From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: me@tombowdit.ch Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 225349ed for ; Wed, 16 May 2018 18:11:47 +0000 (UTC) Received: from mail-ot0-x241.google.com (mail-ot0-x241.google.com [IPv6:2607:f8b0:4003:c0f::241]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 3bcd34d1 for ; Wed, 16 May 2018 18:11:47 +0000 (UTC) Received: by mail-ot0-x241.google.com with SMTP id h8-v6so2009503otb.2 for ; Wed, 16 May 2018 11:12:09 -0700 (PDT) MIME-Version: 1.0 References: <20180515225433.GA26432@zx2c4.com> In-Reply-To: <20180515225433.GA26432@zx2c4.com> From: Tommy Bowditch Date: Wed, 16 May 2018 19:11:58 +0100 Message-ID: Subject: Re: [ANNOUNCE] Alpha Snapshots of WireGuard for Android and macOS To: Jason@zx2c4.com Content-Type: multipart/alternative; boundary="0000000000003d0e16056c56a846" Cc: wireguard@lists.zx2c4.com List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --0000000000003d0e16056c56a846 Content-Type: text/plain; charset="UTF-8" Hi all, So - I don't know if it's me being *thick* or wg-quick isn't supposed to do this, but: I have a wireguard config on my Macbook with addresses 10.3.0.5/31 & fd10::10:3:41/127, other endpoint is .4 and :40. Running wg-quick up wg-xxxxx works fine - pinging the v4 of the other side doesn't work however v6 does - # ping 10.3.0.4 PING 10.3.0.4 (10.3.0.4): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 # ping6 fd10::10:3:40 PING6(56=40+8+8 bytes) fd10::10:3:41 --> fd10::10:3:40 16 bytes from fd10::10:3:40, icmp_seq=0 hlim=64 time=16.008 ms 16 bytes from fd10::10:3:40, icmp_seq=1 hlim=64 time=16.019 ms 16 bytes from fd10::10:3:40, icmp_seq=2 hlim=64 time=14.460 ms I think I see the problem: # ip route get 10.3.0.4 10.3.0.4 via 10.2.0.1 dev en0 src 10.2.0.71 # ip -6 route get fd10::10:3:40 fd10::10:3:40 dev utun1 src fd10::10:3:41 and it's fixable, of course, I was just wondering if this is intended behaviour considering v6 works perfectly OK? Tom On Tue, May 15, 2018 at 11:54 PM Jason A. Donenfeld wrote: > Hey folks, > > We're gradually adding more platforms capable of running WireGuard, thanks > to > some still-buggy userspace code Mathias and I have been developing. Today > you > can try WireGuard on two new platforms: Android and macOS. > > [NEW] WireGuard for Android > --------------------------- > You can download the app from the Play Store or from F-Droid. It supports > adding wg-quick(8)-style .conf files or .zips of them. The app uses the > kernel > module if available, which gives the best performance, stability, and > battery > life, and falls back to the userspace code if it's not available. Download > at: > https://play.google.com/store/apps/details?id=com.wireguard.android > > [NEW] WireGuard for macOS > ------------------------- > You can install wg-quick, wg, and wireguard-go using Homebrew. Then you > should > be able to run `wg-quick up whatever` and familiar commands as you're used > to. > If you're setting up a network manually, you can run `wireguard-go utun3` > in > place of the usual Linux command `ip link add utun3 dev wireguard`. Install > with the Homebrew command: > $ brew install wireguard-tools > > [FUTURE] WireGuard for ${YOUR_FAVORITE_PLATFORM} > ------------------------------------------------ > It's a work in progress, and we hope to have nice things to announce in the > coming weeks. If you're interested in helping to develop support for a > particular platform, please send us an email at team@wireguard.com. > > [WORKHORSE] WireGuard for Linux > ------------------------------- > The Linux kernel implementation remains the recommended and most complete > WireGuard implementation, and we're actively working on upstreaming this > code > to kernel.org. Install instructions are available for every major distro > on: > https://www.wireguard.com/install/ > > [DISCLAIMER] Alpha Warning for Security-related Software > -------------------------------------------------------- > The new implementations for macOS and Android are alpha quality, at best, > so > keep expectations low. There are bugs. There may even be security issues, > and > we don't yet certify that this software does what we want it to do. Let us > know as you encounter the inevitable nasty bugs. Consider this as > "pre-release" > software. > > Enjoy! > Jason > _______________________________________________ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard > --0000000000003d0e16056c56a846 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi all,

