RVP <r...@sdf.org> wrote:
> On Tue, 14 Jan 2025, Paul W. Rankin wrote:
>
> > I disabled the firewall entirely and saw no change. At least we can
> > rule that out.
> >
>
> OK, judging from the `vioif0' i/f name, the server is running in a VM, and
> from the client i/f name you were doing the tcpdump on, utun4, plus the fact
> that ICMP packets (pings) from the client were seen as UDP packets on the
> server (this is what QEMU, for one, does when it's running unprivileged--it
> doesn't have rootly powers, so it "compensates") , I would judge that the
> client is running inside a VM too?
>
> Can you show the output of `ifconfig -a' on both the server and client?
> Have the VMs assigned a 10.x.x.x (again, std. for QEMU in some config.) to
> the virtual i/f addresses?
>
> If so, can you reassign the Wireguard addresses to some other range?
The server is a VM, the host uses KVM. The macOS client is not a VM,
it's 100% pure Apple.
On the NetBSD server/VM:
# ifconfig -a
vioif0: flags=0x8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ec_capabilities=0x1<VLAN_MTU>
ec_enabled=0
address: 56:00:05:34:d7:f6
status: active
inet6 fe80::5400:5ff:fe34:d7f6%vioif0/64 flags 0 scopeid 0x1
inet6 2001:19f0:5:34b4:43ba:2063:5ba4:b14d/64 flags 0x40<AUTOCONF>
inet 64.176.222.118/23 broadcast 64.176.223.255 flags 0
lo0: flags=0x8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33624
status: active
inet6 ::1/128 flags 0x20<NODAD>
inet6 fe80::1%lo0/64 flags 0 scopeid 0x2
inet 127.0.0.1/8 flags 0
wg0: flags=0x8041<UP,RUNNING,MULTICAST> mtu 1420
status: active
inet6 fe80::1457:1bc8:34cf:69c0%wg0/64 flags 0 scopeid 0x3
inet6 fd00:2::1/64 flags 0
inet 10.2.0.1/24 flags 0
On the macOS client (with WireGuard up):
# ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
anpi0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 32:81:29:1a:04:10
media: none
status: inactive
anpi1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 32:81:29:1a:04:11
media: none
status: inactive
en3: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 32:81:29:1a:04:f0
nd6 options=201<PERFORMNUD,DAD>
media: none
status: inactive
en4: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 32:81:29:1a:04:f1
nd6 options=201<PERFORMNUD,DAD>
media: none
status: inactive
en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=460<TSO4,TSO6,CHANNEL_IO>
ether 36:72:48:7c:ca:40
media: autoselect <full-duplex>
status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=460<TSO4,TSO6,CHANNEL_IO>
ether 36:72:48:7c:ca:44
media: autoselect <full-duplex>
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 36:72:48:7c:ca:40
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x0
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 8 priority 0 path cost 0
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 9 priority 0 path cost 0
nd6 options=201<PERFORMNUD,DAD>
media: <unknown type>
status: inactive
ap1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=6460<TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
ether 52:91:5a:1a:42:6e
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (none)
status: inactive
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=6460<TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
ether ca:99:92:43:3b:a2
inet6 fe80::1ca6:590:f8a2:bef4%en0 prefixlen 64 secured scopeid 0xb
inet6 2001:8004:4441:9766:10d2:3653:5ef:b94d prefixlen 64 autoconf
secured
inet6 2001:8004:4441:9766:fc9f:865:9605:fe57 prefixlen 64 autoconf
temporary
inet 192.168.1.111 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet6 fe80::e935:47f0:ab8f:346f%utun0 prefixlen 64 scopeid 0xd
nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::a7f7:6660:f35a:9eb4%utun1 prefixlen 64 scopeid 0xe
nd6 options=201<PERFORMNUD,DAD>
awdl0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=6460<TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
ether 2e:1b:ea:d8:46:aa
inet6 fe80::2c1b:eaff:fed8:46aa%awdl0 prefixlen 64 scopeid 0xf
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
llw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 2e:1b:ea:d8:46:aa
inet6 fe80::2c1b:eaff:fed8:46aa%llw0 prefixlen 64 scopeid 0x10
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (none)
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::d339:6b9b:7bce:8c12%utun2 prefixlen 64 scopeid 0x11
nd6 options=201<PERFORMNUD,DAD>
utun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1000
inet6 fe80::ce81:b1c:bd2c:69e%utun3 prefixlen 64 scopeid 0x12
nd6 options=201<PERFORMNUD,DAD>
utun5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::5368:e35c:6e05:aa2f%utun5 prefixlen 64 scopeid 0x14
nd6 options=201<PERFORMNUD,DAD>
utun6: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::812b:b59e:1e0f:eb87%utun6 prefixlen 64 scopeid 0x15
nd6 options=201<PERFORMNUD,DAD>
