Re: wireguard-go on MACos

2022-09-19 Thread Devanath S 
Hi Shulhan,

Yes, we already do that. In split tunnel mode, we cannot make all
traffic to reach the wireguard server (only a subset of the traffic is
routed through the tunnel).

SO the feature is specific domain name requests will be directed to
dns proxy running on wireguard device => proxy forwards to wireguard
service (where the dns server resides) through the tunnel. For the
rest of the domain names, they are resolved using the primary DNS
server on the desktop.
This works as expected when we run the DNS proxy on localhost. But
want it to listen on wireguard device ipaddress instead. This fails on
MACos. Hope it makes sense. Thanx in advance.


Regards,
Dev
--

> Hi Dev,

> On Mon, 19 Sep 2022 10:47:29 -0700
> Devanath S  wrote:

> Hi All,
>
> We are using wireguard-go on MACOS/LINUX and a dns-proxy is listening
> on wireguard device. dns-proxy is receiving dns requests from the
> desktop (destined to wireguarddeviceip:53) on linuxos. But the same
> does not work on MACos.
>
> I have tried to create tun/ap using go-library (water) and was able to
> receive the requests, but the same fails when using a wireguard device
> created using wireguard-go. Also ping to wireguard device ip from the
> desktop fails miserably.
>

I assume you want to make all peers request to the same DNS server, yes?

In that case, instead of installing dns-proxy on each user, setup a
central DNS server and let the WireGuard handle the rest.

For example, in my experience, I setup rescached [1] (or any DNS
caches/forwarder) on the "server" peer at 10.8.0.1 and set the DNS
option on each "client" peer to that address

  [Interface]
  ...
  DNS = 10.8.0.1

With this mode, client does not need to install or setup anything except
the WireGuard application.

On Mon, Sep 19, 2022 at 10:47 AM Devanath S  wrote:
>
> Hi All,
>
> We are using wireguard-go on MACOS/LINUX and a dns-proxy is listening
> on wireguard device. dns-proxy is receiving dns requests from the
> desktop (destined to wireguarddeviceip:53) on linuxos. But the same
> does not work on MACos.
>
> I have tried to create tun/ap using go-library (water) and was able to
> receive the requests, but the same fails when using a wireguard device
> created using wireguard-go. Also ping to wireguard device ip from the
> desktop fails miserably.
>
> I am kind of blocked, Appreciate any help regarding this.
>
> Regards,
> Dev

wireguard-go on MACos

2022-09-19 Thread Devanath S 
Hi All,

We are using wireguard-go on MACOS/LINUX and a dns-proxy is listening
on wireguard device. dns-proxy is receiving dns requests from the
desktop (destined to wireguarddeviceip:53) on linuxos. But the same
does not work on MACos.

I have tried to create tun/ap using go-library (water) and was able to
receive the requests, but the same fails when using a wireguard device
created using wireguard-go. Also ping to wireguard device ip from the
desktop fails miserably.

I am kind of blocked, Appreciate any help regarding this.

Regards,
Dev

wireguard performance

2022-04-04 Thread Devanath S 
Hi All,

We were trying to test the performance of wireguard on GCP and found
it around 1G for TCP and around 500-800 for UDP.

Plz do let us know if there are any ways to UP this performance.  Any
suggestion is appreciated.

Regards
Dev

Wireguard netstack client/server

2022-02-21 Thread Devanath S 
Hi,

Was trying to understand the netstack related examples in
wireguard-go/tun/netstack/examples/

Examples for netstack available in other distributions, all do
createNIC using the fd of the network on the host-machine or likewise.
So packets enter/leave netstack through those interfaces.

With wireguard-go/tun/netstack/examples/   I dont see any interface
created on the host machine, then how are the packets enter/leave
netstack where wireguard devices are running? Plz advice.

