subject:"Re\: snapshot 0.0.20170628 broken\?"

Re: snapshot 0.0.20170628 broken?

2017-06-29 Thread HDA


Just to be sure, you can replace wg-quick for 0.0.20170628 with 0.0.20170613  
wg-quick version from 
https://git.zx2c4.com/WireGuard/tree/src/tools/wg-quick.bash?h=0.0.20170613 and 
try it out.
On Thu, Jun 29, 2017, at 17:23, Reuben Martin wrote:
> On Thursday, June 29, 2017 11:39:33 AM CDT Jason A. Donenfeld wrote:
> > Hey Reuben,
> > 
> > I'm unable to reproduce these results. How sure are you about this
> > situation? Have you tried to reproduce more than once? What are you
> > using to configure the peers?
> > 
> > Jason
> 
> Yes, I can consistantly reproduce when I move all 3 computers to the
> newer
> snapshot. This is Gentoo system using (gasp) systemd. I configure the
> peers
> using the wg-quick@wg0 service unit. I use a post-up and pre-down in the
> config to setup a vxlan overlayed on top of the VPN connections, but I
> don’t
> think that should matter since this is just using the wg0 interface
> directly. I
> can provide that setup info if you think it might be relevant.
> 
> tshark capture of a simple wget from the computer that can’t connect.
> 
> 
> 5 7.615139647 192.168.100.12 → 192.168.100.1 TCP 60 54134 → 80 [SYN]
> Seq=0 Win=27600 Len=0 MSS=1380 SACK_PERM=1 TSval=3852526353 TSecr=0
> WS=128
> 6 7.684940917 192.168.100.1 → 192.168.100.12 TCP 60 80 → 54134 [SYN,
> ACK] Seq=0 Ack=1 Win=27360 Len=0 MSS=1380 SACK_PERM=1
> TSval=3308550712 TSecr=3852526353 WS=128
> 7 7.684956294 192.168.100.12 → 192.168.100.1 TCP 52 54134 → 80 [ACK]
> Seq=1 Ack=1 Win=27648 Len=0 TSval=3852526423 TSecr=3308550712
> 8 7.685008715 192.168.100.12 → 192.168.100.1 HTTP 202 GET /index.html
> HTTP/1.1 
> 9 7.754723388 192.168.100.1 → 192.168.100.12 TCP 52 80 → 54134 [ACK]
> Seq=1 Ack=151 Win=28544 Len=0 TSval=3308550782 TSecr=3852526423
>10 7.998440304 a6:67:de:b7:51:27 → Spanning-tree-(for-bridges)_00 STP
>88 Conf. Root = 0/0/8a:46:93:88:40:8b  Cost = 0  Port = 0x8003
>11 9.982462221 a6:67:de:b7:51:27 → Spanning-tree-(for-bridges)_00 STP
>88 Conf. Root = 0/0/8a:46:93:88:40:8b  Cost = 0  Port = 0x8003
>12 10.321889091 192.168.100.12 → 192.168.100.1 TCP 52 54134 → 80 [FIN,
>ACK] Seq=151 Ack=1 Win=27648 Len=0 TSval=3852529060 TSecr=3308550782
>13 10.392081110 192.168.100.1 → 192.168.100.12 TCP 52 [TCP Previous
>segment not captured] 80 → 54134 [FIN, ACK] Seq=1010 Ack=152 Win=28544
>Len=0 TSval=3308553420 TSecr=3852529060
>14 10.392097109 192.168.100.12 → 192.168.100.1 TCP 40 54134 → 80 [RST]
>Seq=152 Win=0 Len=0
> 
> 
> -Reuben
> ___
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard


___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: snapshot 0.0.20170628 broken?

2017-06-29 Thread Jason A. Donenfeld

Hello Reuben,

I've tried several things to try to reproduce this, in different
network configurations, and I'm entirely unable to. Could you provide
more details? Like the output of:

wg
ip link
ip addr
cat /proc/cpuinfo
cat /proc/version
lspci
lsusb
lshw
lsmod
lsb_release -a
cat /sys/module/wireguard/version
dmesg
nping --tcp wireguard.io -p 80 -c 1 -vv

For each of the three systems?

Thanks,
Jason
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: snapshot 0.0.20170628 broken?

2017-06-29 Thread Reuben Martin

On Thursday, June 29, 2017 11:39:33 AM CDT Jason A. Donenfeld wrote:
> Hey Reuben,
> 
> I'm unable to reproduce these results. How sure are you about this
> situation? Have you tried to reproduce more than once? What are you
> using to configure the peers?
> 
> Jason

Yes, I can consistantly reproduce when I move all 3 computers to the newer
snapshot. This is Gentoo system using (gasp) systemd. I configure the peers
using the wg-quick@wg0 service unit. I use a post-up and pre-down in the
config to setup a vxlan overlayed on top of the VPN connections, but I don’t
think that should matter since this is just using the wg0 interface directly. I
can provide that setup info if you think it might be relevant.

tshark capture of a simple wget from the computer that can’t connect.


