Hello, I'd like to confirm that the following problem seemed to be a bug, and not configuration error: https://lists.zx2c4.com/pipermail/wireguard/2019-September/004545.html (Content dupated at the end of this email for easier reference)
On system 1 (kernel 4.15), everything worked as expected. However, on system 2 (kernel 5.4), the issue described above is observed. Regards, Michael [System 1]: Ubuntu 18.04.5 LTS 4.15.0-128-generic #131-Ubuntu SMP Wed Dec 9 06:57:35 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux [System 2]: Ubuntu 20.04.2 LTS 5.4.0-73-generic #82-Ubuntu SMP Wed Apr 14 17:39:42 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux [Policy routed packets are dropped by wireguard] Original mail: https://lists.zx2c4.com/pipermail/wireguard/2019-September/004545.html Hello! I'm looking for technical advice. Currently I'm trying to pass marked sessions through wireguard VPN network. Marking is done by cgroups classid matching: > iptables -A OUTPUT -m cgroup --cgroup 3735928559 -j MARK --set-xmark > 0x1c3/0xffffffff The only route in the `vpn` table is default routing through wg0: > ip route add default dev wg0 table vpn Routing rule is pretty simple: > ip rule add fwmark 451 table vpn Now I pass some packets on the interface: > cgexec -g net_cls:vpn ping 10.0.1.1 I see packets reaching interface but dropped in the driver: > tcpdump -i wg0 host 10.0.1.1 > ... > 6 packets dropped by interface Value in 4th column (TX drop) is increasing in the `/proc/net/dev` for wg0. If I add route to default routing table and do ping without assigning cgroup to the process then all is perfectly fine. > ip route add 10.0.1.0/24 dev wg0 > ping 10.0.1.1 > PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data. > 64 bytes from 10.0.1.1: icmp_seq=1 ttl=64 time=46.1 ms Is it some kind of a bug of misconfiguration? > uname -r > 5.2.1-gentoo Installed Gentoo package atom. > =net-vpn/wireguard-0.0.20190913 Thanks for any help!
