Re: multi-home difficulty

2017-11-30 Thread d tbsky
2017-11-29 22:49 GMT+08:00 Jason A. Donenfeld : > On Wed, Nov 29, 2017 at 3:16 PM, d tbsky wrote: >> sorry I misunderstand you. you mean I modify the script and run >> in my environment to reveal the problem? >> ok I will try to do it. > > Take what I sent

Re: multi-home difficulty

2017-11-29 Thread d tbsky
2017-11-30 14:22 GMT+08:00 d tbsky : > 2017-11-30 14:15 GMT+08:00 d tbsky : >> 2017-11-29 22:49 GMT+08:00 Jason A. Donenfeld : >>> On Wed, Nov 29, 2017 at 3:16 PM, d tbsky wrote: sorry I misunderstand you. you mean I

Re: multi-home difficulty

2017-11-29 Thread d tbsky
2017-11-30 14:15 GMT+08:00 d tbsky : > 2017-11-29 22:49 GMT+08:00 Jason A. Donenfeld : >> On Wed, Nov 29, 2017 at 3:16 PM, d tbsky wrote: >>> sorry I misunderstand you. you mean I modify the script and run >>> in my environment to reveal

Re: multi-home difficulty

2017-11-29 Thread d tbsky
2017-11-29 22:49 GMT+08:00 Jason A. Donenfeld : > On Wed, Nov 29, 2017 at 3:16 PM, d tbsky wrote: >> sorry I misunderstand you. you mean I modify the script and run >> in my environment to reveal the problem? >> ok I will try to do it. > > Take what I sent

Re: multi-home difficulty

2017-11-29 Thread Jason A. Donenfeld
On Wed, Nov 29, 2017 at 3:16 PM, d tbsky wrote: > sorry I misunderstand you. you mean I modify the script and run > in my environment to reveal the problem? > ok I will try to do it. Take what I sent you. Run it. If it breaks, send me the output and your kernel. If it

Re: multi-home difficulty

2017-11-29 Thread d tbsky
2017-11-29 22:10 GMT+08:00 Jason A. Donenfeld : > Hi tbskyd, > > This is on 4.14.2. Would you confirm that this is an issue on your > kernel by actually _running that script and sending the output to the > list_? It would also be helpful to have the output of uname -a. > > Jason

Re: multi-home difficulty

2017-11-29 Thread Jason A. Donenfeld
Hi tbskyd, This is on 4.14.2. Would you confirm that this is an issue on your kernel by actually _running that script and sending the output to the list_? It would also be helpful to have the output of uname -a. Jason ___ WireGuard mailing list

Re: multi-home difficulty

2017-11-29 Thread d tbsky
2017-11-29 21:51 GMT+08:00 Jason A. Donenfeld : > Hi, > > I made a small script in order to reproduce this issue, but I was not > able to replicate the results. Would you spend some time with the below > code tweaking it so that it exhibits the broken behavior you're seeing? > >

Re: multi-home difficulty

2017-11-29 Thread Jason A. Donenfeld
Hi, I made a small script in order to reproduce this issue, but I was not able to replicate the results. Would you spend some time with the below code tweaking it so that it exhibits the broken behavior you're seeing? Jason script (please mind the use of literal \t) #!/bin/bash set

Re: multi-home difficulty

2017-11-29 Thread d tbsky
2017-11-23 7:35 GMT+08:00 Jason A. Donenfeld : > On Tue, Nov 21, 2017 at 3:35 PM, d tbsky wrote: >> thanks for the quick reply. my wireguard configuration is in the >> previous mail, so I think the linux firewall part is what you want. > > Right. So if you can

Re: multi-home difficulty

2017-11-23 Thread d tbsky
2017-11-23 7:35 GMT+08:00 Jason A. Donenfeld : > On Tue, Nov 21, 2017 at 3:35 PM, d tbsky wrote: >> thanks for the quick reply. my wireguard configuration is in the >> previous mail, so I think the linux firewall part is what you want. > > Right. So if you can

Re: multi-home difficulty

2017-11-22 Thread Jason A. Donenfeld
On Tue, Nov 21, 2017 at 3:35 PM, d tbsky wrote: > thanks for the quick reply. my wireguard configuration is in the > previous mail, so I think the linux firewall part is what you want. Right. So if you can give me minimal instructions on how to set up a box that exhibits the

Re: multi-home difficulty

2017-11-21 Thread d tbsky
2017-11-21 22:15 GMT+08:00 Jason A. Donenfeld : > On Tue, Nov 21, 2017 at 2:21 PM, d tbsky wrote: >> so at first client 2.2.2.2:51820 connect to server 1.1.1.1:51820 >> but then server use 172.18.1.254(lan ip address) to reply and 51820 >> port is nat to 1085

Re: multi-home difficulty

2017-11-21 Thread Jason A. Donenfeld
On Tue, Nov 21, 2017 at 2:21 PM, d tbsky wrote: > so at first client 2.2.2.2:51820 connect to server 1.1.1.1:51820 > but then server use 172.18.1.254(lan ip address) to reply and 51820 > port is nat to 1085 so the communication is broken. The server should use 1.1.1.1 to

Re: multi-home difficulty

2017-11-21 Thread Tomas Herceg
+1 for binding only on specific IP On 11/21/2017 02:21 PM, d tbsky wrote: > Hi: >I tested wireguard and the speed is amazing. but when I try to > deploy it to our real linux firewall, I found it is hard to make it > work. > >our current linux firewall have multiple interface and multiple