Regards,
dev

wireguard-go on container-optimized os on GCP

2021-09-20 Thread Devanath S 
Hi All,

I am trying to run wireguard-go (using
"golang.zx2c4.com/wireguard/wgctrl" for configure) on
container-optimized os on GCP and I am facing the below issue. The
same works on ubuntu/centos etc

1) Wireguard device creation and tunnel gets created as required. It
works as expected
2) When the admin wants to delete the wg tunnel interface and recreate
the wg interface.  It gives error "err device or resource busy"

=> To create the tunnel device
tun.CreateTUN(deviceName, mtu).
device.NewDevice(tun, deviceLogger)
=>To delete the tunnel device
func (device *Device) Close()  which is probably calling
tun.tunFile.Close(), to close the FD

Snippet of the logs, while closing the device and creating again

^[[0m^[[1;33m[22:04:47 2021/09/09 +] [WARN] LIsten_WG_API:
userspace wireguard device API interface closed, error while accepting
connection, err:fd closed

^[[0m[22:04:47 2021/09/09 +] [INFO] .Close: closed userspace
wireguard API interface and device

^[[0m[22:04:47 2021/09/09 +] [INFO] CreateWg: create userspace
wireguard device wg1

^[[0m^[[0;31m[22:04:47 2021/09/09 +] [EROR] CreateUSWG: userspace
tunnel interface creation failed, device name wg1, err device or
resource busy

^[[0m^[[0;31m[22:04:47 2021/09/09 +] [EROR] CreateWgfailed to
create wg1: device or resource busy

^[[0m^[[0;31m[22:04:47 2021/09/09 +] [EROR]new Config:device or
resource busy


Plz let me know if I am missing something.

Regards,
Dev

Re: wireguard-go on windows

2021-09-12 Thread Devanath S 
Hi All,,

I am trying to run wireguard-go (using
"golang.zx2c4.com/wireguard/wgctrl" for configure) on
container-optimized os on GCP and I am facing the below issue. The
same works on ubuntu/centos etc

1) Wireguard device creation and tunnel gets created as required. It
works as expected
2) When the admin wants to delete the wg tunnel interface and recreate
the wg interface.  It gives error "err device or resource busy"

=> To create the tunnel device
tun.CreateTUN(deviceName, mtu).
device.NewDevice(tun, deviceLogger)
=>To delete the tunnel device
func (device *Device) Close()  which is probably calling
tun.tunFile.Close(), to close the FD

Snippet of the logs, while closing the device and creating again

^[[0m^[[1;33m[22:04:47 2021/09/09 +] [WARN] LIsten_WG_API:
userspace wireguard device API interface closed, error while accepting
connection, err:fd closed

^[[0m[22:04:47 2021/09/09 +] [INFO] .Close: closed userspace
wireguard API interface and device

^[[0m[22:04:47 2021/09/09 +] [INFO] CreateWg: create userspace
wireguard device wg1

^[[0m^[[0;31m[22:04:47 2021/09/09 +] [EROR] CreateUSWG: userspace
tunnel interface creation failed, device name wg1, err device or
resource busy

^[[0m^[[0;31m[22:04:47 2021/09/09 +] [EROR] CreateWgfailed to
create wg1: device or resource busy

^[[0m^[[0;31m[22:04:47 2021/09/09 +] [EROR]new Config:device or
resource busy


Plz let me know if I am missing something.

Regards,
Dev

wireguard tunnel UP/DOWN registration

2021-08-06 Thread Devanath S 
Hi All,

Is there a way an application can register to wireguard to get tunnel
handshake successful/failure events.
Plz suggest.

Regards,
Dev

Re: wireguard-go on windows

2021-02-26 Thread Devanath S 
Hi  Jason/Matt,

I could try running any debug binaries or debug patches, that you want
to run to troubleshoot the issue. Plz, advice.

