Re: Getting wg(4) NetBSD server to work with WireGuard(R) macOS client

Tue, 14 Jan 2025 02:22:27 -0800 


RVP <r...@sdf.org> wrote:
> On Tue, 14 Jan 2025, Paul W. Rankin wrote:
> 
> >> From the NetBSD server...
> >
> >     $ nc -ul 9443; echo $?
> >     nc: Address already in use
> >     1
> >
> 
> You'll have to stop wireguard first.

NetBSD server:

        $ ifconfig wg0 destroy

> > UDP works:
> >
> >     $ nc -zu starbeastie.rnkn.xyz 9443; echo $?
> >     Connection to starbeastie.rnkn.xyz port 9443 [udp/tungsten-https] 
> > succeeded!
> >     0
> >
> 
> UDP's not a connection-oriented protocol, so you'll have to pass data to see
> if the connection works.

NetBSD server:

        $ nc -ul 9443
        hello world

macOS client:

        $ nc -u starbeastie.rnkn.xyz 9443
        hello world

UDP works!

> > TCP does not:
> >
> >     $ nc -z starbeastie.rnkn.xyz 9443; echo $?
> >     1
> >
> 
> No TCP server at the other end (and the UDP one didn't start/won't do).
> Run a TCP server with: nc -l 9443 (after stopping WG, of course).

I opened up TCP port 9443 on my hosting firewall (previously only UDP
was open) and:

NetBSD server:

        $ nc -l 9443
        hello world

macOS client:

        $ nc starbeastie.rnkn.xyz 9443
        hello world

TCP works!

Also I don't know if this is of note, but after configuring wg again
on the server, and starting the WireGuard client:

On the client:

        $ nc -u starbeastie.rnkn.xyz 9443
        hello

On the server:

        $ doas tcpdump -tn -i wg0 port 9443
        Password:
        tcpdump: verbose output suppressed, use -v or -vv for full protocol 
decode
        listening on wg0, link-type NULL (BSD loopback), capture size 262144 
bytes
        IP 10.2.0.42.50968 > 64.176.222.118.9443: UDP, length 6


With the TCP port open I can ping the server from the client with
WireGuard up:

        $ ping 10.2.0.1
        PING 10.2.0.1 (10.2.0.1): 56 data bytes
        64 bytes from 10.2.0.1: icmp_seq=0 ttl=255 time=326.084 ms
        64 bytes from 10.2.0.1: icmp_seq=1 ttl=255 time=354.826 ms
        64 bytes from 10.2.0.1: icmp_seq=2 ttl=255 time=425.718 ms
        64 bytes from 10.2.0.1: icmp_seq=3 ttl=255 time=357.604 ms
        64 bytes from 10.2.0.1: icmp_seq=4 ttl=255 time=336.651 ms
        64 bytes from 10.2.0.1: icmp_seq=5 ttl=255 time=379.865 ms
        ^C
        --- 10.2.0.1 ping statistics ---
        7 packets transmitted, 6 packets received, 14.3% packet loss
        round-trip min/avg/max/stddev = 326.084/363.458/425.718/32.582 ms

Still nothing from Firefox/curl on the client though.

Reply via email to