* Working only one way
@ 2018-04-09 20:17 Ing. Luis Felipe Domínguez Vega
2018-04-09 20:51 ` Mikael Magnusson
2018-04-09 21:43 ` Eric Light
0 siblings, 2 replies; 5+ messages in thread
From: Ing. Luis Felipe Domínguez Vega @ 2018-04-09 20:17 UTC (permalink / raw)
To: wireguard
Hello people, i currently installed wireguard (So easy !!!!!!), but i have a problem i have ping from server -> client, but not client -> server, when in server I execute tcpdump -i empresa only i see ICMP request and not response:
Config server:
************************************
[Interface]
Address = 10.11.2.0/24
SaveConfig = true
ListenPort = 51820
PrivateKey = --------
[Peer]
PublicKey = hgwZKihI4axZZwoWPsucpX+rZMo6dEhnJgb7ulZmzDE=
AllowedIPs = 10.11.2.2/32
Endpoint = 192.168.0.215:59160
Config client:
************************************
[Interface]
PrivateKey = --------
Address = 10.11.2.2/32
[Peer]
PublicKey = v+5UJACf6odzR4ct0vPheVaaKpIdEMjqa9SECloq5CE=
Endpoint = 192.168.0.251:51820
AllowedIPs = 10.11.2.0/24
Routing in server:
------------------
default via 192.168.0.254 dev enp1s0 onlink
10.11.2.0/24 dev empresa proto kernel scope link src 10.11.2.0
192.168.0.0/24 dev enp1s0 proto kernel scope link src 192.168.0.251
Routing in client:
------------------
default via 192.168.0.254 dev enp3s0 proto static metric 100
10.8.0.0/24 via 10.11.0.57 dev enp5s0 proto static metric 100
10.9.0.0/24 via 10.11.0.57 dev enp5s0 proto static metric 100
10.11.0.0/24 dev enp5s0 proto kernel scope link src 10.11.0.61 metric 100
10.11.2.0/24 dev empresa-vpn scope link
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
192.168.0.0/24 dev enp3s0 proto kernel scope link src 192.168.0.215 metric 100
192.168.44.0/24 via 10.11.0.254 dev enp5s0 proto static metric 100
--
Luis Felipe Dominguez Vega
System Administration in Desoft Matanzas | Mob: [ tel:+5353694785 | +5353694785 ] | [ http://www.desoft.cu/ | www.desoft.cu ]
[ https://www.facebook.com/lfdominguez0104 | ] [ https://www.linkedin.com/in/luis-felipe-dom%C3%ADnguez-vega-47725794/ | ] [ https://twitter.com/LuisFelipeDV1 | ]
XVII CONVENCIÓN Y FERIA INTERNACIONAL: INFORMÁTICA 2018. En La Habana, Cuba, del 19 al 23 de marzo
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Working only one way
2018-04-09 20:17 Working only one way Ing. Luis Felipe Domínguez Vega
@ 2018-04-09 20:51 ` Mikael Magnusson
2018-04-09 21:43 ` Eric Light
1 sibling, 0 replies; 5+ messages in thread
From: Mikael Magnusson @ 2018-04-09 20:51 UTC (permalink / raw)
To: wireguard
On 04/09/2018 10:17 PM, Ing. Luis Felipe Domínguez Vega wrote:
> Hello people, i currently installed wireguard (So easy !!!!!!), but i have a problem i have ping from server -> client, but not client -> server, when in server I execute tcpdump -i empresa only i see ICMP request and not response:
>
> Config server:
> ************************************
> [Interface]
> Address = 10.11.2.0/24
This is the network address which I don't think you should use. Try any
address within 10.11.2.0/24 except 10.11.2.0, 10.11.2.2, and 10.11.2.255.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Working only one way
2018-04-09 20:17 Working only one way Ing. Luis Felipe Domínguez Vega
2018-04-09 20:51 ` Mikael Magnusson
@ 2018-04-09 21:43 ` Eric Light
2018-04-10 13:16 ` Ing. Luis Felipe Domínguez Vega
1 sibling, 1 reply; 5+ messages in thread
From: Eric Light @ 2018-04-09 21:43 UTC (permalink / raw)
To: wireguard
Hi Luis,
Welcome!
I would change your server Interface address to .1/24; .0/24 would be the n=
etwork address so would probably behave poorly.
Then I'd change your client Interface address to a /24 as well. I think be=
cause the scope of that interface is /32, the routing table is probably not=
sending packets down your wireguard route.
E
--------------------------------------------
Q: Why is this email five sentences or less?
A: http://five.sentenc.es
On Tue, 10 Apr 2018, at 08:17, Ing. Luis Felipe Dom=C3=ADnguez Vega wrote:
> Hello people, i currently installed wireguard (So easy !!!!!!), but i=20
> have a problem i have ping from server -> client, but not client ->=20
> server, when in server I execute tcpdump -i empresa only i see ICMP=20
> request and not response:=20
>=20
> Config server:=20
> ************************************
> [Interface]=20
> Address =3D 10.11.2.0/24=20
> SaveConfig =3D true=20
> ListenPort =3D 51820=20
> PrivateKey =3D --------=20
>=20
> [Peer]=20
> PublicKey =3D hgwZKihI4axZZwoWPsucpX+rZMo6dEhnJgb7ulZmzDE=3D=20
> AllowedIPs =3D 10.11.2.2/32=20
> Endpoint =3D 192.168.0.215:59160
>=20
>=20
> Config client:=20
> ************************************
> [Interface]
> PrivateKey =3D --------=20
> Address =3D 10.11.2.2/32
>=20
> [Peer]
> PublicKey =3D v+5UJACf6odzR4ct0vPheVaaKpIdEMjqa9SECloq5CE=3D
> Endpoint =3D 192.168.0.251:51820
> AllowedIPs =3D 10.11.2.0/24
>=20
>=20
>=20
>=20
> Routing in server:
> ------------------
> default via 192.168.0.254 dev enp1s0 onlink=20
> 10.11.2.0/24 dev empresa proto kernel scope link src 10.11.2.0=20
> 192.168.0.0/24 dev enp1s0 proto kernel scope link src 192.168.0.251
>=20
> Routing in client:
> ------------------
> default via 192.168.0.254 dev enp3s0 proto static metric 100=20
> 10.8.0.0/24 via 10.11.0.57 dev enp5s0 proto static metric 100=20
> 10.9.0.0/24 via 10.11.0.57 dev enp5s0 proto static metric 100=20
> 10.11.0.0/24 dev enp5s0 proto kernel scope link src 10.11.0.61 metric 100=
=20
> 10.11.2.0/24 dev empresa-vpn scope link=20
> 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1=20
> 192.168.0.0/24 dev enp3s0 proto kernel scope link src 192.168.0.215 metri=
c 100=20
> 192.168.44.0/24 via 10.11.0.254 dev enp5s0 proto static metric 100
>=20
>=20
>=20
>=20
> --=20
> Luis Felipe Dominguez Vega=20
> System Administration in Desoft Matanzas | Mob: [ tel:+5353694785 |=20
> +5353694785 ] | [ http://www.desoft.cu/ | www.desoft.cu ]=20
> [ https://www.facebook.com/lfdominguez0104 | ]=20
> [ https://www.linkedin.com/in/luis-felipe-dom%C3%ADnguez-vega-47725794/=20
> | ] [ https://twitter.com/LuisFelipeDV1 | ]
> XVII CONVENCI=C3=93N Y FERIA INTERNACIONAL: INFORM=C3=81TICA 2018. En La =
Habana,=20
> Cuba, del 19 al 23 de marzo
>=20
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Working only one way
2018-04-09 21:43 ` Eric Light
@ 2018-04-10 13:16 ` Ing. Luis Felipe Domínguez Vega
2018-04-10 15:23 ` Fredrik Strömberg
0 siblings, 1 reply; 5+ messages in thread
From: Ing. Luis Felipe Domínguez Vega @ 2018-04-10 13:16 UTC (permalink / raw)
To: Eric Light; +Cc: wireguard
Jajajajaj sorry and sorry.. that's was the problem (the server interface wi=
th .0), ufff now is working, thanks... I love this new VPN, is so easy to c=
onfigure. I have a question, I'm new in WireGuard:
1 - Can I change the length (to 4096 bits for example) of private key? or i=
s not neccesary, I am a little paranoic with this kind of security cipher.
----- Mensaje original -----
De: "Eric Light" <eric@ericlight.com>
Para: "wireguard" <wireguard@lists.zx2c4.com>
Enviados: Lunes, 9 de Abril 2018 17:43:19
Asunto: Re: Working only one way
Hi Luis,
Welcome!
I would change your server Interface address to .1/24; .0/24 would be the n=
etwork address so would probably behave poorly.
Then I'd change your client Interface address to a /24 as well. I think be=
cause the scope of that interface is /32, the routing table is probably not=
sending packets down your wireguard route.
E
--------------------------------------------
Q: Why is this email five sentences or less?
A: http://five.sentenc.es
On Tue, 10 Apr 2018, at 08:17, Ing. Luis Felipe Dom=C3=ADnguez Vega wrote:
> Hello people, i currently installed wireguard (So easy !!!!!!), but i=20
> have a problem i have ping from server -> client, but not client ->=20
> server, when in server I execute tcpdump -i empresa only i see ICMP=20
> request and not response:=20
>=20
> Config server:=20
> ************************************
> [Interface]=20
> Address =3D 10.11.2.0/24=20
> SaveConfig =3D true=20
> ListenPort =3D 51820=20
> PrivateKey =3D --------=20
>=20
> [Peer]=20
> PublicKey =3D hgwZKihI4axZZwoWPsucpX+rZMo6dEhnJgb7ulZmzDE=3D=20
> AllowedIPs =3D 10.11.2.2/32=20
> Endpoint =3D 192.168.0.215:59160
>=20
>=20
> Config client:=20
> ************************************
> [Interface]
> PrivateKey =3D --------=20
> Address =3D 10.11.2.2/32
>=20
> [Peer]
> PublicKey =3D v+5UJACf6odzR4ct0vPheVaaKpIdEMjqa9SECloq5CE=3D
> Endpoint =3D 192.168.0.251:51820
> AllowedIPs =3D 10.11.2.0/24
>=20
>=20
>=20
>=20
> Routing in server:
> ------------------
> default via 192.168.0.254 dev enp1s0 onlink=20
> 10.11.2.0/24 dev empresa proto kernel scope link src 10.11.2.0=20
> 192.168.0.0/24 dev enp1s0 proto kernel scope link src 192.168.0.251
>=20
> Routing in client:
> ------------------
> default via 192.168.0.254 dev enp3s0 proto static metric 100=20
> 10.8.0.0/24 via 10.11.0.57 dev enp5s0 proto static metric 100=20
> 10.9.0.0/24 via 10.11.0.57 dev enp5s0 proto static metric 100=20
> 10.11.0.0/24 dev enp5s0 proto kernel scope link src 10.11.0.61 metric 100=
=20
> 10.11.2.0/24 dev empresa-vpn scope link=20
> 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1=20
> 192.168.0.0/24 dev enp3s0 proto kernel scope link src 192.168.0.215 metri=
c 100=20
> 192.168.44.0/24 via 10.11.0.254 dev enp5s0 proto static metric 100
>=20
>=20
>=20
>=20
> --=20
> Luis Felipe Dominguez Vega=20
> System Administration in Desoft Matanzas | Mob: [ tel:+5353694785 |=20
> +5353694785 ] | [ http://www.desoft.cu/ | www.desoft.cu ]=20
> [ https://www.facebook.com/lfdominguez0104 | ]=20
> [ https://www.linkedin.com/in/luis-felipe-dom%C3%ADnguez-vega-47725794/=
=20
> | ] [ https://twitter.com/LuisFelipeDV1 | ]
> XVII CONVENCI=C3=93N Y FERIA INTERNACIONAL: INFORM=C3=81TICA 2018. En La =
Habana,=20
> Cuba, del 19 al 23 de marzo
>=20
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
--=20
Luis Felipe Dominguez Vega=20
System Administration in Desoft Matanzas | Mob: [ tel:+5353694785 | +535369=
4785 ] | [ http://www.desoft.cu/ | www.desoft.cu ]=20
[ https://www.facebook.com/lfdominguez0104 | ] [ https://www.linkedin.co=
m/in/luis-felipe-dom%C3%ADnguez-vega-47725794/ | ] [ https://twitter.com=
/LuisFelipeDV1 | ]
XVII CONVENCIÓN Y FERIA INTERNACIONAL: INFORMÁTICA 2018. En La Habana, Cuba, del 19 al 23 de marzo
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Working only one way
2018-04-10 13:16 ` Ing. Luis Felipe Domínguez Vega
@ 2018-04-10 15:23 ` Fredrik Strömberg
0 siblings, 0 replies; 5+ messages in thread
From: Fredrik Strömberg @ 2018-04-10 15:23 UTC (permalink / raw)
To: Ing. Luis Felipe Domínguez Vega; +Cc: wireguard
Hi Luis,
On Tue, Apr 10, 2018 at 3:16 PM, Ing. Luis Felipe Dom=C3=ADnguez Vega
<luis.dominguez@mtz.desoft.cu> wrote:
> 1 - Can I change the length (to 4096 bits for example) of private key? or=
is not neccesary, I am a little paranoic with this kind of security cipher=
.
>
No. WireGuard uses cryptographic primitives which are
state-of-the-art, with a large security margin. No options means
there's nothing for users to misconfigure, or any risk of so called
downgrading attacks.
Also note that the bit length you are asking for is normal for RSA,
but enormous for elliptic curve based primitives, which is what
WireGuard uses.
Cheers,
Fredrik
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-04-10 15:09 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-09 20:17 Working only one way Ing. Luis Felipe Domínguez Vega
2018-04-09 20:51 ` Mikael Magnusson
2018-04-09 21:43 ` Eric Light
2018-04-10 13:16 ` Ing. Luis Felipe Domínguez Vega
2018-04-10 15:23 ` Fredrik Strömberg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).