Development discussion of WireGuard
 help / color / Atom feed
* two client connections -> crash?
@ 2020-07-13 18:53 wireguard
  2020-07-13 23:51 ` Jason A. Donenfeld
  2020-07-14 10:11 ` M. Dietrich
  0 siblings, 2 replies; 7+ messages in thread
From: wireguard @ 2020-07-13 18:53 UTC (permalink / raw)
  To: 'WireGuard mailing list'

I am trying to configure one client system (Ubuntu 18.04.4 LTS (GNU/Linux 5.3.0-62-generic x86_64)) against two servers. The configuration is very similar:

root@Mailcow:/home/joachim# cat /etc/wireguard/wg0-client.conf
[Interface]
Address = 10.200.200.2/24
PrivateKey = ***
DNS = 8.8.8.8 #10.200.200.1

[Peer]
PublicKey = qn6CTz578gbrYpzYkvV2okoqkIFHKye+mRj4i/I8Sz8=
Endpoint = fire.lindenberg.one:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 21

root@Mailcow:/home/joachim# cat /etc/wireguard/wg1-client.conf
[Interface]
Address = 10.200.201.2/24
PrivateKey = ***
DNS = 8.8.8.8 #10.200.200.1

[Peer]
PublicKey = QAJANxtuAvdT+HR3fP1I2DXq0Azl0T3jF5s+cW7foSA=
Endpoint = nc.lindenberg.one:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 21

Wg-quick up wg0-client ist at system startup. Now unfortunately when I do wg-quick up wg1-client the network stack kind of crashes. The command does not terminate, and connectivity on all interfaces is broken.
Is this a configuration issue? Should I change ports to be different? Is there some other issue?
Do I have to define two interfaces or could I have just one with multiple peers? But how could I then specify which tunnel to use?

Any suggestion welcome..
Thanks, Joachim




^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: two client connections -> crash?
  2020-07-13 18:53 two client connections -> crash? wireguard
@ 2020-07-13 23:51 ` Jason A. Donenfeld
  2020-07-14 10:11 ` M. Dietrich
  1 sibling, 0 replies; 7+ messages in thread
From: Jason A. Donenfeld @ 2020-07-13 23:51 UTC (permalink / raw)
  To: Joachim Lindenberg; +Cc: WireGuard mailing list

If there's a crash, dmesg should show something. Do you see an "OOPS" in there?

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: two client connections -> crash?
  2020-07-13 18:53 two client connections -> crash? wireguard
  2020-07-13 23:51 ` Jason A. Donenfeld
@ 2020-07-14 10:11 ` M. Dietrich
  2020-07-14 13:43   ` AW: " Joachim Lindenberg
  1 sibling, 1 reply; 7+ messages in thread
From: M. Dietrich @ 2020-07-14 10:11 UTC (permalink / raw)
  To: wireguard, 'WireGuard mailing list'


Quotation from wireguard@lindenberg.one at Juli 13, 2020 20:53:
> I am trying to configure one client system (Ubuntu 18.04.4 
> LTS (GNU/Linux 5.3.0-62-generic x86_64)) against two 
> servers. The configuration is very similar:
> 
> root@Mailcow:/home/joachim# cat /etc/wireguard/wg0-client.conf
> [Interface]
> Address = 10.200.200.2/24
> PrivateKey = ***
> DNS = 8.8.8.8 #10.200.200.1
> 
> [Peer]
> PublicKey = qn6CTz578gbrYpzYkvV2okoqkIFHKye+mRj4i/I8Sz8=
> Endpoint = fire.lindenberg.one:51820
> AllowedIPs = 0.0.0.0/0
> PersistentKeepalive = 21
> 
> root@Mailcow:/home/joachim# cat /etc/wireguard/wg1-client.conf
> [Interface]
> Address = 10.200.201.2/24
> PrivateKey = ***
> DNS = 8.8.8.8 #10.200.200.1
> 
> [Peer]
> PublicKey = QAJANxtuAvdT+HR3fP1I2DXq0Azl0T3jF5s+cW7foSA=
> Endpoint = nc.lindenberg.one:51820
> AllowedIPs = 0.0.0.0/0
> PersistentKeepalive = 21
> 
> Wg-quick up wg0-client ist at system startup. Now 
> unfortunately when I do wg-quick up wg1-client the network 
> stack kind of crashes. The command does not terminate, and 
> connectivity on all interfaces is broken.
> Is this a configuration issue? Should I change ports to be 
> different? Is there some other issue?