Regards,
Dev

On Thu, Feb 25, 2021 at 12:15 PM Matt Layher  wrote:
>
> A glance at
> https://github.com/WireGuard/wgctrl-go/blob/master/internal/wguser/parse.go#L48
> seems to indicate that we treat the first "blank" line produced by
> bufio.Scanner (which strips \n) as a sentinel to stop parsing, which
> would mean something like "errno=0\n\n" would parse the errno and be
> done once it interprets the final line "\n".
>
> The tests seem to indicate this works as expected, but I don't regularly
> develop on Windows and welcome PRs if something has changed.
> - Matt
>
> On 2/25/21 12:54 PM, Jason A. Donenfeld wrote:
> > + Matt Layher
> >
> > Hi Davanath,
> >
> >> We are trying to use wgctrl way of configuring the wireguard devices
> >> and facing issues while creating/configuring the wireguard device on
> >> windows.
> >>
> >> 1) First problem was while creating the wintun device using wintun.dll
> >> and using wgctrl for configuring it.  It hangs in
> >> wgclient.ConfigureDevice api()
> > wgctrl works with wireguard. wireguard uses wintun, but wireguard is not 
> > wintun.
> >
> >> 2) So tried to first create the device through wireguard.exe. And then
> >> used wgctrl way to configure it, but wgClient.Devices() is not able to
> >> get the devices on our test windows boxes (even though it works on my
> >> development machine)
> > This sounds like a potential bug in wgctrl.
> >
> > Matt -- I wonder if there's a bug in the parser, recently unearthed by
> > a change in wireguard-go. Specifically, uapi stipulates that requests
> > and responses end with \n\n. Is it possible that you're relying on the
> > socket to EOF, instead of looking for the \n\n? Recent wireguard-go
> > keeps the socket open, in case you want to send one request after
> > another.
> >
> > Jason

Fwd: wireguard-go on windows

2021-02-25 Thread Devanath S 
Hi Jason,

Thank you for your prompt response.

We are trying to use wgctrl way of configuring the wireguard devices
and facing issues while creating/configuring the wireguard device on
windows.

1) First problem was while creating the wintun device using wintun.dll
and using wgctrl for configuring it.  It hangs in
wgclient.ConfigureDevice api()

2) So tried to first create the device through wireguard.exe. And then
used wgctrl way to configure it, but wgClient.Devices() is not able to
get the devices on our test windows boxes (even though it works on my
development machine)

So was trying to investigate how wireguard works on windows.  With
wgctrl package I was able to get it working on linux/mac, but facing
such issues on windows.  The reason for using wgctrl was to make it
configurable through our own APP.

Regard,
Dev

On Thu, Feb 25, 2021 at 7:54 AM Jason A. Donenfeld  wrote:
>
> I'm curious to learn what you're trying to debug this way; you're
> better off using wireguard-windows.
>
> The pipe permissions are too strict internally, it appears. Try
> running as Local System.
>
> Jason

wireguard-go on windows

2021-02-25 Thread Devanath S 
Hi All,

I am trying to run wireguard-go on windows for debugging purpose only
and seem to get the below error.

Login user is local admin on the box and it is run as administrator. Plz advice.

c:\Go\wire-win\wireguard-go>.\wireguard.exe wg0
Warning: this is a test program for Windows, mainly used for debugging
this Go package. For a real WireGuard for Windows client, the repo you
want is , which includes
this code as a module.
INFO: (wg0) 2021/02/24 22:09:55 Starting wireguard-go version 0.0.20201118
DEBUG: (wg0) 2021/02/24 22:09:55 Debug log enabled
2021/02/24 22:09:55 [Wintun] CreateAdapter: Creating adapter
DEBUG: (wg0) 2021/02/24 22:09:56 UDP bind has been updated
INFO: (wg0) 2021/02/24 22:09:56 Device started
ERROR: (wg0) 2021/02/24 22:09:56 Failed to listen on uapi socket: open
\\.\pipe\ProtectedPrefix\Administrators\WireGuard\wg0: This security
ID may not be assigned as the owner of this object.


Regards,
srini