5 7.615139647 192.168.100.12 → 192.168.100.1 TCP 60 54134 → 80 [SYN] Seq=0 
Win=27600 Len=0 MSS=1380 SACK_PERM=1 TSval=3852526353 TSecr=0 WS=128
6 7.684940917 192.168.100.1 → 192.168.100.12 TCP 60 80 → 54134 [SYN, ACK] 
Seq=0 Ack=1 Win=27360 Len=0 MSS=1380 SACK_PERM=1 TSval=3308550712 
TSecr=3852526353 WS=128
7 7.684956294 192.168.100.12 → 192.168.100.1 TCP 52 54134 → 80 [ACK] Seq=1 
Ack=1 Win=27648 Len=0 TSval=3852526423 TSecr=3308550712
8 7.685008715 192.168.100.12 → 192.168.100.1 HTTP 202 GET /index.html 
HTTP/1.1 
9 7.754723388 192.168.100.1 → 192.168.100.12 TCP 52 80 → 54134 [ACK] Seq=1 
Ack=151 Win=28544 Len=0 TSval=3308550782 TSecr=3852526423
   10 7.998440304 a6:67:de:b7:51:27 → Spanning-tree-(for-bridges)_00 STP 88 
Conf. Root = 0/0/8a:46:93:88:40:8b  Cost = 0  Port = 0x8003
   11 9.982462221 a6:67:de:b7:51:27 → Spanning-tree-(for-bridges)_00 STP 88 
Conf. Root = 0/0/8a:46:93:88:40:8b  Cost = 0  Port = 0x8003
   12 10.321889091 192.168.100.12 → 192.168.100.1 TCP 52 54134 → 80 [FIN, ACK] 
Seq=151 Ack=1 Win=27648 Len=0 TSval=3852529060 TSecr=3308550782
   13 10.392081110 192.168.100.1 → 192.168.100.12 TCP 52 [TCP Previous segment 
not captured] 80 → 54134 [FIN, ACK] Seq=1010 Ack=152 Win=28544 Len=0 
TSval=3308553420 TSecr=3852529060
   14 10.392097109 192.168.100.12 → 192.168.100.1 TCP 40 54134 → 80 [RST] 
Seq=152 Win=0 Len=0


-Reuben
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: snapshot 0.0.20170628 broken?

2017-06-29 Thread Kalin KOZHUHAROV

On Thu, Jun 29, 2017 at 6:42 PM, Jason A. Donenfeld  wrote:
> He said already: 20170613
Ooops!

Sorry about the noise, time for evening coffee it seems ;-/

Kalin.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: snapshot 0.0.20170628 broken?

2017-06-29 Thread Kalin KOZHUHAROV

Hello Reuben,

And what was the last good version that was working in this same setup?

Kalin.
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: snapshot 0.0.20170628 broken?

2017-06-29 Thread Reuben Martin

On Thursday, June 29, 2017 11:14:01 AM CDT HDA wrote:
> Did you use same snapshot version across all machines?

yes.

> Should we postpone snapshot update in Ubuntu PPA?
> 
> On Thu, Jun 29, 2017, at 15:47, Reuben Martin wrote:
> > Something is off with this latest snapshot:
> > 
> > - Computer-X sitting in the cloud accepting incomming connections.
> > 
> > - Computer-A sits behind a masquerade NAT or a remote network. Computer-A
> > can
> > connect to Computer-X, and then create a TCP session with services on
> > Computer-X directly over the wg0 interface.
> > 
> > - Computer-B is behind the same NAT as Computer-A. It can also create a
> > connection with Computer-X. It gets a response pinging Computer-X on it’s
> > wg0
> > address, but it cannont create a TCP session with services on Computer-X
> > over
> > the wg0 interface.
> > 
> > The only thing I have found that might be relevant is that A was the
> > first to
> > connect, so the NAT port assigned is the same as the port that wireguard
> > on X
> > is listening to. Where-as B gets assigned a random port on the NAT side.
> > That
> > may just be coincidental though. Downgrading to 20170613 and TCP sessions
> > work
> > from all connections again.
> > 
> > -Reuben
> > ___
> > WireGuard mailing list
> > WireGuard@lists.zx2c4.com
> > https://lists.zx2c4.com/mailman/listinfo/wireguard
> 
> ___
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard


___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: snapshot 0.0.20170628 broken?

2017-06-29 Thread HDA

Did you use same snapshot version across all machines?
Should we postpone snapshot update in Ubuntu PPA?
On Thu, Jun 29, 2017, at 15:47, Reuben Martin wrote:
> Something is off with this latest snapshot:
> 
> - Computer-X sitting in the cloud accepting incomming connections.
> 
> - Computer-A sits behind a masquerade NAT or a remote network. Computer-A
> can 
> connect to Computer-X, and then create a TCP session with services on 
> Computer-X directly over the wg0 interface.
> 
> - Computer-B is behind the same NAT as Computer-A. It can also create a 
> connection with Computer-X. It gets a response pinging Computer-X on it’s
> wg0 
> address, but it cannont create a TCP session with services on Computer-X
> over 
> the wg0 interface.
> 
> The only thing I have found that might be relevant is that A was the
> first to 
> connect, so the NAT port assigned is the same as the port that wireguard
> on X 
> is listening to. Where-as B gets assigned a random port on the NAT side.
> That  
> may just be coincidental though. Downgrading to 20170613 and TCP sessions
> work 
> from all connections again.
> 
> -Reuben
> ___
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard




___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: snapshot 0.0.20170628 broken?

Re: snapshot 0.0.20170628 broken?

Re: snapshot 0.0.20170628 broken?

Re: snapshot 0.0.20170628 broken?

Re: snapshot 0.0.20170628 broken?

Re: snapshot 0.0.20170628 broken?

Re: snapshot 0.0.20170628 broken?

7 matches

Site Navigation

Mail list logo

Footer information