From: Eddie <stunnel@attglobal.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: RX Errors from Android Peer
Date: Wed, 25 Apr 2018 15:28:40 -0700 [thread overview]
Message-ID: <6e8c6b16-f131-6b45-9eee-f162a4f31099@attglobal.net> (raw)
In-Reply-To: <CAHmME9ovmNCJ4501TDpvtu9doci1Z34jS9N88csgNskxq4QrRg@mail.gmail.com>
Jason,
Not sure I follow you.
The Android app, I thought, was designed to send all traffic out via the
tunnel. It's configuration would be, in Linux format:
[Interface]
Address = 192.168.150.10/24
DNS = 192.168.0.254
PrivateKey = Android private key
[Peer]
PublicKey = Linux public key
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = MyServer.net:51820
So all the traffic sent, should be from 192.168.150.10. The
corresponding Linux configuration is:
[Interface]
PrivateKey = Linux private key
ListenPort = 51820
[Peer]
PublicKey = Android public key
AllowedIPs = 192.168.150.10/32
[Peer]
PublicKey = Laptop public key
AllowedIPs = 192.168.150.11/32
The RX errors go up immediately I connect and stop increasing when I
disconnect. They are NOT random pokes at my server from script-kiddies,
which i would have thought would have been dropped silently.
So, I don't see how the source IP wouldn't match the allowed-ip.
Cheers.
On 4/25/2018 2:18 PM, Jason A. Donenfeld wrote:
> Hi Eddie,
>
> Those RX frame errors are caused by the interface receiving packets
> that have a source IP not included in the allowed-ips list of the
> peer.
>
> https://git.zx2c4.com/WireGuard/tree/src/receive.c#n351
>
> Jason
>
>
next prev parent reply other threads:[~2018-04-25 22:27 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-25 20:14 Eddie
2018-04-25 21:18 ` Jason A. Donenfeld
2018-04-25 22:28 ` Eddie [this message]
2018-04-26 8:59 ` René van Dorst
2018-04-26 13:04 ` Jason A. Donenfeld
2018-04-26 16:09 ` Eddie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6e8c6b16-f131-6b45-9eee-f162a4f31099@attglobal.net \
--to=stunnel@attglobal.net \
--cc=Jason@zx2c4.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).