Re: Nested Wireguard tunnels not working on Android and Windows

[mikma . wg]

On 2021-03-01 21:09, i iordanov wrote:


Hi Frank,

On Mon, Mar 1, 2021 at 9:42 AM Frank Carmickle  wrote:

Maybe it's a bug and not a feature? It seems to me that you would have no way 
of setting the MTU on the inner tunnel.

That's true - other than inefficient packet fragmentation, is there
anything else that would be an issue?
It's possible to configure the MTU for each route on Linux. (Obviously 
you can't use the extremely simple wg-quick script for this.)



Is there a reason why you can't try multiple interfaces?

I cannot bring up more than a single interface on Android. I am not
sure about interface management on Windows with wg.exe, but
wireguard.exe certainly does not permit multiple interfaces to be
brought up.


The WireGuard app on Android also can't use a VPN address as the source 
of WireGuard packets. Only non-VPN addresses are supported.


Which means currently the WireGuard app on Android can't be used for 
nested tunnels.

Wireguard Win10 Client not work through an openVPN tunnel on the same machine

[Peter Whisker]

This may be because Wireguard binds to the default route interface which 
is not correct if you want to use another route such as your OpenVPN. It 
also fails with PulseSecure VPN.


As discussed here in the past month, removing the code which binds and 
recompiling Wireguard fixes the problem.


Peter

On Sun, 28 Feb 2021, 22:17 Heiko Kendziorra, > wrote:


   Machine A in Intranet Windows 10 Prof Version : 20H2
   Address 172.1.2.3
   Firewall is open for  webserver und wireguard (8080 tcp, 4 udp)
   is WireguardServer  Version 0.3.7

   wg.conf:
   PublicKey = A8C8+bRYaqu2MKs2SpwuRRgmwqItYwFFJjk77UtUUxU=
   [Interface]
   PrivateKey = 
   ListenPort = 4
   Address = 192.168.44.44/32 
   [Peer]
   PublicKey = JkacJ6IYPUgCOv+OdHN6ZMJ+JRZr6V5/kDzthil/CUs=
   AllowedIPs = 192.168.44.4/32 
   PersistentKeepalive = 25
   

   Machine B extern over openVPN connected with the Intranet Windows 10
   Prof Version : 20H2  (OpenVPN Client running on B)
   Address 172.11.12.13 could reach A over Routing  (Test: Webserver on
   A: 172.1.2.3:8080 )
   is WireguardClient Version 0.3.7

   wg.conf:
   PublicKey = JkacJ6IYPUgCOv+OdHN6ZMJ+JRZr6V5/kDzthil/CUs=
   [Interface]
   PrivateKey = **
   Address = 192.168.44.4/32 

   [Peer]
   PublicKey = A8C8+bRYaqu2MKs2SpwuRRgmwqItYwFFJjk77UtUUxU=
   AllowedIPs = 192.168.44.44/32 
   Endpoint = 172.16.41.20:4 
   PersistentKeepalive = 25
   


   Result after Activation
   The Client B could not estable a working Wireguard-Connetion to A :

   Protokoll Server:
   2021-02-27 10:53:02.636: [TUN] [4] Startup complete
   2021-02-27 10:53:03.615: [TUN] [4] peer(Jkac…/CUs) - Received
   handshake initiation
   2021-02-27 10:53:03.615: [TUN] [4] peer(Jkac…/CUs) - Sending
   handshake response
   2021-02-27 10:53:07.821: [TUN] [4] peer(Jkac…/CUs) - Handshake did
   not complete after 5 seconds, retrying (try 2)
   2021-02-27 10:53:11.480: [MGR] [Wintun] IsPoolMember: Reading pool
   devpkey failed, falling back: Element nicht gefunden. (Code
   0x0490)
   2021-02-27 10:53:28.626: [TUN] [4] peer(Jkac…/CUs) - Sending
   handshake initiation
   2021-02-27 10:53:33.794: [TUN] [4] peer(Jkac…/CUs) - Handshake did
   not complete after 5 seconds, retrying (try 2)
   2021-02-27 10:53:33.794: [TUN] [4] peer(Jkac…/CUs) - Sending
   handshake initiation
   2021-02-27 10:53:39.094: [TUN] [4] peer(Jkac…/CUs) - Handshake did
   not complete after 5 seconds, retrying (try 3)
   2021-02-27 10:53:39.094: [TUN] [4] peer(Jkac…/CUs) - Sending
   handshake initiation
   2021-02-27 10:53:44.286: [TUN] [4] peer(Jkac…/CUs) - Handshake did
   not complete after 5 seconds, retrying (try 4)
   2021-02-27 10:53:44.286: [TUN] [4] peer(Jkac…/CUs) - Sending
   handshake initiation
   2021-02-27 10:53:49.549: [TUN] [4] peer(Jkac…/CUs) - Handshake did
   not complete after 5 seconds, retrying (try 5)
   2021-02-27 10:53:49.549: [TUN] [4] peer(Jkac…/CUs) - Sending
   handshake initiation

   Protokoll Client:
   2021-02-27 10:53:02.793: [TUN] [test-4] Startup complete
   2021-02-27 10:53:02.836: [TUN] [test-4] peer(A8C8…UUxU) - Received
   handshake response
   2021-02-27 10:53:23.530: [TUN] [test-4] peer(A8C8…UUxU) - Retrying
   handshake because we stopped hearing back after 15 seconds
   2021-02-27 10:53:23.530: [TUN] [test-4] peer(A8C8…UUxU) - Sending
   handshake initiation
   2021-02-27 10:53:27.815: [TUN] [test-4] peer(A8C8…UUxU) - Received
   handshake initiation
   2021-02-27 10:53:27.815: [TUN] [test-4] peer(A8C8…UUxU) - Sending
   handshake response
   2021-02-27 10:53:28.815: [TUN] [test-4] peer(A8C8…UUxU) -
   Handshake did not complete after 5 seconds, retrying (try 2)
   2021-02-27 10:53:32.982: [TUN] [test-4] peer(A8C8…UUxU) - Received
   handshake initiation
   2021-02-27 10:53:32.982: [TUN] [test-4] peer(A8C8…UUxU) - Sending
   handshake response
   2021-02-27 10:53:38.283: [TUN] [test-4] peer(A8C8…UUxU) - Received
   handshake initiation
   2021-02-27 10:53:38.283: [TUN] [test-4] peer(A8C8…UUxU) - Sending
   handshake response
   2021-02-27 10:53:43.475: [TUN] [test-4] peer(A8C8…UUxU) - Received
   handshake initiation
   2021-02-27 10:53:43.475: [TUN] [test-4] peer(A8C8…UUxU) - Sending
   handshake response
   2021-02-27 10:53:48.738: [TUN] [test-4] peer(A8C8…UUxU) - Received
   handshake initiation
   2021-02-27 10:53:48.738: [TUN] [test-4] peer(A8C8…UUxU) - Sending
   handshake response
   2021-02-27 10:53:54.066: [TUN] [test-4] peer(A8C8…UUxU) - Received
   handshake initiation