Hello,

in the mail below the mtr results as picture, as "mtr" opens a GUI for me.

Here the results again, but from the commandline:
homeserver.fritz.box (2003:xxxxxxxxx:feaa:27bb) 2020-11-28T17:39:11+0100
Keys:  Help   Display mode   Restart statistics   Order of fields   quit
Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. p200300cb972aa0009ec7a6fffefd3a69.dip0.t-ipconnect.de 0.0% 15 0.5 0.5 0.5 0.7 0.1 2. 2003:0:8501::1 0.0% 15 7.9 13.1 7.5 47.7 11.1
 3. ???
 4. ???
5. ddf-b2-v6.telia.net 0.0% 14 75.9 81.7 75.9 96.7 5.0 6. glasfaser-svc070650-ic356771.c.telia.net 76.9% 14 78.2 81.0 78.2 82.4 2.4 7. 2a00:6020:0:a::2 0.0% 14 82.5 79.7 72.0 83.2 3.4 8. lo1007.kr1.dc1-bor.dg-ao.de 0.0% 14 81.8 82.9 68.1 87.6 4.9 9. 2a00:6020:1000:3:dd0e:7f3d:d93e:f23d 0.0% 14 84.0 85.6 71.6 90.5 5.0 10. 2a00:yyyyyyyyyyy:fe7f:c33a 0.0% 14 84.3 84.1 77.4 88.9 3.8


and in the opposite direction


Keys:  Help   Display mode   Restart statistics   Order of fields   quit
Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. fritz.box 0.0% 15 0.5 0.5 0.4 0.8 0.0
 2. ???
3. 2a00:6020:0:a::1 20.0% 15 7.5 7.6 7.5 8.5 0.0 4. ddf-b2-link.telia.net 0.0% 15 6.2 7.7 6.0 26.8 5.3
 5. ???
6. hbg-b2-v6.telia.net 26.7% 15 12.9 13.0 12.8 14.0 0.0 7. 2003:0:1400:c004::1 33.3% 15 71.6 72.1 68.7 75.9 2.8 8. 2003:0:8501::1 0.0% 14 80.2 76.9 69.1 80.3 3.1 9. ddddddddddddd.dip0.t-ipconnect.de 0.0% 14 83.6 85.4 66.0 92.9 6.2


There are many packet losses, as far as I see.
But also many packets seem to go through (never 100% loss).
Does that help?

Regards,
Hendrik




















------ Originalnachricht ------
Von: "Hendrik Friedel" <[email protected]>
An: "Max R. P. Grossmann" <[email protected]>
Cc: [email protected]
Gesendet: 23.11.2020 21:37:24
Betreff: Re[2]: Connection works, ping does not

Hello Max,

thanks for your reply.


Could it be that some kind of firewall is restricting UDP traffic to your other 
server?

Well, locally, I do use this machine as Host for many tunnels.



E.g. could you try to run `mtr --udp [other server's public IP address]` on 
your computer (while disabling your other WireGuard connection, if applicable) 
and report back whether there is any kind of packet loss?
I used traceroute on the commandline for this:

Remote_

wg-quick up wgnet0
[#] ip link add wgnet0 type wireguard
[#] wg setconf wgnet0 /dev/fd/63
[#] ip -4 address add 10.192.122.3/32 dev wgnet0
[#] ip link set mtu 1420 up dev wgnet0
[#] wg set wgnet0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wgnet0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0

root@openmediavault:/etc/wireguard# wg show
interface: wgnet0
  public key: cebXSaxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxMFw=
  private key: (hidden)
  listening port: 42759
  fwmark: 0xca6c

peer: oNjmmmmmmmmmmmmmmmmmmmmmmmmmmmmU=
  endpoint: [2003:cb:97ff:33d8:9ec7:a6ff:fefd:3a6d]:51820
  allowed ips: 0.0.0.0/0
  transfer: 0 B received, 444 B sent
  persistent keepalive: every 25 seconds


Local:
traceroute to 2a00:sdfs:sdfsdf:sdfs:erre:ereee:sdf:c33a 
(2a00:sdfs:sdfsdf:sdfs:erre:ereee:sdf:c33a), 30 hops max, 80 byte packets
 1  p200300cb9733ca009ec7a6fffefd3a69.dip0.t-ipconnect.de 
(2003:cb:9733:ca00:9ec7:a6ff:fefd:3a69)  0.946 ms  3.435 ms  3.645 ms
 2  2003:0:8501::1 (2003:0:8501::1)  13.884 ms  13.839 ms  14.193 ms
 3  * * *
 4  2001:2000:3019:6b::1 (2001:2000:3019:6b::1)  86.609 ms  88.002 ms  87.874 ms
 5  ddf-b2-v6.telia.net (2001:2000:3018:21::1)  88.137 ms  89.508 ms  89.639 ms
 6  * * *
 7  2a00:6020:0:b::2 (2a00:6020:0:b::2)  81.576 ms  81.989 ms 2a00:6020:0:a::2 
(2a00:6020:0:a::2)  82.201 ms
 8  lo1007.kr1.dc1-bor.dg-ao.de (2a00:6020:1000:3::1)  86.281 ms  84.259 ms  
85.760 ms
 9  2a00:xxxx:1000:3:yyyy:7f3d:d93e:f23d (2a00:xxxx:1000:3:yyyy:7f3d:d93e:f23d) 
 88.483 ms !X  87.579 ms !X  88.447 ms !X