The ports are fine because the IPs are different. You use the 
same AllowedIPs for both. And they cover the whole network. 
This cannot work. What is the intention of that config?

> Do I have to define two interfaces or could I have just one 
> with multiple peers? But how could I then specify which 
> tunnel to use?

Depends on what you want to achieve. Sure you can use multiple 
peers for one interface.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* AW: two client connections -> crash?
  2020-07-14 10:11 ` M. Dietrich
@ 2020-07-14 13:43   ` Joachim Lindenberg
  2020-07-14 13:50     ` Xand Meaden
  2020-07-14 17:54     ` M. Dietrich
  0 siblings, 2 replies; 7+ messages in thread
From: Joachim Lindenberg @ 2020-07-14 13:43 UTC (permalink / raw)
  To: 'M. Dietrich'; +Cc: wireguard

Good observation. I never really understood  what IPs I should put there and also didn´t find a good  documentation on that. And obviously with one connection it wasn´t that important to get it right. What IP addresses or network should AllowedIPs refer to? Client? Server? Tunnel?
Thanks, Joachim

-----Ursprüngliche Nachricht-----
Von: M. Dietrich <mdt@emdete.de> 
Gesendet: Tuesday, 14 July 2020 12:11
An: wireguard@lindenberg.one; 'WireGuard mailing list' <wireguard@lists.zx2c4.com>
Betreff: Re: two client connections -> crash?


Quotation from wireguard@lindenberg.one at Juli 13, 2020 20:53:
> I am trying to configure one client system (Ubuntu 18.04.4 LTS 
> (GNU/Linux 5.3.0-62-generic x86_64)) against two servers. The 
> configuration is very similar:
> 
> root@Mailcow:/home/joachim# cat /etc/wireguard/wg0-client.conf 
> [Interface] Address = 10.200.200.2/24 PrivateKey = *** DNS = 8.8.8.8 
> #10.200.200.1
> 
> [Peer]
> PublicKey = qn6CTz578gbrYpzYkvV2okoqkIFHKye+mRj4i/I8Sz8=
> Endpoint = fire.lindenberg.one:51820
> AllowedIPs = 0.0.0.0/0
> PersistentKeepalive = 21
> 
> root@Mailcow:/home/joachim# cat /etc/wireguard/wg1-client.conf 
> [Interface] Address = 10.200.201.2/24 PrivateKey = *** DNS = 8.8.8.8 
> #10.200.200.1
> 
> [Peer]
> PublicKey = QAJANxtuAvdT+HR3fP1I2DXq0Azl0T3jF5s+cW7foSA=
> Endpoint = nc.lindenberg.one:51820
> AllowedIPs = 0.0.0.0/0
> PersistentKeepalive = 21
> 
> Wg-quick up wg0-client ist at system startup. Now unfortunately when I 
> do wg-quick up wg1-client the network stack kind of crashes. The 
> command does not terminate, and connectivity on all interfaces is 
> broken.
> Is this a configuration issue? Should I change ports to be different? 
> Is there some other issue?

The ports are fine because the IPs are different. You use the same AllowedIPs for both. And they cover the whole network. 
This cannot work. What is the intention of that config?

> Do I have to define two interfaces or could I have just one with 
> multiple peers? But how could I then specify which tunnel to use?

Depends on what you want to achieve. Sure you can use multiple peers for one interface.


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: AW: two client connections -> crash?
  2020-07-14 13:43   ` AW: " Joachim Lindenberg
@ 2020-07-14 13:50     ` Xand Meaden
  2020-07-20 14:23       ` AW: " wireguard
  2020-07-14 17:54     ` M. Dietrich
  1 sibling, 1 reply; 7+ messages in thread
From: Xand Meaden @ 2020-07-14 13:50 UTC (permalink / raw)
  To: wireguard

[-- Attachment #1.1: Type: text/plain, Size: 2694 bytes --]

"AllowedIPs" is the list of IP addresses/subnets that should be routed
via that wireguard tunnel. In your case you've set both tunnels to be
default route (0.0.0.0/0) for IPv4 traffic.

So it depends on what is the other end of each tunnel - and what you
want the tunnel to be used for. AllowedIPs might just be the private IP
address of each peer if you just want to communicate with that.

