l3/bPVunMnN0DsiTWvYlUqulD3uYND2ta zTkz5RuO8kkTjemksNQHEIiadlzaUURW55YGtzCu/eNe+mborGQRpjLIxY2blFTj 57o3+TX2N12QrEAXTfEVxR2ZeFK04ja3VRVZHB2Qn9nozQ/gAmRRFxWEcReZR7Fe NHI4kgvVPS8IUgIH20ohvXUZtYrothTjb9l7syrPK/6OqKF0U/e1qBj7pfKEHJ42 6rEPq2qYHA== =XKuH -END PGP SIGNATURE- ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
[ wireguard-dev ] dmesg when using ipv6
hello, i've a lot of Wireguard : could not create ipv4 socket in dmesg I 'm using wireguard with setting ipv6 peer private ip, and the connection betweek peers is ipv4 interface: wg0 public key: vhnquNl9iD3oJrJPVBbOUma7MohVcQ1zm5suUTm1QCk= private key: (hidden) listening port: 6081 peer: oyJfXtqaqO3sLVQXNOfqgpv0PN2O8TG8KKOADaEhskc= endpoint: 52.49.x.x:6081 allowed ips: ::/0 persistent keepalive: every 25 seconds Regards, Nicolas ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [ wireguard-dev ] dmesg when using ipv6
Hello, For the second time today, please provide more debugging information than that. Full dmesg output, full configs, exactly what you're doing. Otherwise nobody can help you. Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [ wireguard-dev ] dmesg when using ipv6
you are right, sorry. I do a lot of tests and sometime it seems wireguard is in a "strange" state, I'm trying to reproduce. A question : When I've the dmesg, "could not create ipv4 socket", i cannot rmmod wireguard from kernel. I'm trying ip link del dev wg0 , rmmod wireguard there's no wireguard interface, however, i cannot remove wireguard module, system tells module is used. When wireguard works well, i can remove module without problem. Regards, Nicolas 2017-02-23 18:32 GMT+01:00 Jason A. Donenfeld : > Hello, > > For the second time today, please provide more debugging information > than that. Full dmesg output, full configs, exactly what you're doing. > Otherwise nobody can help you. > > Jason > ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: [ wireguard-dev ] About configuring allowedip
On Thu, Feb 23, 2017 at 02:03:37PM +0100, Nicolas Prochazka wrote: > Hello, i'm trying to do this with wireguard, withtout success : > > peer1 ---> peer2 : config ok , works > peer3 ---> peer1 : config ok , works > peer3 --->peer1 ---> peer2 : not ok . > > I suspect allowed-ip configuration, but all my tests does not works. > perhaps I must create two wireguard interface on peer 1 and do > forwarding/routing ? > i'm using ipv6 as internal ip. It should work with a single interface for both peers, but you need to activate forwarding in the kernel: # sysctl net.ipv6.conf.default.forwarding=1 > so my question is : > - two interface ? > - specifiq magic allowedip ? > ( allowed ip is confusing for, it is using for routing and for evicting > paquet ? ) > > Regards, > Nicolas > ___ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard signature.asc Description: PGP signature ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard