* wireguard broke with recent update on fedora 31
@ 2019-12-31 12:03 Barry Scott
2020-01-02 20:11 ` Jason A. Donenfeld
0 siblings, 1 reply; 6+ messages in thread
From: Barry Scott @ 2019-12-31 12:03 UTC (permalink / raw)
To: WireGuard mailing list
I had wireguard working but the recent update of somethng has broken it.
I'm happy to help debug, run test code.
My server end is fedora 31, which is up to date.
kernel-5.3.16-300.fc31.x86_64
wireguard-dkms-0.0.20191226-1.fc31.noarch
wireguard-tools-1.0.20191226-1.fc31.x86_64
The server has 2 phys interfaces, external that is connected to the internet (no NAT)
and internal that is home network. I uses systemd-networkd for the phys interfaces.
wireguard uses a service that runnings these commands to start it up.
ip link add wg0 type wireguard
wg setconf wg0 /etc/wireguard/wg0.conf
ip -4 address add 172.16.4.1/24 dev wg0
ip link set mtu 1420 up dev wg0
(I also tried a smaller MTU, 1280, with no change).
I use firewalld configured to allow access through wg0.
I have also turned off firewalld to eliminate iptables rules
as a source of problem.
$ wg
interface: wg0
public key: KNwXI8p8zJVed81RI3WhHQuYEUxIe0/PDP77Z2YSKTI=
private key: (hidden)
listening port: 51820
peer: bXUXQRJ9e2RXuxpSofQPVsvGMb5idhZiiF3lTOs1PRQ=
endpoint: 213.205.240.12:43029
allowed ips: (none)
latest handshake: 33 seconds ago
transfer: 1.02 KiB received, 3.11 KiB sent
persistent keepalive: every 30 seconds
peer: JGxzN0iT+WIL2rltsWfaKD1IFC/f7b/AxF9peecTDEU=
allowed ips: (none)
persistent keepalive: every 30 seconds
peer: hom+2y5nNr9UnsSeyNJvWS6RkvnbTQOWwd8Zopsuzwo=
allowed ips: 0.0.0.0/0
persistent keepalive: every 30 seconds
peer bX... is an Android phone running wireguard v0.0.20191220.
A tcpdump show 2 ways comms with the phone
$ tcpdump -n -i external port 51820
11:35:09.545035 IP 213.205.240.12.43029 > 86.19.118.184.51820: UDP, length 112
11:35:09.792170 IP 86.19.118.184.51820 > 213.205.240.12.43029: UDP, length 32
11:35:14.533234 IP 213.205.240.12.43029 > 86.19.118.184.51820: UDP, length 112
11:35:14.800147 IP 213.205.240.12.43029 > 86.19.118.184.51820: UDP, length 148
11:35:14.802647 IP 86.19.118.184.51820 > 213.205.240.12.43029: UDP, length 92
... etc...
But I see nothing for "tcpdump -i wg0". And these stats:
$ ip -s addr show wg0
4: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 172.16.4.1/24 scope global wg0
valid_lft forever preferred_lft forever
RX: bytes packets errors dropped overrun mcast
180 2 1 0 0 0
TX: bytes packets errors dropped carrier collsns
92 1 0 3 0 0
Run test from phone here. Turn on wireguard, attempt to browse to http://172.16.4.1.
$ ip -s addr show wg0
4: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 172.16.4.1/24 scope global wg0
valid_lft forever preferred_lft forever
RX: bytes packets errors dropped overrun mcast
180 2 28 0 0 0
TX: bytes packets errors dropped carrier collsns
188 4 0 3 0 0
The RX errors have increased. dmesg is dull.
Barry
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: wireguard broke with recent update on fedora 31
2019-12-31 12:03 wireguard broke with recent update on fedora 31 Barry Scott
@ 2020-01-02 20:11 ` Jason A. Donenfeld
2020-01-02 22:58 ` Barry
0 siblings, 1 reply; 6+ messages in thread
From: Jason A. Donenfeld @ 2020-01-02 20:11 UTC (permalink / raw)
To: Barry Scott, WireGuard mailing list
On 12/31/19 1:03 PM, Barry Scott wrote:
> I had wireguard working but the recent update of somethng has broken it.
Does downgrading fix it? If not, something else is broken. Can you test
that first?
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: wireguard broke with recent update on fedora 31
2020-01-02 20:11 ` Jason A. Donenfeld
@ 2020-01-02 22:58 ` Barry
2020-01-03 17:24 ` Joe Doss
0 siblings, 1 reply; 6+ messages in thread
From: Barry @ 2020-01-02 22:58 UTC (permalink / raw)
To: Jason A. Donenfeld; +Cc: WireGuard mailing list
> On 2 Jan 2020, at 20:11, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
> On 12/31/19 1:03 PM, Barry Scott wrote:
>> I had wireguard working but the recent update of somethng has broken it.
>
> Does downgrading fix it? If not, something else is broken. Can you test that first?
I already tried that. Dnf says the files needed to downgrade are no longer available.
I did not double check the files in the copr repo folder to see if they can be curl’ed.
I do that check tomorrow.
Barry
>
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: wireguard broke with recent update on fedora 31
2020-01-02 22:58 ` Barry
@ 2020-01-03 17:24 ` Joe Doss
2020-01-03 17:53 ` Joe Doss
0 siblings, 1 reply; 6+ messages in thread
From: Joe Doss @ 2020-01-03 17:24 UTC (permalink / raw)
To: wireguard
[-- Attachment #1: Type: text/plain, Size: 431 bytes --]
On 1/2/20 4:58 PM, Barry wrote:
> I already tried that. Dnf says the files needed to downgrade are no longer available.
> I did not double check the files in the copr repo folder to see if they can be curl’ed.
> I do that check tomorrow.
The old builds got mucked up when we moved to the new repos. I will push
a few of the older versions to copr so you can try downgrading.
Joe
--
Joe Doss
joe@solidadmin.com
[-- Attachment #2: pEpkey.asc --]
[-- Type: application/pgp-keys, Size: 1783 bytes --]
[-- Attachment #3: Type: text/plain, Size: 148 bytes --]
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: wireguard broke with recent update on fedora 31
2020-01-03 17:24 ` Joe Doss
@ 2020-01-03 17:53 ` Joe Doss
2020-01-05 21:38 ` Barry Scott
0 siblings, 1 reply; 6+ messages in thread
From: Joe Doss @ 2020-01-03 17:53 UTC (permalink / raw)
To: wireguard
[-- Attachment #1: Type: text/plain, Size: 312 bytes --]
Hey Barry,
Some older versions are building now:
https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/builds/
I have not tested them as I had to make some changes so the old repo
sources to build the src RPMs. Let me know if you run into any issues.
Joe
--
Joe Doss
joe@solidadmin.com
[-- Attachment #2: pEpkey.asc --]
[-- Type: application/pgp-keys, Size: 1783 bytes --]
[-- Attachment #3: Type: text/plain, Size: 148 bytes --]
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: wireguard broke with recent update on fedora 31
2020-01-03 17:53 ` Joe Doss
@ 2020-01-05 21:38 ` Barry Scott
0 siblings, 0 replies; 6+ messages in thread
From: Barry Scott @ 2020-01-05 21:38 UTC (permalink / raw)
To: WireGuard mailing list
> On 3 Jan 2020, at 17:53, Joe Doss <joe@solidadmin.com> wrote:
>
> Hey Barry,
>
> Some older versions are building now:
>
> https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/builds/
>
> I have not tested them as I had to make some changes so the old repo
> sources to build the src RPMs. Let me know if you run into any issues.
dnf downgrade put me in this state:
$ rpm -qa | grep wireguard
wireguard-dkms-0.0.20191219-1.fc31.noarch
wireguard-tools-1.0.20200102-1.fc31.x86_64
$ uname -r
5.3.12-300.fc31.x86_64
But wireguard is not working.
Looking at the dnf history I think this is the point at which it went from working to not working.
$ dnf history info 97 | grep -e kernel -e wireguard -e Begin
Begin time : Tue 10 Dec 2019 12:49:28 GMT
Begin rpmdb : 527:133702206fb808b6a14cfbbd59ce0971e85d1f6c
Install kernel-5.3.15-300.fc31.x86_64 @updates
Install kernel-core-5.3.15-300.fc31.x86_64 @updates
Install kernel-devel-5.3.15-300.fc31.x86_64 @updates
Install kernel-modules-5.3.15-300.fc31.x86_64 @updates
Upgrade wireguard-dkms-1:0.0.20191206-1.fc31.noarch @jdoss-wireguard
Upgraded wireguard-dkms-1:0.0.20191127-1.fc31.noarch @@System
Upgrade wireguard-tools-1:0.0.20191206-1.fc31.x86_64 @jdoss-wireguard
Upgraded wireguard-tools-1:0.0.20191127-1.fc31.x86_64 @@System
Removed kernel-5.3.8-300.fc31.x86_64 @@System
Removed kernel-core-5.3.8-300.fc31.x86_64 @@System
Removed kernel-devel-5.3.8-300.fc31.x86_64 @@System
Removed kernel-modules-5.3.8-300.fc31.x86_64 @@System
If that is the change that introduced the break then I need the 2019 11 27 version
for the next bisect test.
Barry
>
> Joe
>
>
>
> --
> Joe Doss
> joe@solidadmin.com
> <pEpkey.asc>_______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-01-09 6:02 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-31 12:03 wireguard broke with recent update on fedora 31 Barry Scott
2020-01-02 20:11 ` Jason A. Donenfeld
2020-01-02 22:58 ` Barry
2020-01-03 17:24 ` Joe Doss
2020-01-03 17:53 ` Joe Doss
2020-01-05 21:38 ` Barry Scott
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).