Development discussion of WireGuard
 help / color / mirror / Atom feed
From: "Linux regression tracking (Thorsten Leemhuis)" <regressions@leemhuis.info>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Linux kernel regressions list <regressions@lists.linux.dev>,
	Dan Crawford <dnlcrwfrd@gmail.com>,
	wireguard@lists.zx2c4.com
Subject: Re: Possible regression between 5.18.2 and 6.2.1
Date: Fri, 10 Mar 2023 11:21:45 +0100	[thread overview]
Message-ID: <4d4f0a83-180b-ffbe-72bf-718c4db62b39@leemhuis.info> (raw)
In-Reply-To: <CQZ7HWJCK18F.1AUR9FMHKPOXB@crawfs>

[CCing the regression list, as it should be in the loop for regressions:
https://docs.kernel.org/admin-guide/reporting-regressions.html]

[Also adding Jason to the list of recipients, as I'm not sure how
closely he follows the lists]

[TLDR: I'm adding this report to the list of tracked Linux kernel
regressions; the text you find below is based on a few templates
paragraphs you might have encountered already in similar form.
See link in footer if these mails annoy you.]

On 06.03.23 10:51, Dan Crawford wrote:
> I recently updated a server from kernel version 5.18.2 to 6.2.1 and
> discovered that WG clients could no longer connect; there were no
> changes to configs. Reverting to 5.18.2 resolves the issue.
> 
> My server config looks something like
> 
> [Interface]
> Address = 192.168.1.0/24
> ListenPort = 51820
> PrivateKey = XXX
> PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
> 
> [Peer]
> PublicKey = XXX
> AllowedIPs = 192.168.1.3/32
> 
> and my client config looks something like
> 
> 
> [Interface]
> Address = 192.168.1.3/32
> DNS = 1.1.1.1
> PrivateKey = XXX
> 
> [Peer]
> AllowedIPs = 0.0.0.0/0
> Endpoint = example.com:51820
> PublicKey = XXX
> 
> On the server I get mysterious "packet has unallowed src ip" errors.
> Playing around with various combinations of subnets and iptables
> invocations doesn't seem to help. Was there a change to the config spec
> that I missed? Or otherwise any other ideas what might be going on?

Thanks for the report. To be sure the issue doesn't fall through the
cracks unnoticed, I'm adding it to regzbot, the Linux kernel regression
tracking bot:

#regzbot ^introduced v5.18..v6.2
#regzbot title net: wireguard: clients can no longer connect
#regzbot ignore-activity

This isn't a regression? This issue or a fix for it are already
discussed somewhere else? It was fixed already? You want to clarify when
the regression started to happen? Or point out I got the title or
something else totally wrong? Then just reply and tell me -- ideally
while also telling regzbot about it, as explained by the page listed in
the footer of this mail.

Developers: When fixing the issue, remember to add 'Link:' tags pointing
to the report (the parent of this mail). See page linked in footer for
details.

Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat)
--
Everything you wanna know about Linux kernel regression tracking:
https://linux-regtracking.leemhuis.info/about/#tldr
That page also explains what to do if mails like this annoy you.

  reply	other threads:[~2023-03-10 10:46 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-03-06  9:51 Dan Crawford
2023-03-10 10:21 ` Linux regression tracking (Thorsten Leemhuis) [this message]
2023-03-30 14:39 ` Jason A. Donenfeld
2023-04-02  1:14   ` Dan Crawford
2023-04-08 12:01     ` Linux regression tracking #update (Thorsten Leemhuis)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4d4f0a83-180b-ffbe-72bf-718c4db62b39@leemhuis.info \
    --to=regressions@leemhuis.info \
    --cc=Jason@zx2c4.com \
    --cc=dnlcrwfrd@gmail.com \
    --cc=regressions@lists.linux.dev \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).