Dear reader,
i tested 6.8-beta and WG
After going for behind NAT to behind NAT experiment ,
i went for two 'clients' behind a NAT to an openBSD device with a public IP
called here 'Server'
First of all , a minor detail, unless I thought wgport was not
optional because the
ifconfig output will not tell you the 'random port' chosen.
So you cannot configure wgpeer after, unless
you up the interface (1)
'Server'
# ifconfig wg1
wg1: flags=80c3<UP,BROADCAST,RUNNING,NOARP,MULTICAST> mtu 1420
index 5 priority 0 llprio 3
wgport 5555
wgpubkey XdbTdbNzEASSXvgwAHrBuuBNHpeDtS0CGH3KsT7TxzY=
wgpeer XxILKSdZ3JJr7fhAqzVNhNE4wbxJGfFlb4EYijqnU1k=
wgendpoint XXXXXXXXXX YYYY
tx: 13988, rx: 11164
last handshake: 135 seconds ago
wgaip 192.168.5.1/24
wgpeer Xo6rmtAMkXhGIJOtulLhzCialGdzoPhDSHou+LWWfz8=
wgendpoint XXXXXXXXXX YYYY
tx: 10164, rx: 5992
last handshake: 9 seconds ago
wgaip 192.168.0.0/16
groups: wg
inet 192.168.5.1 netmask 0xffff0000 broadcast 192.168.255.255
the wgaip filter is a bit confusing to me because i MAY want to
allow 192.168.5.1
on both but not having overlapping subnet , or maybe it's dedicated to
routing.
The man page of WG(4) or the faq could have a more fancy example to
illustrate
correct use of wgaip
The main question is related to the fact that
I was unable to ping the peers from the 'server'
until I pinged 192.168.5.1 from the two 'clients'.
# ping 192.168.6.1
PING 192.168.6.1 (192.168.6.1): 56 data bytes
^C
--- 192.168.6.1 ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss
## ping 192.168.5.1 or remote device here
# ping 192.168.6.1
PING 192.168.6.1 (192.168.6.1): 56 data bytes
64 bytes from 192.168.6.1: icmp_seq=0 ttl=255 time=12.564 ms
64 bytes from 192.168.6.1: icmp_seq=1 ttl=255 time=16.005 ms
Is this expected and/or due to the fact 192.168.6.1 is behind a NAT ?
Best
( one client is i386 the other amd64 , 6.8 beta is working so far !)
(1)
# ifconfig wg2 create wgkey `openssl rand -base64 32`
# ifconfig wg2
wg2: flags=8082<BROADCAST,NOARP,MULTICAST> mtu 1420
index 6 priority 0 llprio 3
wgpubkey iKbEvJvgyyzcdRcefgXaC7BWkmfUTREtL5BWvFeKdHo=
groups: wg
vps105766# ifconfig wg2 up
vps105766# ifconfig wg2
wg2: flags=80c3<UP,BROADCAST,RUNNING,NOARP,MULTICAST> mtu 1420
index 6 priority 0 llprio 3
wgport 16326
wgpubkey iKbEvJvgyyzcdRcefgXaC7BWkmfUTREtL5BWvFeKdHo=
groups: wg
man
```
wgport port
Set the UDP port that the tunnel operates on. The interface
will
bind to INADDR_ANY and IN6ADDR_ANY_INIT. If no port is
configured, one will be chosen automatically.
```
to
```
wgport port
Set the UDP port that the tunnel operates on. The interface
will
bind to INADDR_ANY and IN6ADDR_ANY_INIT. If no port is
configured, one will be chosen automatically when the
interface is up.
```
?
--
--
---------------------------------------------------------------------------------------------------------------------
Knowing is not enough; we must apply. Willing is not enough; we must do
