On Mon, Sep 28, 2020 at 6:35 PM Sven F. <[email protected]> wrote:
> Dear reader, > > i tested 6.8-beta and WG > > After going for behind NAT to behind NAT experiment , > i went for two 'clients' behind a NAT to an openBSD device with a public IP > called here 'Server' > > First of all , a minor detail, unless I thought wgport was not > optional because the > ifconfig output will not tell you the 'random port' chosen. > So you cannot configure wgpeer after, unless > you up the interface (1) > > 'Server' > > # ifconfig wg1 > wg1: flags=80c3<UP,BROADCAST,RUNNING,NOARP,MULTICAST> mtu 1420 > index 5 priority 0 llprio 3 > wgport 5555 > wgpubkey XdbTdbNzEASSXvgwAHrBuuBNHpeDtS0CGH3KsT7TxzY= > wgpeer XxILKSdZ3JJr7fhAqzVNhNE4wbxJGfFlb4EYijqnU1k= > wgendpoint XXXXXXXXXX YYYY > tx: 13988, rx: 11164 > last handshake: 135 seconds ago > wgaip 192.168.5.1/24 > wgpeer Xo6rmtAMkXhGIJOtulLhzCialGdzoPhDSHou+LWWfz8= > wgendpoint XXXXXXXXXX YYYY > tx: 10164, rx: 5992 > last handshake: 9 seconds ago > wgaip 192.168.0.0/16 > groups: wg > inet 192.168.5.1 netmask 0xffff0000 broadcast 192.168.255.255 > > the wgaip filter is a bit confusing to me because i MAY want to > allow 192.168.5.1 > on both but not having overlapping subnet , or maybe it's dedicated to > routing. > The man page of WG(4) or the faq could have a more fancy example to > illustrate > correct use of wgaip > > The main question is related to the fact that > I was unable to ping the peers from the 'server' > until I pinged 192.168.5.1 from the two 'clients'. > > # ping 192.168.6.1 > PING 192.168.6.1 (192.168.6.1): 56 data bytes > ^C > --- 192.168.6.1 ping statistics --- > 5 packets transmitted, 0 packets received, 100.0% packet loss > ## ping 192.168.5.1 or remote device here > # ping 192.168.6.1 > PING 192.168.6.1 (192.168.6.1): 56 data bytes > 64 bytes from 192.168.6.1: icmp_seq=0 ttl=255 time=12.564 ms > 64 bytes from 192.168.6.1: icmp_seq=1 ttl=255 time=16.005 ms > > Is this expected and/or due to the fact 192.168.6.1 is behind a NAT ? > > Best > ( one client is i386 the other amd64 , 6.8 beta is working so far !) > > > (1) > # ifconfig wg2 create wgkey `openssl rand -base64 32` > # ifconfig wg2 > wg2: flags=8082<BROADCAST,NOARP,MULTICAST> mtu 1420 > index 6 priority 0 llprio 3 > wgpubkey iKbEvJvgyyzcdRcefgXaC7BWkmfUTREtL5BWvFeKdHo= > groups: wg > vps105766# ifconfig wg2 up > vps105766# ifconfig wg2 > wg2: flags=80c3<UP,BROADCAST,RUNNING,NOARP,MULTICAST> mtu 1420 > index 6 priority 0 llprio 3 > wgport 16326 > wgpubkey iKbEvJvgyyzcdRcefgXaC7BWkmfUTREtL5BWvFeKdHo= > groups: wg > > man > ``` > wgport port > Set the UDP port that the tunnel operates on. The interface > will > bind to INADDR_ANY and IN6ADDR_ANY_INIT. If no port is > configured, one will be chosen automatically. > ``` > to > ``` > wgport port > Set the UDP port that the tunnel operates on. The interface > will > bind to INADDR_ANY and IN6ADDR_ANY_INIT. If no port is > configured, one will be chosen automatically when the > interface is up. > ``` > > ? > My tunnel did not survive a suspend mode on the crapbook laptop. public IP did not roam nothing after a few minutes ( other device is working fine ) Am I supposed to do a down / up cycle on the wg interface after suspend ?