And here the mtr results (wg up and down)
https://1drv.ms/u/s!AvbzKdYzkh6gl0BVLcuR9eeWUaqj?e=9wKxSC
https://1drv.ms/u/s!AvbzKdYzkh6gl0HVwPz1FabOtemM?e=c7bCcB

If not, you may wish to check whether the port on the machine is reachable, 
e.g. by running `nc -v -l -u -p 12345` on your server and then executing `echo 
test | nc -u [server's IP] 12345`, to check whether the message arrives at the 
server.

I am using the machine that is here, locally as server for many tunnels. So, 
the wireguard port is reachable.
On the remote machine, I have NOT done any port forwarding. Is that neccessary 
at all? I thought that only the machine that is NOT initiating the connection 
needs a port forwarding.

Greetings,
Hendrik



Best,

Max

On 20/11/22 07:39pm, Hendrik Friedel wrote:
 Hello,

 (I posted this a while ago, but it never appeared on the list; if the list is 
the wrong place for this question, please let me know; I would appreciate a 
hint for a more appropriate place)

 I am using wireguard to connect two machines.
 My local server is connected  to the internet via a router. I am using theis 
Server also for connecting other devices (e.g. mobile phones) to my home 
network. This works great.

 But when connecting to another server (both debian 10), I only get a 
successful connection, but no ping.
 *My server:*

 wg show
 interface: wgnet0
   public key: xxxxx=
   private key: (hidden)
   listening port: 51820

 peer: sdfsdfsdfsdfsdfsdf=
   endpoint: 109.41.64.83:15167
   allowed ips: 10.192.122.2/32
   latest handshake: 1 minute, 7 seconds ago
   transfer: 10.95 MiB received, 40.35 MiB sent

 peer: yyyy=
   endpoint: 185.22.142.254:51380
   allowed ips: 10.192.122.3/32
   transfer: 0 B received, 5.20 KiB sent

 peer: yyyy=
   endpoint: 93.214.229.137:64119
   allowed ips: 10.192.122.4/32

 peer: yyyy=
   endpoint: 93.214.225.116:49819
   allowed ips: 10.192.122.5/32

 peer: yyyy=
   allowed ips: 10.192.122.6/32

 peer: yyyy=
   allowed ips: 10.192.122.7/32


 more /etc/wireguard/wgnet0.conf
 [Interface]
 Address = 10.192.122.1/24
 SaveConfig = true
 PostUp = iptables -A FORWARD -i wgnet0 -j ACCEPT; iptables -A FORWARD -o 
wgnet0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 PostDown = iptables -D FORWARD -i wgnet0 -j ACCEPT; iptables -D FORWARD -o 
wgnet0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
 ListenPort = 51820
 PrivateKey = aaa=

 [Peer]
 PublicKey = yyyy=
 AllowedIPs = 10.192.122.2/32
 Endpoint = 123.41.67.233:18314

 [Peer]
 PublicKey = xxx=
 AllowedIPs = 10.192.122.3/32
 Endpoint = 123.22.142.254:51380





 ip route
 default via 192.168.177.1 dev eth0 proto static
 10.192.122.0/24 dev wgnet0 proto kernel scope link src 10.192.122.1

 and the other side/server:

 interface: wgnet0
   public key: xxxxx=
   private key: (hidden)
   listening port: 54004
   fwmark: 0xca6c

 peer: yyyyy=
   endpoint: [2003:cb:aaa:bbb:9ec7:a6ff:fefd:3a6d]:51820
   allowed ips: 0.0.0.0/0
   transfer: 0 B received, 2.75 KiB sent
   persistent keepalive: every 25 seconds



   more wgnet0.conf
 [Interface]
 Address = 10.192.122.3/32
 PrivateKey = xxxxx=

 [Peer]
 PublicKey = yyyyy=
 Endpoint = v.myfritz.net:51820
 AllowedIPs = 0.0.0.0/0
 PersistentKeepalive = 25

 It seems to me, that the connection is successfully established , but data is 
only transmitted in one direction.

 How can I find the reason?

 Regards,
 Hendrik



Reply via email to