Development discussion of WireGuard
 help / color / mirror / Atom feed
From: Henning Reich <henning.reich@gmail.com>
To: Eric Light <eric@ericlight.com>
Cc: wireguard@lists.zx2c4.com
Subject: Re: Starcraft over Wireguard ... :sideeye:
Date: Mon, 12 Feb 2018 10:07:11 +0100	[thread overview]
Message-ID: <CAOAVeL1snF8a3rwjA0eWgL3h6p+qY9dkz+KWhfpSvL0QkmM_7g@mail.gmail.com> (raw)
In-Reply-To: <1518420236.1268661.1267596392.738A262C@webmail.messagingengine.com>

[-- Attachment #1: Type: text/plain, Size: 5142 bytes --]

Hi,
I don't understand what you really want. You say someting about other
computers. Who are these other people/copmuters and there they are? Inside
your (or your childs) network or unknown public internet users?
Did you try to set up a game through battle.net or a "local" game? In
addition, your configuration looks like you mixed up with your subnets. On
your childs side, you configure your interface as part of an /24 subnet,
but on your side, its just a /32 "range".
It may work anyway, bit I think its still confusing.

So I think, a good start would be to clean up your wg-config. I like to use
a seperate "subnet" for vpn traffic. So there is no ProxyArp needed,
because the VPN-Server works as a Gateway for his own subnet. Disadvantag
is that you can't use (without some more work) broadcast features. Mostly
use for some autodetections and so on.
Maybe this will help a bit.

On his computer:  (LAN IP 192.168.1.x)

[Interface]
PrivateKey = {blah}=
ListenPort = 12457
Address = 192.168.123.3/24 <http://192.168.88.3/24>

[Peer]
PublicKey = {blah2}=
Endpoint = {my home}:12457
AllowedIPs = 192.168.123.0/24 <http://192.168.88.3/24>, 192.168.88.0/24


On my computer:  (LAN IP 192.168.88.x)

[Interface]
PrivateKey = {blah3}=
ListenPort = 12457
Address = 192.168.123.2/ <http://192.168.88.2/32>24

[Peer]
PublicKey = {blah4}=
AllowedIPs = 192.168.123.0/24 <http://192.168.88.3/24>, 192.168.1.0/24

With this configuration, you should create (and play) games using the
dedicated vpn IPs (192.168.123.2 or 3 ) or maybe (not tested) your orignal
local IPs (192.168.88.xxx or 192.168.1.xxx).


An complete other soloution could be using a layer2 vpn. I like
SoftEtherVPN.
You could install it, bind the vpn to a tap-device (within the SoftEther
configuration) and than bind the tap-device (with linux tools like brctl,
systemd-networkd config) to your physical interface.
If anybody connect to this vpn, it's just like an additional wire to your
network. So all works, inlcuding DHCP in the same subnet and so on.
The strange double-bridge is not needed, if your SC-Host and VPN-Host are
NOT the same device. Because if you bridge the VPN directly to the physical
interface (without the help of an additional tap-device) the VPN Client
can't reach the vpn-server itself.

Or maybe without any VPN? Just Portforwarding and a (dynamic) DNS entry?
You could get free ones here: https://freedns.afraid.org/




2018-02-12 8:23 GMT+01:00 Eric Light <eric@ericlight.com>:

> Hi, awesome WG mailinglist!
>
> My 18 year-old has recently moved out of home, and we're starting to yearn
> for one of our traditional Starcraft matches.  I thought I should be able
> to do this easily with Wireguard.
>
> The idea, generally, is that one of us would start up a game, and
> Wireguard - with a side serving of ProxyARP and IP forwarding - would help
> make all the other computers see that game.  (or, at very worst, allow me
> to run a game that could be seen by his computer AND the other computers
> here).
>
> -=-=-=-=-=-=-=-=-=-=-=-=-
>
> On his computer:  (LAN IP 192.168.1.x)
>
> [Interface]
> PrivateKey = {blah}=
> ListenPort = 12457
> Address = 192.168.88.3/24
>
> [Peer]
> PublicKey = {blah2}=
> Endpoint = {my home}:12457
> AllowedIPs = 0.0.0.0/0
>
>
> On my computer:  (LAN IP 192.168.88.x)
>
> [Interface]
> PrivateKey = {blah3}=
> ListenPort = 12457
> Address = 192.168.88.2/32
>
> [Peer]
> PublicKey = {blah4}=
> AllowedIPs = 192.168.88.3/32
>
>
> -=-=-=-=-=-=-=-=-=-=-=-=-
>
> But it turns out not to be so easy.  Starcraft sets up games over UDP 5353
> and UDP 6112, and originally I thought it was a problem with forwarding UDP
> packets.  However, I can see packets coming over the tunnel from his
> computer, but the packets are being forwarded to an address I don't know:
>
> root@me:~# tcpdump -i home port 5353 or port 6112
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on home, link-type RAW (Raw IP), capture size 262144 bytes
> 20:02:35.744726 IP 192.168.88.3.6112 > 37.244.23.109.3478: UDP, length 10
> 20:02:35.759142 IP 192.168.88.3.6112 > 37.244.23.109.3478: UDP, length 10
> 20:02:35.759157 IP 192.168.88.3.6112 > 37.244.23.109.3478: UDP, length 10
> 20:02:36.045323 IP 37.244.23.109.3478 > 192.168.88.3.6112: UDP, length 19
> 20:02:36.099993 IP 37.244.23.109.3478 > 192.168.88.3.6112: UDP, length 19
> 20:02:36.100005 IP 37.244.23.109.3478 > 192.168.88.3.6112: UDP, length 19
> 20:03:05.964077 IP 192.168.88.3.6112 > 37.244.23.109.3478: UDP, length 10
> 20:03:05.964118 IP 192.168.88.3.6112 > 37.244.23.109.3478: UDP, length 10
> 20:03:05.987761 IP 192.168.88.3.6112 > 37.244.23.109.3478: UDP, length 10
>
>
> Any ideas where I can start looking?  I get similar behaviour whether I
> host the game on my computer or on his.
>
> Thanks in advance for any help you guys can offer!
>
> E
>
> --------------------------------------------
> Q: Why is this email five sentences or less?
> A: http://five.sentenc.es
>
>
>
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>
>

[-- Attachment #2: Type: text/html, Size: 17525 bytes --]

  reply	other threads:[~2018-02-12  9:01 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-02-12  7:23 Eric Light
2018-02-12  9:07 ` Henning Reich [this message]
2018-02-14 21:24 ` Asbjørn Sloth Tønnesen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAOAVeL1snF8a3rwjA0eWgL3h6p+qY9dkz+KWhfpSvL0QkmM_7g@mail.gmail.com \
    --to=henning.reich@gmail.com \
    --cc=eric@ericlight.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).