Xand

On 14/07/2020 14:43, Joachim Lindenberg wrote:
> Good observation. I never really understood  what IPs I should put there and also didn´t find a good  documentation on that. And obviously with one connection it wasn´t that important to get it right. What IP addresses or network should AllowedIPs refer to? Client? Server? Tunnel?
> Thanks, Joachim
>
> -----Ursprüngliche Nachricht-----
> Von: M. Dietrich <mdt@emdete.de> 
> Gesendet: Tuesday, 14 July 2020 12:11
> An: wireguard@lindenberg.one; 'WireGuard mailing list' <wireguard@lists.zx2c4.com>
> Betreff: Re: two client connections -> crash?
>
>
> Quotation from wireguard@lindenberg.one at Juli 13, 2020 20:53:
>> I am trying to configure one client system (Ubuntu 18.04.4 LTS 
>> (GNU/Linux 5.3.0-62-generic x86_64)) against two servers. The 
>> configuration is very similar:
>>
>> root@Mailcow:/home/joachim# cat /etc/wireguard/wg0-client.conf 
>> [Interface] Address = 10.200.200.2/24 PrivateKey = *** DNS = 8.8.8.8 
>> #10.200.200.1
>>
>> [Peer]
>> PublicKey = qn6CTz578gbrYpzYkvV2okoqkIFHKye+mRj4i/I8Sz8=
>> Endpoint = fire.lindenberg.one:51820
>> AllowedIPs = 0.0.0.0/0
>> PersistentKeepalive = 21
>>
>> root@Mailcow:/home/joachim# cat /etc/wireguard/wg1-client.conf 
>> [Interface] Address = 10.200.201.2/24 PrivateKey = *** DNS = 8.8.8.8 
>> #10.200.200.1
>>
>> [Peer]
>> PublicKey = QAJANxtuAvdT+HR3fP1I2DXq0Azl0T3jF5s+cW7foSA=
>> Endpoint = nc.lindenberg.one:51820
>> AllowedIPs = 0.0.0.0/0
>> PersistentKeepalive = 21
>>
>> Wg-quick up wg0-client ist at system startup. Now unfortunately when I 
>> do wg-quick up wg1-client the network stack kind of crashes. The 
>> command does not terminate, and connectivity on all interfaces is 
>> broken.
>> Is this a configuration issue? Should I change ports to be different? 
>> Is there some other issue?
> The ports are fine because the IPs are different. You use the same AllowedIPs for both. And they cover the whole network. 
> This cannot work. What is the intention of that config?
>
>> Do I have to define two interfaces or could I have just one with 
>> multiple peers? But how could I then specify which tunnel to use?
> Depends on what you want to achieve. Sure you can use multiple peers for one interface.
>


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: AW: two client connections -> crash?
  2020-07-14 13:43   ` AW: " Joachim Lindenberg
  2020-07-14 13:50     ` Xand Meaden
@ 2020-07-14 17:54     ` M. Dietrich
  1 sibling, 0 replies; 7+ messages in thread
From: M. Dietrich @ 2020-07-14 17:54 UTC (permalink / raw)
  To: Joachim Lindenberg; +Cc: wireguard


[-- Attachment #1: Type: text/plain, Size: 1600 bytes --]

Quotation from Joachim Lindenberg at Juli 14, 2020 15:43:
> didn´t find a good documentation on that.

Oh, there is, one doesnt recognize in the first place as a 
beginner. ;)

> And obviously with one connection it wasn´t that 
> important to get it right.

depends on your demand. so if you put your setting 0.0.0.0/0 
there all traffic goes into that tunnel. if the other end 
doesnt know how to react this wont work neither. it's a 
typical setup where you want to reach the internet via a VPN.

if you want to connect boxes into a network to be securly 
reachable to each other this is a completly different demand. 
you just give each box an IP and tell wiregard where to find 
it.

> What IP addresses or network 
> should AllowedIPs refer to? Client? Server? Tunnel?

there isnt really a client or server in wg. ;)

i typically use a star-topology for that. there is a box in 
the middle, all others connect to that middle box. all the 
boxes are in the network 172.16.0.0 and are numbered 
172.16.0.1, 172.16.0.2, ...

the middle box has entries for each peer like

[Peer]
PublicKey = <key of the connecting box>
AllowedIPs = 172.16.0.1/32
...

while the box itself has an entry

[Peer]
PublicKey = <key of the center box>
AllowedIPs = 172.16.0.0/12
...

for the peer and the IP configured for the interface:

[Interface]
Address = 172.16.0.1
...

that should do. i agree: the setup is a bit notchy to 
maintain but there are tools for that. i still do it manually 
but i dont have that much peers.

best regards, Michael
M. Dietrich

[-- Attachment #2: Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* AW: AW: two client connections -> crash?
  2020-07-14 13:50     ` Xand Meaden
@ 2020-07-20 14:23       ` wireguard
  0 siblings, 0 replies; 7+ messages in thread
From: wireguard @ 2020-07-20 14:23 UTC (permalink / raw)
  To: wireguard