So - I don't know if it'= ;s me being thick=C2=A0or wg-quick isn't supposed to do this, bu= t:

I have a wireguard config on my Macbook with addresse= s 10.3.0.5/31 & fd10::10:3:41/127, o= ther endpoint is .4 and :40.

Running wg-quick up wg-xxxxx works fine - pinging the= v4 of the other side doesn't work however v6 does -

# ping 10.3.0.4
PING 10.3.0.4 (10.3.0.4): 56 data= bytes
Request timeout= for icmp_seq 0
Reques= t timeout for icmp_seq 1
# ping6 fd10::10:3:40
PING6(56=3D40+8+8 bytes) fd10::10:3:41 --> fd10::10:3:40
16 bytes from fd10::10:= 3:40, icmp_seq=3D0 hlim=3D64 time=3D16.008 ms
16 bytes from fd10::10:3:40, icmp_seq=3D1 hlim=3D= 64 time=3D16.019 ms
16= bytes from fd10::10:3:40, icmp_seq=3D2 hlim=3D64 time=3D14.460 ms

I think I see the problem:
# ip route get 10.3.0.4
<= font face=3D"monospace, monospace">10.3.0.4 via 10.2.0.1 dev en0=C2=A0 src = 10.2.0.71
# ip -6 rout= e get fd10::10:3:40
fd= 10::10:3:40 dev utun1=C2=A0 src fd10::10:3:41

and it's fixable, of course, I was just wondering if this is i= ntended behaviour considering v6 works perfectly OK?

Tom

On = Tue, May 15, 2018 at 11:54 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
Hey folks,

We're gradually adding more platforms capable of running WireGuard, tha= nks to
some still-buggy userspace code Mathias and I have been developing. Today y= ou
can try WireGuard on two new platforms: Android and macOS.

[NEW] WireGuard for Android
---------------------------
You can download the app from the Play Store or from F-Droid. It supports adding wg-quick(8)-style .conf files or .zips of them. The app uses the ker= nel
module if available, which gives the best performance, stability, and batte= ry
life, and falls back to the userspace code if it's not available. Downl= oad at:
https://play.google.com/store/a= pps/details?id=3Dcom.wireguard.android

[NEW] WireGuard for macOS
-------------------------
You can install wg-quick, wg, and wireguard-go using Homebrew. Then you sho= uld
be able to run `wg-quick up whatever` and familiar commands as you're u= sed to.
If you're setting up a network manually, you can run `wireguard-go utun= 3` in
place of the usual Linux command `ip link add utun3 dev wireguard`. Install=
with the Homebrew command:
$ brew install wireguard-tools

[FUTURE] WireGuard for ${YOUR_FAVORITE_PLATFORM}
------------------------------------------------
It's a work in progress, and we hope to have nice things to announce in= the
coming weeks. If you're interested in helping to develop support for a<= br> particular platform, please send us an email at team@wireguard.com.

[WORKHORSE] WireGuard for Linux
-------------------------------
The Linux kernel implementation remains the recommended and most complete WireGuard implementation, and we're actively working on upstreaming thi= s code
to kerne= l.org. Install instructions are available for every major distro on: https://www.wireguard.com/install/

[DISCLAIMER] Alpha Warning for Security-related Software
--------------------------------------------------------
The new implementations for macOS and Android are alpha quality, at best, s= o
keep expectations low. There are bugs. There may even be security issues, a= nd
we don't yet certify that this software does what we want it to do. Let= us
know as you encounter the inevitable nasty bugs. Consider this as "pre= -release"
software.

Enjoy!
Jason
_______________________________________________
WireGuard mailing list
WireGuard@li= sts.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard=
--0000000000003d0e16056c56a846--