Re: wg-crypt-wg0 process

Wed, 30 Dec 2020 01:30:16 -0800

The posted script works for me, Xubuntu 20.04 kernel 5.4.0-38-generic x86_64. The first time I ran it, it deleted both [wg-crypt-wg0] instances but left one kworker process: [kworker/0:0-wg-crypt-wg0]. I then ran it again and no wg kernel processes were left. 

regards,

John

On 30/12/2020 08:19, Fatih USTA wrote:

Hi

I'm playing wireguard with the namespace. I think I caught a litle problem.
If I delete netns directly, everything is removed, but wg-crypt-wg0 process is still alive. 

root      8127  0.0  0.0      0     0 ?        S<   07:26 0:00 [wg-crypt-wg0]
root      8143  0.0  0.0      0     0 ?        S<   07:26 0:00 [wg-crypt-wg0]
root      8449  0.0  0.0      0     0 ?        S<   07:26 0:00 [wg-crypt-wg0]
root      8454  0.0  0.0      0     0 ?        S<   07:26 0:00 [wg-crypt-wg0]

If I delete first wireguard interface from the netns, everthing works fine.

wg_version:        1.0.20201221
kernel_version:       3.16.85-1

#!/bin/bash

case $1 in
     remove)
         ip link del dev bridge0 || { echo "Please add first."; exit 1; }
         ip link del dev veth1
         ip link del dev veth2
         #ip netns exec ns1 ip link del dev wg0
         #ip netns exec ns2 ip link del dev wg0
         ip netns del ns1
         ip netns del ns2
         iptables -D FORWARD -i bridge0 -o bridge0 -j ACCEPT
        rm -f /tmp/private-ns1 /tmp/private-ns2 /tmp/public-ns1 /tmp/public-ns2 
     ;;
     add)
        ip link add name bridge0 type bridge || { echo "Please remove first."; exit 1; } 
         ip link set dev bridge0 up

         ip netns add ns1
         ip netns add ns2
         ip link add name veth1 type veth peer name eth0 netns ns1
         ip link add name veth2 type veth peer name eth0 netns ns2
         ip link set dev veth1 up master bridge0
         ip link set dev veth2 up master bridge0

         ip netns exec ns1 ip link set dev lo up
         ip netns exec ns1 ip link set dev eth0 up
         ip netns exec ns1 ip addr add 10.150.150.1/24 dev eth0

         ip netns exec ns2 ip link set dev lo up
         ip netns exec ns2 ip link set dev eth0 up
         ip netns exec ns2 ip addr add 10.150.150.2/24 dev eth0

         ( umask 0077;
           wg genkey | \
           tee /tmp/private-ns1 | \
           wg pubkey > /tmp/public-ns1

           wg genkey | \
           tee /tmp/private-ns2 | \
           wg pubkey > /tmp/public-ns2
         )

         ip netns exec ns1 ip link add name wg0 type wireguard
         ip netns exec ns1 ip addr add 172.16.1.1/24 dev wg0

         ip netns exec ns2 ip link add name wg0 type wireguard
         ip netns exec ns2 ip addr add 172.16.1.2/24 dev wg0
        ip netns exec ns1 wg set wg0 private-key /tmp/private-ns1 listen-port 51820 
         ip netns exec ns1 ip link set wg0 up
        ip netns exec ns2 wg set wg0 private-key /tmp/private-ns2 listen-port 51820 
         ip netns exec ns2 ip link set wg0 up
        ip netns exec ns1 wg set wg0 peer "$(</tmp/public-ns2)" allowed-ips 172.16.1.0/24 endpoint 10.150.150.2:51820         ip netns exec ns2 wg set wg0 peer "$(</tmp/public-ns1)" allowed-ips 172.16.1.0/24 endpoint 10.150.150.1:51820 

         iptables -I FORWARD -i bridge0 -o bridge0 -j ACCEPT

         ip netns exec ns1 wg
         ip netns exec ns2 wg
         ip netns exec ns1 ping -i 0.3 -c 2 172.16.1.2 &>/dev/null && \
                           echo -e "\n\nWorked" || \
                           echo -e "\n\nFailed"
     ;;
     *)echo "$(basename $0) add|remove" ;;
esac

Reply via email to