Hello,
thanks for pointing that out. Actually the idea was to switch over my VPN endpoint from one VPS to another one, thus the any address route (0.0.0.0/0) was correct, but now it is clear to me it does not make sense really to have any address twice. I am trying to test the new endpoint with a dedicated machine now (which fails to install wireguard).
But I am still wondering why the network stack kind of crashes. Even with a bullshit configuration like I did, imho this should never happen.
Thanks, Joachim

-----Ursprüngliche Nachricht-----
Von: WireGuard <wireguard-bounces@lists.zx2c4.com> Im Auftrag von Xand Meaden
Gesendet: Tuesday, 14 July 2020 15:50
An: wireguard@lists.zx2c4.com
Betreff: Re: AW: two client connections -> crash?

"AllowedIPs" is the list of IP addresses/subnets that should be routed via that wireguard tunnel. In your case you've set both tunnels to be default route (0.0.0.0/0) for IPv4 traffic.

So it depends on what is the other end of each tunnel - and what you want the tunnel to be used for. AllowedIPs might just be the private IP address of each peer if you just want to communicate with that.

Xand

On 14/07/2020 14:43, Joachim Lindenberg wrote:
> Good observation. I never really understood  what IPs I should put there and also didn´t find a good  documentation on that. And obviously with one connection it wasn´t that important to get it right. What IP addresses or network should AllowedIPs refer to? Client? Server? Tunnel?
> Thanks, Joachim
>
> -----Ursprüngliche Nachricht-----
> Von: M. Dietrich <mdt@emdete.de>
> Gesendet: Tuesday, 14 July 2020 12:11
> An: wireguard@lindenberg.one; 'WireGuard mailing list' 
> <wireguard@lists.zx2c4.com>
> Betreff: Re: two client connections -> crash?
>
>
> Quotation from wireguard@lindenberg.one at Juli 13, 2020 20:53:
>> I am trying to configure one client system (Ubuntu 18.04.4 LTS 
>> (GNU/Linux 5.3.0-62-generic x86_64)) against two servers. The 
>> configuration is very similar:
>>
>> root@Mailcow:/home/joachim# cat /etc/wireguard/wg0-client.conf 
>> [Interface] Address = 10.200.200.2/24 PrivateKey = *** DNS = 8.8.8.8
>> #10.200.200.1
>>
>> [Peer]
>> PublicKey = qn6CTz578gbrYpzYkvV2okoqkIFHKye+mRj4i/I8Sz8=
>> Endpoint = fire.lindenberg.one:51820
>> AllowedIPs = 0.0.0.0/0
>> PersistentKeepalive = 21
>>
>> root@Mailcow:/home/joachim# cat /etc/wireguard/wg1-client.conf 
>> [Interface] Address = 10.200.201.2/24 PrivateKey = *** DNS = 8.8.8.8
>> #10.200.200.1
>>
>> [Peer]
>> PublicKey = QAJANxtuAvdT+HR3fP1I2DXq0Azl0T3jF5s+cW7foSA=
>> Endpoint = nc.lindenberg.one:51820
>> AllowedIPs = 0.0.0.0/0
>> PersistentKeepalive = 21
>>
>> Wg-quick up wg0-client ist at system startup. Now unfortunately when 
>> I do wg-quick up wg1-client the network stack kind of crashes. The 
>> command does not terminate, and connectivity on all interfaces is 
>> broken.
>> Is this a configuration issue? Should I change ports to be different? 
>> Is there some other issue?
> The ports are fine because the IPs are different. You use the same AllowedIPs for both. And they cover the whole network. 
> This cannot work. What is the intention of that config?
>
>> Do I have to define two interfaces or could I have just one with 
>> multiple peers? But how could I then specify which tunnel to use?
> Depends on what you want to achieve. Sure you can use multiple peers for one interface.
>



^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, back to index

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-13 18:53 two client connections -> crash? wireguard
2020-07-13 23:51 ` Jason A. Donenfeld
2020-07-14 10:11 ` M. Dietrich
2020-07-14 13:43   ` AW: " Joachim Lindenberg
2020-07-14 13:50     ` Xand Meaden
2020-07-20 14:23       ` AW: " wireguard
2020-07-14 17:54     ` M. Dietrich

Development discussion of WireGuard

Archives are clonable: git clone --mirror http://inbox.vuxu.org/wireguard

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.wireguard


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git