Not able to ping the host as per demo of wireguard.

Not able to ping the host as per demo of wireguard.

[Sahil Gupta]

[-- Attachment #1: Type: text/plain, Size: 3566 bytes --]

Hi all,
I am trying demo of Wireguard as shown in this link:
https://www.wireguard.com/talks/talk-demo-screencast.mp4

I am having two laptops connected to same wifi.
Operating system is ubuntu.
I have followed exact same steps as shown in demo but unable to ping the
send laptop.

It is not even recognizing the laptop.
Only difference from video is I don't have eth0 interface but wlp6so
wireless interface.

I am sending both ip addr and wg command results of both.
Please guide what is going wrong with ping command.


Laptop 1(Peer A):
"
root@sahilgupta221-900X3B-900X4B:/home/sahilgupta221# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
state DOWN group default qlen 1000
    link/ether e8:03:9a:9a:3b:90 brd ff:ff:ff:ff:ff:ff
3: wlp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
group default qlen 1000
    link/ether 88:53:2e:c7:78:f1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.211/22 brd 192.168.3.255 scope global dynamic wlp1s0
       valid_lft 2130sec preferred_lft 2130sec
    inet6 fe80::82c0:7df3:3700:b941/64 scope link
       valid_lft forever preferred_lft forever
4: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state
UNKNOWN group default qlen 1
    link/none
    inet 10.0.0.1/24 scope global wg0
       valid_lft forever preferred_lft forever
root@sahilgupta221-900X3B-900X4B:/home/sahilgupta221# wg
interface: wg0
  public key: N5XYKCRQvs7mMd1QQiPuNcAmchvB4u1oc3N+RNjWeSs=
  private key: (hidden)
  listening port: 40668

peer: XtGALYDx+tE9dHBftR26vUkjZ6bHzRZscaaM++NSGk4=
  endpoint: 192.168.2.170:59257
  allowed ips: 10.0.0.2/32
  transfer: 0 B received, 3.04 KiB sent
root@sahilgupta221-900X3B-900X4B:/home/sahilgupta221#

"

Laptop 2(Peer B):
"
root@sahilgupta221-900X3B-900X4B:/home/sahilgupta221# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
state DOWN group default qlen 1000
    link/ether e8:03:9a:9a:3b:90 brd ff:ff:ff:ff:ff:ff
3: wlp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
group default qlen 1000
    link/ether 88:53:2e:c7:78:f1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.211/22 brd 192.168.3.255 scope global dynamic wlp1s0
       valid_lft 2130sec preferred_lft 2130sec
    inet6 fe80::82c0:7df3:3700:b941/64 scope link
       valid_lft forever preferred_lft forever
4: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state
UNKNOWN group default qlen 1
    link/none
    inet 10.0.0.1/24 scope global wg0
       valid_lft forever preferred_lft forever
root@sahilgupta221-900X3B-900X4B:/home/sahilgupta221# wg
interface: wg0
  public key: N5XYKCRQvs7mMd1QQiPuNcAmchvB4u1oc3N+RNjWeSs=
  private key: (hidden)
  listening port: 40668

peer: XtGALYDx+tE9dHBftR26vUkjZ6bHzRZscaaM++NSGk4=
  endpoint: 192.168.2.170:59257
  allowed ips: 10.0.0.2/32
  transfer: 0 B received, 3.04 KiB sent
root@sahilgupta221-900X3B-900X4B:/home/sahilgupta221#
"

Waiting for reply.

Regards
Sahil Gupta

[-- Attachment #2: Type: text/html, Size: 6733 bytes --]

Re: Not able to ping the host as per demo of wireguard.

[Sahil Gupta]

[-- Attachment #1: Type: text/plain, Size: 303 bytes --]

One more observation here.
In your demo video, listening port number is same.
In my case they are different and so I am using wlp1s0 interface IP as
endpoint IP and its wg listening port number in wg set peer command as
endpoint value.
Please rectify me in case I am doing some mistake here.
​

[-- Attachment #2: Type: text/html, Size: 369 bytes --]

Re: Not able to ping the host as per demo of wireguard.

[Jason A. Donenfeld]

You need to set the correct listening port. If you want to use port
51820, set it as such:

$ wg set wg0 listen-port 51820

Then adjust your endpoint to 'endpoint 1.2.3.4:51820'.

Re: Not able to ping the host as per demo of wireguard.

[Eric Light]

Hi Sahil,

Both of your wg0 interfaces are set to 10.0.0.1/24, but both of your
AllowedIPs are set to 10.0.0.2/32 -- so neither of them are routing to
the other.  For me, I'd set AllowedIPs to 10.0.0.1/24 on both laptops,
so they can each talk to  10.0.0.x.

Also, your Endpoints are both set to 192.168.2.170, but neither of your
wlp1s0 interfaces are set to this IP address... this means they're each
throwing their wg packets to some unknown third device.

And then there's the Listening Port thing that Jason already
mentioned... If computer A is listening on 12345, computer B must be
talking to 12345 as well.

Hope this helps
E

--------------------------------------------
Q: Why is this email five sentences or less?
A: http://five.sentenc.es

On Sat, 22 Jul 2017, at 10:22, Jason A. Donenfeld wrote:
> You need to set the correct listening port. If you want to use port
> 51820, set it as such:
> 
> $ wg set wg0 listen-port 51820
> 
> Then adjust your endpoint to 'endpoint 1.2.3.4:51820'.
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Not able to ping the host as per demo of wireguard.

[Sahil Gupta]

[-- Attachment #1: Type: text/plain, Size: 384 bytes --]

Sorry, my bad.
I copy ​paste configuration of Peer A in both Peer A and B in this email.
I will follow the advise of Jason.

I switched off both Laptops and now wg interface are gone.
I need to create them again.
Can we make these interfaces permanent so they will not go upon switching
off the laptop?

I will mail again if problem still persists.

Thanks
Sahil Gupta

[-- Attachment #2: Type: text/html, Size: 479 bytes --]

Re: Not able to ping the host as per demo of wireguard.

[Eric Light]

[-- Attachment #1: Type: text/plain, Size: 1103 bytes --]

Yep you can make them permanent.  Create your config in /etc/wireguard/wg0.conf.  Then run 'systemctl enable wg-quick@wg0'  (assuming you're running systemd).
wg-quick takes care of interface creation, interface and endpoint IP addressing, routing, and peer keys; so you just create that file and then use 'wg-quick up wg0'.  :)
I wrote a few blog posts on setting up wg to act as a bridge into a remote network; you can probably use a lot of the info from there to get you started:   https://www.ericlight.com/wireguard-part-one-installation
E

--------------------------------------------
Q: Why is this email five sentences or less?
A: http://five.sentenc.es



On Sat, 22 Jul 2017, at 11:54, Sahil Gupta wrote:
> Sorry, my bad.
> I copy paste configuration of Peer A in both Peer A and B in this email.> I will follow the advise of Jason.
> 
> I switched off both Laptops and now wg interface are gone.
> I need to create them again.
> Can we make these interfaces permanent so they will not go upon switching off the laptop?> 
> I will mail again if problem still persists.
> Thanks
> Sahil Gupta


[-- Attachment #2: Type: text/html, Size: 1862 bytes --]

Re: Not able to ping the host as per demo of wireguard.

[Sahil Gupta]

[-- Attachment #1: Type: text/plain, Size: 1301 bytes --]

Thanks Eric.
I will do that.
😊

On Fri, Jul 21, 2017 at 8:03 PM, Eric Light <eric@ericlight.com> wrote:

> Yep you can make them permanent.  Create your config in
> /etc/wireguard/wg0.conf.  Then run 'systemctl enable wg-quick@wg0'
>  (assuming you're running systemd).
>
> wg-quick takes care of interface creation, interface and endpoint IP
> addressing, routing, and peer keys; so you just create that file and then
> use 'wg-quick up wg0'.  :)
>
> I wrote a few blog posts on setting up wg to act as a bridge into a remote
> network; you can probably use a lot of the info from there to get you
> started:   https://www.ericlight.com/wireguard-part-one-installation
>
> E
>
> --------------------------------------------
> Q: Why is this email five sentences or less?
> A: http://five.sentenc.es
>
>
>
> On Sat, 22 Jul 2017, at 11:54, Sahil Gupta wrote:
>
> Sorry, my bad.
> I copy paste configuration of Peer A in both Peer A and B in this email.
> I will follow the advise of Jason.
>
> I switched off both Laptops and now wg interface are gone.
> I need to create them again.
> Can we make these interfaces permanent so they will not go upon switching
> off the laptop?
>
> I will mail again if problem still persists.
> Thanks
> Sahil Gupta
>
>
>

[-- Attachment #2: Type: text/html, Size: 2497 bytes --]

Re: Not able to ping the host as per demo of wireguard.

[Sahil Gupta]

[-- Attachment #1: Type: text/plain, Size: 1647 bytes --]

Thanks Jason and Eric.

Problem is with the router.
Router is blocking ping request.
I changed the router and make my mobile phone as Access Point with Laptops.
Problem is resolved.
😊

Regards
Sahil Gupta


On Fri, Jul 21, 2017 at 8:07 PM, Sahil Gupta <sg5414@g.rit.edu> wrote:

> Thanks Eric.
> I will do that.
> 😊
>
> On Fri, Jul 21, 2017 at 8:03 PM, Eric Light <eric@ericlight.com> wrote:
>
>> Yep you can make them permanent.  Create your config in
>> /etc/wireguard/wg0.conf.  Then run 'systemctl enable wg-quick@wg0'
>>  (assuming you're running systemd).
>>
>> wg-quick takes care of interface creation, interface and endpoint IP
>> addressing, routing, and peer keys; so you just create that file and then
>> use 'wg-quick up wg0'.  :)
>>
>> I wrote a few blog posts on setting up wg to act as a bridge into a
>> remote network; you can probably use a lot of the info from there to get
>> you started:   https://www.ericlight.com/wireguard-part-one-installation
>>
>> E
>>
>> --------------------------------------------
>> Q: Why is this email five sentences or less?
>> A: http://five.sentenc.es
>>
>>
>>
>> On Sat, 22 Jul 2017, at 11:54, Sahil Gupta wrote:
>>
>> Sorry, my bad.
>> I copy paste configuration of Peer A in both Peer A and B in this email.
>> I will follow the advise of Jason.
>>
>> I switched off both Laptops and now wg interface are gone.
>> I need to create them again.
>> Can we make these interfaces permanent so they will not go upon switching
>> off the laptop?
>>
>> I will mail again if problem still persists.
>> Thanks
>> Sahil Gupta
>>
>>
>>
>

[-- Attachment #2: Type: text/html, Size: 3305 bytes --]

Re: Not able to ping the host as per demo of wireguard.

[Jason A. Donenfeld]

Assuredly there are reasonable ways to work around whatever the router
is doing, but glad it worked out for you in the end.

Regards,
Jason