Hello,
in the mail below the mtr results as picture, as "mtr" opens a GUI for
me.
Here the results again, but from the commandline:
homeserver.fritz.box (2003:xxxxxxxxx:feaa:27bb)
2020-11-28T17:39:11+0100
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host
Loss% Snt Last Avg Best
Wrst StDev
1. p200300cb972aa0009ec7a6fffefd3a69.dip0.t-ipconnect.de
0.0% 15 0.5 0.5 0.5
0.7 0.1
2. 2003:0:8501::1
0.0% 15 7.9 13.1 7.5
47.7 11.1
3. ???
4. ???
5. ddf-b2-v6.telia.net
0.0% 14 75.9 81.7 75.9
96.7 5.0
6. glasfaser-svc070650-ic356771.c.telia.net
76.9% 14 78.2 81.0 78.2
82.4 2.4
7. 2a00:6020:0:a::2
0.0% 14 82.5 79.7 72.0
83.2 3.4
8. lo1007.kr1.dc1-bor.dg-ao.de
0.0% 14 81.8 82.9 68.1
87.6 4.9
9. 2a00:6020:1000:3:dd0e:7f3d:d93e:f23d
0.0% 14 84.0 85.6 71.6
90.5 5.0
10. 2a00:yyyyyyyyyyy:fe7f:c33a
0.0% 14 84.3 84.1 77.4 88.9 3.8
and in the opposite direction
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host
Loss% Snt Last Avg Best
Wrst StDev
1. fritz.box
0.0% 15 0.5 0.5 0.4
0.8 0.0
2. ???
3. 2a00:6020:0:a::1
20.0% 15 7.5 7.6 7.5
8.5 0.0
4. ddf-b2-link.telia.net
0.0% 15 6.2 7.7 6.0
26.8 5.3
5. ???
6. hbg-b2-v6.telia.net
26.7% 15 12.9 13.0 12.8
14.0 0.0
7. 2003:0:1400:c004::1
33.3% 15 71.6 72.1 68.7
75.9 2.8
8. 2003:0:8501::1
0.0% 14 80.2 76.9 69.1
80.3 3.1
9. ddddddddddddd.dip0.t-ipconnect.de
0.0% 14 83.6 85.4 66.0 92.9 6.2
There are many packet losses, as far as I see.
But also many packets seem to go through (never 100% loss).
Does that help?
Regards,
Hendrik
------ Originalnachricht ------
Von: "Hendrik Friedel" <[email protected]>
An: "Max R. P. Grossmann" <[email protected]>
Cc: [email protected]
Gesendet: 23.11.2020 21:37:24
Betreff: Re[2]: Connection works, ping does not
Hello Max,
thanks for your reply.
Could it be that some kind of firewall is restricting UDP traffic to your other
server?
Well, locally, I do use this machine as Host for many tunnels.
E.g. could you try to run `mtr --udp [other server's public IP address]` on
your computer (while disabling your other WireGuard connection, if applicable)
and report back whether there is any kind of packet loss?
I used traceroute on the commandline for this:
Remote_
wg-quick up wgnet0
[#] ip link add wgnet0 type wireguard
[#] wg setconf wgnet0 /dev/fd/63
[#] ip -4 address add 10.192.122.3/32 dev wgnet0
[#] ip link set mtu 1420 up dev wgnet0
[#] wg set wgnet0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wgnet0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
root@openmediavault:/etc/wireguard# wg show
interface: wgnet0
public key: cebXSaxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxMFw=
private key: (hidden)
listening port: 42759
fwmark: 0xca6c
peer: oNjmmmmmmmmmmmmmmmmmmmmmmmmmmmmU=
endpoint: [2003:cb:97ff:33d8:9ec7:a6ff:fefd:3a6d]:51820
allowed ips: 0.0.0.0/0
transfer: 0 B received, 444 B sent
persistent keepalive: every 25 seconds
Local:
traceroute to 2a00:sdfs:sdfsdf:sdfs:erre:ereee:sdf:c33a
(2a00:sdfs:sdfsdf:sdfs:erre:ereee:sdf:c33a), 30 hops max, 80 byte packets
1 p200300cb9733ca009ec7a6fffefd3a69.dip0.t-ipconnect.de
(2003:cb:9733:ca00:9ec7:a6ff:fefd:3a69) 0.946 ms 3.435 ms 3.645 ms
2 2003:0:8501::1 (2003:0:8501::1) 13.884 ms 13.839 ms 14.193 ms
3 * * *
4 2001:2000:3019:6b::1 (2001:2000:3019:6b::1) 86.609 ms 88.002 ms 87.874 ms
5 ddf-b2-v6.telia.net (2001:2000:3018:21::1) 88.137 ms 89.508 ms 89.639 ms
6 * * *
7 2a00:6020:0:b::2 (2a00:6020:0:b::2) 81.576 ms 81.989 ms 2a00:6020:0:a::2
