Re: How to post to the mailling list? (Was: IP which is not there but wg0 replies - ?)
On 08/06/2023 14:04, Marek Küthe wrote: On Thu, 8 Jun 2023 13:45:27 +0200 lejeczek wrote: On 08/06/2023 11:47, Marek Küthe wrote: Hello, I would be interested to know how you managed to post something on the Mailling list? I have been trying to do this for several weeks, however my messages do not arrive. Do you have a special trick? I would appreciate an answer! Greetings Marek Küthe On Thu, 8 Jun 2023 11:30:26 +0200 lejeczek wrote: Hi guys. Purely accidentally I stumbled uppon: -> $ ping 10.1.101 PING 10.1.101 (10.1.0.101) 56(84) bytes of data. 64 bytes from 10.1.0.101: icmp_seq=1 ttl=64 time=0.148 ms 64 bytes from 10.1.0.101: icmp_seq=2 ttl=64 time=0.415 ms -> $ ip a ls dev wg0 17: wg0: mtu 8920 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 10.1.0.99/24 scope global wg0 valid_lft forever preferred_lft forever peer: 14: wg0: mtu 8920 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 10.1.0.100/24 scope global wg0 valid_lft forever preferred_lft forever This a wg0's IP. Someone could shed a bit more light on that - I'd imagine many will appreciate, I will. I'm thinking - is my ipcalcing messed up.. many thanks, L. Apparently the list (maintainers?) practice old & healthy habit - which placing replies below/at bottom also is - to accept only "text" format for a message. (I presume for new message/thread) Test that if you will. (Thunderbird works) regards, L. Thanks, but I have a text-only mail client. So I don't think that's the reason why my posts are still pending. All HTML emails I receive are automatically converted for example. Perhaps checking settings at - https://lists.zx2c4.com/mailman/listinfo/wireguard - is also worth checking. Nothing else comes to mind - I've just double-checked: if I leave it to Thunderbird (default format is "automatic") then a "failure notice" bounces back to me, whereas "text" manually went in.
TEXT test - ignore
ignore
Re: How to post to the mailling list? (Was: IP which is not there but wg0 replies - ?)
On 08/06/2023 11:47, Marek Küthe wrote: Hello, I would be interested to know how you managed to post something on the Mailling list? I have been trying to do this for several weeks, however my messages do not arrive. Do you have a special trick? I would appreciate an answer! Greetings Marek Küthe On Thu, 8 Jun 2023 11:30:26 +0200 lejeczek wrote: Hi guys. Purely accidentally I stumbled uppon: -> $ ping 10.1.101 PING 10.1.101 (10.1.0.101) 56(84) bytes of data. 64 bytes from 10.1.0.101: icmp_seq=1 ttl=64 time=0.148 ms 64 bytes from 10.1.0.101: icmp_seq=2 ttl=64 time=0.415 ms -> $ ip a ls dev wg0 17: wg0: mtu 8920 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 10.1.0.99/24 scope global wg0 valid_lft forever preferred_lft forever peer: 14: wg0: mtu 8920 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 10.1.0.100/24 scope global wg0 valid_lft forever preferred_lft forever This a wg0's IP. Someone could shed a bit more light on that - I'd imagine many will appreciate, I will. I'm thinking - is my ipcalcing messed up.. many thanks, L. Apparently the list (maintainers?) practice old & healthy habit - which placing replies below/at bottom also is - to accept only "text" format for a message. (I presume for new message/thread) Test that if you will. (Thunderbird works) regards, L.
IP which is not there but wg0 replies - ?
Hi guys. Purely accidentally I stumbled uppon: -> $ ping 10.1.101 PING 10.1.101 (10.1.0.101) 56(84) bytes of data. 64 bytes from 10.1.0.101: icmp_seq=1 ttl=64 time=0.148 ms 64 bytes from 10.1.0.101: icmp_seq=2 ttl=64 time=0.415 ms -> $ ip a ls dev wg0 17: wg0: mtu 8920 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 10.1.0.99/24 scope global wg0 valid_lft forever preferred_lft forever peer: 14: wg0: mtu 8920 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 10.1.0.100/24 scope global wg0 valid_lft forever preferred_lft forever This a wg0's IP. Someone could shed a bit more light on that - I'd imagine many will appreciate, I will. I'm thinking - is my ipcalcing messed up.. many thanks, L.
