From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: henningreich@gmail.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 4d396140 for ; Mon, 12 Feb 2018 09:01:18 +0000 (UTC) Received: from mail-io0-f194.google.com (mail-io0-f194.google.com [209.85.223.194]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id aea5a4bd for ; Mon, 12 Feb 2018 09:01:18 +0000 (UTC) Received: by mail-io0-f194.google.com with SMTP id f89so16509722ioj.4 for ; Mon, 12 Feb 2018 01:07:53 -0800 (PST) MIME-Version: 1.0 Sender: henningreich@gmail.com In-Reply-To: <1518420236.1268661.1267596392.738A262C@webmail.messagingengine.com> References: <1518420236.1268661.1267596392.738A262C@webmail.messagingengine.com> From: Henning Reich Date: Mon, 12 Feb 2018 10:07:11 +0100 Message-ID: Subject: Re: Starcraft over Wireguard ... :sideeye: To: Eric Light Content-Type: multipart/alternative; boundary="001a113fe1887bafe705650036c1" Cc: wireguard@lists.zx2c4.com List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --001a113fe1887bafe705650036c1 Content-Type: text/plain; charset="UTF-8" Hi, I don't understand what you really want. You say someting about other computers. Who are these other people/copmuters and there they are? Inside your (or your childs) network or unknown public internet users? Did you try to set up a game through battle.net or a "local" game? In addition, your configuration looks like you mixed up with your subnets. On your childs side, you configure your interface as part of an /24 subnet, but on your side, its just a /32 "range". It may work anyway, bit I think its still confusing. So I think, a good start would be to clean up your wg-config. I like to use a seperate "subnet" for vpn traffic. So there is no ProxyArp needed, because the VPN-Server works as a Gateway for his own subnet. Disadvantag is that you can't use (without some more work) broadcast features. Mostly use for some autodetections and so on. Maybe this will help a bit. On his computer: (LAN IP 192.168.1.x) [Interface] PrivateKey = {blah}= ListenPort = 12457 Address = 192.168.123.3/24 [Peer] PublicKey = {blah2}= Endpoint = {my home}:12457 AllowedIPs = 192.168.123.0/24 , 192.168.88.0/24 On my computer: (LAN IP 192.168.88.x) [Interface] PrivateKey = {blah3}= ListenPort = 12457 Address = 192.168.123.2/ 24 [Peer] PublicKey = {blah4}= AllowedIPs = 192.168.123.0/24 , 192.168.1.0/24 With this configuration, you should create (and play) games using the dedicated vpn IPs (192.168.123.2 or 3 ) or maybe (not tested) your orignal local IPs (192.168.88.xxx or 192.168.1.xxx). An complete other soloution could be using a layer2 vpn. I like SoftEtherVPN. You could install it, bind the vpn to a tap-device (within the SoftEther configuration) and than bind the tap-device (with linux tools like brctl, systemd-networkd config) to your physical interface. If anybody connect to this vpn, it's just like an additional wire to your network. So all works, inlcuding DHCP in the same subnet and so on. The strange double-bridge is not needed, if your SC-Host and VPN-Host are NOT the same device. Because if you bridge the VPN directly to the physical interface (without the help of an additional tap-device) the VPN Client can't reach the vpn-server itself. Or maybe without any VPN? Just Portforwarding and a (dynamic) DNS entry? You could get free ones here: https://freedns.afraid.org/ 2018-02-12 8:23 GMT+01:00 Eric Light : > Hi, awesome WG mailinglist! > > My 18 year-old has recently moved out of home, and we're starting to yearn > for one of our traditional Starcraft matches. I thought I should be able > to do this easily with Wireguard. > > The idea, generally, is that one of us would start up a game, and > Wireguard - with a side serving of ProxyARP and IP forwarding - would help > make all the other computers see that game. (or, at very worst, allow me > to run a game that could be seen by his computer AND the other computers > here). > > -=-=-=-=-=-=-=-=-=-=-=-=- > > On his computer: (LAN IP 192.168.1.x) > > [Interface] > PrivateKey = {blah}= > ListenPort = 12457 > Address = 192.168.88.3/24 > > [Peer] > PublicKey = {blah2}= > Endpoint = {my home}:12457 > AllowedIPs = 0.0.0.0/0 > > > On my computer: (LAN IP 192.168.88.x) > > [Interface] > PrivateKey = {blah3}= > ListenPort = 12457 > Address = 192.168.88.2/32 > > [Peer] > PublicKey = {blah4}= > AllowedIPs = 192.168.88.3/32 > > > -=-=-=-=-=-=-=-=-=-=-=-=- > > But it turns out not to be so easy. Starcraft sets up games over UDP 5353 > and UDP 6112, and originally I thought it was a problem with forwarding UDP > packets. However, I can see packets coming over the tunnel from his > computer, but the packets are being forwarded to an address I don't know: > > root@me:~# tcpdump -i home port 5353 or port 6112 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on home, link-type RAW (Raw IP), capture size 262144 bytes > 20:02:35.744726 IP 192.168.88.3.6112 > 37.244.23.109.3478: UDP, length 10 > 20:02:35.759142 IP 192.168.88.3.6112 > 37.244.23.109.3478: UDP, length 10 > 20:02:35.759157 IP 192.168.88.3.6112 > 37.244.23.109.3478: UDP, length 10 > 20:02:36.045323 IP 37.244.23.109.3478 > 192.168.88.3.6112: UDP, length 19 > 20:02:36.099993 IP 37.244.23.109.3478 > 192.168.88.3.6112: UDP, length 19 > 20:02:36.100005 IP 37.244.23.109.3478 > 192.168.88.3.6112: UDP, length 19 > 20:03:05.964077 IP 192.168.88.3.6112 > 37.244.23.109.3478: UDP, length 10 > 20:03:05.964118 IP 192.168.88.3.6112 > 37.244.23.109.3478: UDP, length 10 > 20:03:05.987761 IP 192.168.88.3.6112 > 37.244.23.109.3478: UDP, length 10 > > > Any ideas where I can start looking? I get similar behaviour whether I > host the game on my computer or on his. > > Thanks in advance for any help you guys can offer! > > E > > -------------------------------------------- > Q: Why is this email five sentences or less? > A: http://five.sentenc.es > > > > _______________________________________________ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard > > --001a113fe1887bafe705650036c1 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,
I don't understand what you really want.=C2=A0= You say someting about other computers. Who are these other people/copmuter= s and there they are? Inside your (or your childs) network or unknown publi= c internet users?
Did you try to set up a game through battle.net or a "local" game? In addition= , your configuration looks like you mixed up with your subnets. On your chi= lds side, you configure your interface as part of an /24 subnet, but on you= r side, its just a /32 "range".=C2=A0
It may work anywa= y, bit I think its still confusing.=C2=A0