(2a00:6020:0:a::2) 82.201 ms
8 lo1007.kr1.dc1-bor.dg-ao.de (2a00:6020:1000:3::1) 86.281 ms 84.259 ms
85.760 ms
9 2a00:xxxx:1000:3:yyyy:7f3d:d93e:f23d (2a00:xxxx:1000:3:yyyy:7f3d:d93e:f23d)
88.483 ms !X 87.579 ms !X 88.447 ms !X
And here the mtr results (wg up and down)
https://1drv.ms/u/s!AvbzKdYzkh6gl0BVLcuR9eeWUaqj?e=9wKxSC
https://1drv.ms/u/s!AvbzKdYzkh6gl0HVwPz1FabOtemM?e=c7bCcB
If not, you may wish to check whether the port on the machine is reachable,
e.g. by running `nc -v -l -u -p 12345` on your server and then executing `echo
test | nc -u [server's IP] 12345`, to check whether the message arrives at the
server.
I am using the machine that is here, locally as server for many tunnels. So,
the wireguard port is reachable.
On the remote machine, I have NOT done any port forwarding. Is that neccessary
at all? I thought that only the machine that is NOT initiating the connection
needs a port forwarding.
Greetings,
Hendrik
Best,
Max
On 20/11/22 07:39pm, Hendrik Friedel wrote:
Hello,
(I posted this a while ago, but it never appeared on the list; if the list is
the wrong place for this question, please let me know; I would appreciate a
hint for a more appropriate place)
I am using wireguard to connect two machines.
My local server is connected to the internet via a router. I am using theis
Server also for connecting other devices (e.g. mobile phones) to my home
network. This works great.
But when connecting to another server (both debian 10), I only get a
successful connection, but no ping.
*My server:*
wg show
interface: wgnet0
public key: xxxxx=
private key: (hidden)
listening port: 51820
peer: sdfsdfsdfsdfsdfsdf=
endpoint: 109.41.64.83:15167
allowed ips: 10.192.122.2/32
latest handshake: 1 minute, 7 seconds ago
transfer: 10.95 MiB received, 40.35 MiB sent
peer: yyyy=
endpoint: 185.22.142.254:51380
allowed ips: 10.192.122.3/32
transfer: 0 B received, 5.20 KiB sent
peer: yyyy=
endpoint: 93.214.229.137:64119
allowed ips: 10.192.122.4/32
peer: yyyy=
endpoint: 93.214.225.116:49819
allowed ips: 10.192.122.5/32
peer: yyyy=
allowed ips: 10.192.122.6/32
peer: yyyy=
allowed ips: 10.192.122.7/32
more /etc/wireguard/wgnet0.conf
[Interface]
Address = 10.192.122.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wgnet0 -j ACCEPT; iptables -A FORWARD -o
wgnet0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wgnet0 -j ACCEPT; iptables -D FORWARD -o
wgnet0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = aaa=
[Peer]
PublicKey = yyyy=
AllowedIPs = 10.192.122.2/32
Endpoint = 123.41.67.233:18314
[Peer]
PublicKey = xxx=
AllowedIPs = 10.192.122.3/32
Endpoint = 123.22.142.254:51380
ip route
default via 192.168.177.1 dev eth0 proto static
10.192.122.0/24 dev wgnet0 proto kernel scope link src 10.192.122.1
and the other side/server:
interface: wgnet0
public key: xxxxx=
private key: (hidden)
listening port: 54004
fwmark: 0xca6c
peer: yyyyy=
endpoint: [2003:cb:aaa:bbb:9ec7:a6ff:fefd:3a6d]:51820
allowed ips: 0.0.0.0/0
transfer: 0 B received, 2.75 KiB sent
persistent keepalive: every 25 seconds
more wgnet0.conf
[Interface]
Address = 10.192.122.3/32
PrivateKey = xxxxx=
[Peer]
PublicKey = yyyyy=
Endpoint = v.myfritz.net:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
It seems to me, that the connection is successfully established , but data is
only transmitted in one direction.
How can I find the reason?
Regards,
Hendrik
