From: Simon Rozman <simon@rozman.si>
To: Kilian Schauer <kilian@schauer.tech>,
"wireguard@lists.zx2c4.com" <wireguard@lists.zx2c4.com>
Subject: RE: WireGuard-Windows sets wrong gateway IP address in routes
Date: Thu, 12 Dec 2019 10:21:42 +0000 [thread overview]
Message-ID: <99D61A626FDA8A4B90A270669121BE10D0597C6E@PLANJAVA.amebis.doma> (raw)
In-Reply-To: <5051349.o0j8OtQRaE@ki-pc-ku>
[-- Attachment #1.1: Type: text/plain, Size: 1426 bytes --]
> it appears I found a bug in the Windows implementation of the WireGuard
> client.
> I'm not sure, because it seems to be a rather trivial one, but I guess
> you will tell me if it's not the case.
It's not the case.
Windows will know correctly to send packets to the WireGuard interface. Mind
the "Interface" column in your "route print" output.
Once Windows sends packets to the WireGuard interface, WireGuard will handle
the rest: tunnel them to the appropriate peer according to AllowedIPs.
> So: When you activate a configured tunnel, WG sets the very first IP
> address of a network as gateway, instead of the first usable address.
>
> That means, if you have a VPN (sub)net like 10.0.10.0/24, where your
> server has 10.0.10.1 and the Windows machine 10.0.10.4, the client tries
> to use 10.0.10.0 as gateway. This obviously doesn't work, because this
> address is reserved / not usable, and the gateway has a different IP.
> The first usable address for hosts is 10.0.10.1, which the WireGuard
> client should set as gateway.
>
> Same applies for IPv6.
Who guarantees you the first usable address will always be the gateway? Some
use .254 for the gateway.
> I didn't try it out yet though, don't have a WireGuard dev env set up.
> If you want me to, I can take a look and maybe send a patch if I get it
> to work.
Please try it and see it just works as it is.
Mind boggling, isn't it? :)
Best regards,
Simon
[-- Attachment #1.2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 4919 bytes --]
[-- Attachment #2: Type: text/plain, Size: 148 bytes --]
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
prev parent reply other threads:[~2019-12-12 10:21 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-09 20:02 Kilian Schauer
2019-12-12 10:21 ` Simon Rozman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=99D61A626FDA8A4B90A270669121BE10D0597C6E@PLANJAVA.amebis.doma \
--to=simon@rozman.si \
--cc=kilian@schauer.tech \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).