Re: package from fedorainfracloud for centOS 8 does not build
On 29/06/2022 13:27, Jason A. Donenfeld wrote: On Wed, Jun 29, 2022 at 2:17 PM lejeczek wrote: Hi guys. In case somebody here looks after 'copr:copr.fedorainfracloud.org:jdoss:wireguard' then wireguard-dkms-1.0.20220627-1.el8.noarch for 4.18.0-394.el8.x86_64 fails to build many thanks, L. https://lists.zx2c4.com/pipermail/wireguard/2022-June/007664.html is there a reason for which you do not keep multiple versions in the repo - so to "downgrade" people would have as an option? thanks, L.
package from fedorainfracloud for centOS 8 does not build
Hi guys. In case somebody here looks after 'copr:copr.fedorainfracloud.org:jdoss:wireguard' then wireguard-dkms-1.0.20220627-1.el8.noarch for 4.18.0-394.el8.x86_64 fails to build many thanks, L.
something affects wg iface - how to troubleshoot ?
Hi guys. I have quite a peculiar case which possibly might interest anybody - as oppose to just resolving an issue. I use a very popular monitoring tool 'monit' to monit my wg0 iface and that works okey, meaning 'monit' does not see any issue with wg0, but _only_ if 'qbittorrent' is _not_ running! When 'qbittorrent' is running 'monit' is reporting: 'wg0' 5 upload errors detected 'wg0' trying to restart 'wg0' stop: '/usr/bin/systemctl stop wg-quick@wg0.service' 'wg0' start: '/usr/bin/systemctl start wg-quick@wg0.service' 'wg0' download errors check succeeded in my case monit's action is to restart wg0 iface. 'qbittorrent' is not, should not be, particularly interested in wg0 iface. What do you think is happening there? I'm on Centos 9. Is some kind of leakage or something more sinister happening there? Lastly, how to investigate this, how to tell what is happening to wg iface? many thanks, L.
Re: error - ? - Address already in use
On 13/04/2022 20:45, Shulhan wrote: On Wed, 13 Apr 2022 18:45:24 +0100 lejeczek wrote: Hi guys what is below error the symptom of? -> $ wg-quick up wg-r2 [#] ip link add wg-r2 type wireguard [#] wg setconf wg-r2 /dev/fd/63 [#] ip -4 address add 10.3.3.254/24 dev wg-r2 [#] ip link set mtu 1320 up dev wg-r2 RTNETLINK answers: Address already in use [#] ip link delete dev wg-r2 I'll only add that I looked into "obvious" places and found nothing. many thanks, L. My guess is another wg network is already up using the same IP address. You may check using `wg show` to see the active endpoint or other net tools like `ip` or `ifconfig` to list of active net devices. This message is _pretty_ deceptive as it's the 'port' which is the culprit - if used already by instantiated wg iface. btw. @mailman admins - this mailing list has DMARC breaking, those of us who use yahoo, delivery of own messages. thanks, L
error - ? - Address already in use
Hi guys what is below error the symptom of? -> $ wg-quick up wg-r2 [#] ip link add wg-r2 type wireguard [#] wg setconf wg-r2 /dev/fd/63 [#] ip -4 address add 10.3.3.254/24 dev wg-r2 [#] ip link set mtu 1320 up dev wg-r2 RTNETLINK answers: Address already in use [#] ip link delete dev wg-r2 I'll only add that I looked into "obvious" places and found nothing. many thanks, L.
MTUs go strange ways - ?
Hi guys I thought there was no better place to ask but here so - both ends are centOS and end up having different MTUs for 'wg' interfaces and that I thought, was wrong. 1370 (server) VS 1320 (client) I expected that would be negotiated between nodes without user involved, right? Moreover if I from the client do: -> $ ping server -M do -s 1300 PING 10.3.3.1 (10.3.3.1) 1300(1328) bytes of data. ping: local error: message too long, mtu=1320 Could some expert or two shed more light on what & why is happening? many thanks, L.
firewall / port forward - ?
Hi guys.
I'm still new to wireguard and still not an expert on network stack so I
struggle with something what might be trivial.
A roadwarrior when connected to the server sees a forward-port on
server's internal network as 'closed':
10.3.9.10 -> 10.3.9.1 10.3.1.1 (port forward) => 10.8.9.1 (a
dummy iface, still server)
but rest of 10.3.1.0/24 sees that forwarded port - as I expected - as 'open'
If that same server port is not forwarded ("stays" on 10.3.1.1) then
that roadwarrior sees the port as 'open'
I've fiddled with firewall all I could so I think it's not in there -
thus hoping expert(s) can help me wrap my head around it.
many thanks, L.
