-------- Forwarded message ------- From: [email protected] To: "Jason A. Donenfeld" <[email protected]> Sent: August 19 2016 11:49 AM Subject: Re: [WireGuard] WireGuard doesn't work with network namespace on ArchLinux August 19 2016 8:54 AM, "Jason A. Donenfeld" <[email protected]> wrote:
>>> $ cat /etc/wireguard/client.conf >>> [Interface] >>> PrivateKey = OAT5r6E1hid***iVBnY= > > Never post any part of your private key to the internet. I advise you > to change your keys now. Ok, i understand. >>> ListenPort = 52345 >>> [Peer] >>> PublicKey = aMC3f6kw***UDQVwo= >>> EndPoint = [2a01:4f8:***:***::5]:40111 >>> AllowedIPs = fc00::10/7 > > Here's where you go wrong. On the _client_ you want: > AllowedIPs=::/0,0.0.0.0/0 > In other words, the client trusts the server to send data as any IP, > and the client will send any IP data to the server. > > The AllowedIPs you use on the server should most likely be a /128 and > a /32, however. There is no error anymore, but packets don't leave on the server. Output of tcpdump -i wg0 on client: IP6 localhost > 2a00:1450:4010:c01::8a ICPMP6, echo request, seq 1, length 64 IP6 localhost > 2a00:1450:4010:c01::8a ICPMP6, echo request, seq 2, length 64 IP6 localhost > 2a00:1450:4010:c01::8a ICPMP6, echo request, seq 3, length 64 Output of ip netns exec physical tcpdump -t on client: IP6 localhost.52345 > 2a01:4f8:***:***::5.40111: UDP, length 141 IP6 localhost.52345 > 2a01:4f8:***:***::5.40111: UDP, length 141 IP6 localhost.52345 > 2a01:4f8:***:***::5.40111: UDP, length 141 On server tcpdump doesn't catch any packets. Maybe i need to set some rules with firewall (iptables, nftables)? P.S. I apologize for silly questions. _______________________________________________ WireGuard mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/wireguard
