wg-crypt-wg0 process

Wed, 30 Dec 2020 00:20:19 -0800 

Hi

I'm playing wireguard with the namespace. I think I caught a litle problem.
If I delete netns directly, everything is removed, but wg-crypt-wg0 process is still alive.
root      8127  0.0  0.0      0     0 ?        S<   07:26 0:00 [wg-crypt-wg0] root      8143  0.0  0.0      0     0 ?        S<   07:26 0:00 [wg-crypt-wg0] root      8449  0.0  0.0      0     0 ?        S<   07:26 0:00 [wg-crypt-wg0] root      8454  0.0  0.0      0     0 ?        S<   07:26 0:00 [wg-crypt-wg0] 

If I delete first wireguard interface from the netns, everthing works fine.

wg_version:        1.0.20201221
kernel_version:       3.16.85-1

#!/bin/bash

case $1 in
    remove)
        ip link del dev bridge0 || { echo "Please add first."; exit 1; }
        ip link del dev veth1
        ip link del dev veth2
        #ip netns exec ns1 ip link del dev wg0
        #ip netns exec ns2 ip link del dev wg0
        ip netns del ns1
        ip netns del ns2
        iptables -D FORWARD -i bridge0 -o bridge0 -j ACCEPT
        rm -f /tmp/private-ns1 /tmp/private-ns2 /tmp/public-ns1 /tmp/public-ns2 
    ;;
    add)
        ip link add name bridge0 type bridge || { echo "Please remove first."; exit 1; } 
        ip link set dev bridge0 up

        ip netns add ns1
        ip netns add ns2
        ip link add name veth1 type veth peer name eth0 netns ns1
        ip link add name veth2 type veth peer name eth0 netns ns2
        ip link set dev veth1 up master bridge0
        ip link set dev veth2 up master bridge0

        ip netns exec ns1 ip link set dev lo up
        ip netns exec ns1 ip link set dev eth0 up
        ip netns exec ns1 ip addr add 10.150.150.1/24 dev eth0

        ip netns exec ns2 ip link set dev lo up
        ip netns exec ns2 ip link set dev eth0 up
        ip netns exec ns2 ip addr add 10.150.150.2/24 dev eth0

        ( umask 0077;
          wg genkey | \
          tee /tmp/private-ns1 | \
          wg pubkey > /tmp/public-ns1

          wg genkey | \
          tee /tmp/private-ns2 | \
          wg pubkey > /tmp/public-ns2
        )

        ip netns exec ns1 ip link add name wg0 type wireguard
        ip netns exec ns1 ip addr add 172.16.1.1/24 dev wg0

        ip netns exec ns2 ip link add name wg0 type wireguard
        ip netns exec ns2 ip addr add 172.16.1.2/24 dev wg0
        ip netns exec ns1 wg set wg0 private-key /tmp/private-ns1 listen-port 51820 
        ip netns exec ns1 ip link set wg0 up
        ip netns exec ns2 wg set wg0 private-key /tmp/private-ns2 listen-port 51820 
        ip netns exec ns2 ip link set wg0 up
        ip netns exec ns1 wg set wg0 peer "$(</tmp/public-ns2)" allowed-ips 172.16.1.0/24 endpoint 10.150.150.2:51820         ip netns exec ns2 wg set wg0 peer "$(</tmp/public-ns1)" allowed-ips 172.16.1.0/24 endpoint 10.150.150.1:51820 

        iptables -I FORWARD -i bridge0 -o bridge0 -j ACCEPT

        ip netns exec ns1 wg
        ip netns exec ns2 wg
        ip netns exec ns1 ping -i 0.3 -c 2 172.16.1.2 &>/dev/null && \
                          echo -e "\n\nWorked" || \
                          echo -e "\n\nFailed"
    ;;
    *)echo "$(basename $0) add|remove" ;;
esac


--
Fatih USTA

Reply via email to