Re: secondary IP on wg0 fails
On 08/05/2021 17:31, lejeczek wrote: Hi guys. I'm experiencing a pretty weird wireguard, or perhaps kernel/OS stack bits behavior. I have three nodes which all can ping each other on wg0's IPs but when I add a secondary IP: -> $ ip addr add 10.0.0.226/24 dev wg0 it gets weird, namely, say when that sec IP is on A -> B ping returns; C ping waits, no errors, no return B -> both C & A pings return C -> neither A nor B ping returns I'm on CentOS with 4.18.0-301.1.el8.x86_64. All three nodes are virtually identical kvm VMs. any suggestions as to what is not working here or how to troubleshoot are vey appreciated. many thanks, L. What I've just noticed for the first time is, config eg.: .. [Peer] .. AllowedIPs = 10.0.0.2/32, 10.0.0.226/32 Endpoint = 10.1.1.224:51852 [Peer] .. AllowedIPs = 10.0.0.3/32, 10.0.0.226/32 Endpoint = 10.1.1.225:51853 > $ wg interface: wg0 public key: c+gJArxYd8+= private key: (hidden) listening port: 51851 peer: K/= preshared key: (hidden) endpoint: 10.1.1.225:51853 allowed ips: 10.0.0.3/32, 10.0.0.226/32 latest handshake: 16 seconds ago transfer: 124 B received, 2.14 KiB sent peer: /KidNfhqgP/+c3A= preshared key: (hidden) endpoint: 10.1.1.224:51852 allowed ips: 10.0.0.2/32 # !! no 10.0.0.226/32 ? latest handshake: 3 minutes, 15 seconds ago transfer: 180 B received, 92 B sent That is probably why only 10.0.0.3 with secondary IP is "reachable". Right? If that is by design and expected - why is that and how to make a "floating" IP work if that is by design? thanks, L.
Re: secondary IP on wg0 fails
On 08/05/2021 17:50, Roman Mamedov wrote: On Sat, 8 May 2021 17:31:58 +0100 lejeczek wrote: I'm experiencing a pretty weird wireguard, or perhaps kernel/OS stack bits behavior. I have three nodes which all can ping each other on wg0's IPs but when I add a secondary IP: -> $ ip addr add 10.0.0.226/24 dev wg0 it gets weird, namely, say when that sec IP is on A -> B ping returns; C ping waits, no errors, no return B -> both C & A pings return C -> neither A nor B ping returns I'm on CentOS with 4.18.0-301.1.el8.x86_64. All three nodes are virtually identical kvm VMs. any suggestions as to what is not working here or how to troubleshoot are vey appreciated. many thanks, L. Did you add the new IP to AllowedIPs of that node on all the other nodes? Also remember that sets of AllowedIPs should be unique within the network, i.e. can't have the same AllowedIPs or ranges listed for multiple nodes at the same time. Setting it to the same /24 on all nodes will not work. If still not clear, better post your complete config (without keys). It's the same single subnet 10.0.0.0/24 and to reiterate - wg0's "primary" IPs can all ping each other. All nodes have, respectively: eg. node-B [peer] ... AllowedIPs = 10.0.0.1/32, 10.0.0.226/32 Endpoint = 10.1.1.223:51851 [peer] ... AllowedIPs = 10.0.0.3/32, 10.0.0.226/32 Endpoint = 10.1.1.225:51853
secondary IP on wg0 fails
Hi guys. I'm experiencing a pretty weird wireguard, or perhaps kernel/OS stack bits behavior. I have three nodes which all can ping each other on wg0's IPs but when I add a secondary IP: -> $ ip addr add 10.0.0.226/24 dev wg0 it gets weird, namely, say when that sec IP is on A -> B ping returns; C ping waits, no errors, no return B -> both C & A pings return C -> neither A nor B ping returns I'm on CentOS with 4.18.0-301.1.el8.x86_64. All three nodes are virtually identical kvm VMs. any suggestions as to what is not working here or how to troubleshoot are vey appreciated. many thanks, L.
Re: wgX iface as slave to a bridge - Linux
On 25/04/2021 13:21, Chriztoffer Hansen wrote: Can wiregurard ifaces be enslaved by LInux bridge? I tried but it did not work for me. Similarly "mavclan" - would/should wireguard work that way? Why would you want to enslave an L3-only capable interface to an L2 bridge? What is your use case behind the question? Containers. Simple (but also can be complex too as scales easily) case where containers would be glued together and be able to communicate across nodes/hosts via wireguard tunnel/link. I'm looking at it from a 'regular' admin standpoint. Then it'd be just one wiregurard host-to-host link which all container could utilize, as oppose to separate wireguard for/in each container. many thanks, L.
wgX iface as slave to a bridge - Linux
Hi guys. Apologies, I'll bother you guys as I failed to find some better places to ask, I searched for forums etc. but failed. Can wiregurard ifaces be enslaved by LInux bridge? I tried but it did not work for me. Similarly "mavclan" - would/should wireguard work that way? What I've tried and failed was on CentOS stream with 4.18.0-294.el8.x86_64. many thanks, L.