So I= think, a good start would be to clean up your wg-config. I like to use a s= eperate "subnet" for vpn traffic. So there is no ProxyArp needed,= because the VPN-Server works as a Gateway for his own subnet. Disadvantag = is that you can't use (without some more work) broadcast features. Most= ly use for some autodetections and so on.=C2=A0
Maybe this will h= elp a bit.

On his computer:=C2=A0 (LAN IP 192.168.= 1.x)
[Interfa= ce]
PrivateKey =3D {bla= h}=3D
ListenPort =3D 12= 457
Address =3D= =C2=A0192.168.123.3/24

[P= eer]
PublicKey =3D {bla= h2}=3D
Endpoint =3D {my= home}:12457
AllowedIPs= =3D=C2=A0192.168.123.0/24, 192.= 168.88.0/24

On my c= omputer:=C2=A0 (LAN IP 192.168.88.x)

[Interface]
PrivateKey= =3D {blah3}=3D
= ListenPort =3D 12457
Address = =3D=C2=A0192.168.123.2/24

[Peer]
PublicKe= y =3D {blah4}=3D
AllowedIPs =3D=C2=A0192.168.123.0/24, 192.168.1.0/24

With t= his configuration, you should create (and play) games using the dedicated v= pn IPs (192.168.123.2 or 3 ) or maybe (not tested) your orignal local IPs (= 192.168.88.xxx or 192.168.1.xxx).=C2=A0


=
An complete other soloution could be using a layer2 vpn. I like SoftEt= herVPN.=C2=A0
You could install it, bind the vpn to a tap-device = (within the SoftEther configuration) and than bind the tap-device (with lin= ux tools like brctl, systemd-networkd config) to your physical interface.
If anybody connect to this vpn, it's just like an additional w= ire to your network. So all works, inlcuding DHCP in the same subnet and so= on.
The strange double-bridge is not needed, if your SC-Host and= VPN-Host are NOT the same device. Because if you bridge the VPN directly t= o the physical interface (without the help of an additional tap-device) the= VPN Client can't reach the vpn-server itself.

Or maybe without any VPN? Just Portforwarding and a (dynamic) DNS entry? Y= ou could get free ones here:=C2=A0h= ttps://freedns.afraid.org/



=

2018-= 02-12 8:23 GMT+01:00 Eric Light <eric@ericlight.com>:
Hi, awesome WG mailinglist!

My 18 year-old has recently moved out of home, and we're starting = to yearn for one of our traditional Starcraft matches.=C2=A0 I thought I sh= ould be able to do this easily with Wireguard.

The idea, generally, is that one of us would start up a game, and= Wireguard - with a side serving of ProxyARP and IP forwarding - would help= make all the other computers see that game.=C2=A0 (or, at very worst, allo= w me to run a game that could be seen by his computer AND the other compute= rs here).

-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-

On his computer:=C2=A0 (LAN IP 192.168.1.x)

[Interface]
PrivateKey =3D {blah}=3D
ListenPort =3D 12457
Address =3D 192.168.88.3/24

[Peer]
PublicKey =3D {blah2}=3D
Endpoint =3D {my home}:12457
AllowedIPs =3D 0.0.0.0/0


On my computer:=C2=A0 (LAN IP 192.168.88.x)

[Interface]<= span class=3D"m_6646800087308898011font" style=3D"font-family:menlo,consola= s,monospace,sans-serif">
PrivateKey =3D {blah3}=3D
ListenPort =3D 12457
Address =3D 192.168.88.2/32
=

[Peer]
PublicKey =3D {blah4}=3D
AllowedIPs =3D 192.168.88.3/32

-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-

But it turns out not to be so easy.=C2=A0 Starcraft sets up games over= UDP 5353 and UDP 6112, and originally I thought it was a problem with forw= arding UDP packets.=C2=A0 However, I can see packets coming over the tunnel= from his computer, but the packets are being forwarded to an address I don= 't know:

root@me:~# tcpdump = -i home port 5353 or port 6112
tcpdump: verbose output suppressed, use -v or= -vv for full protocol decode
listening on home, link-type RAW (Raw IP), ca= pture size 262144 bytes
20:02:35.744726 IP 192.168.88.3.6112 > 37.= 244.23.109.3478: UDP, length 10
<= /div>
20:02:35.759142 IP 192.168.88.3.6112 > 37.= 244.23.109.3478: UDP, length 10
<= /div>
20:02:35.759157 IP 192.168.88.3.6112 > 37.= 244.23.109.3478: UDP, length 10
<= /div>
20:02:36.045323 IP 37.244.23.109.3478 > 19= 2.168.88.3.6112: UDP, length 19
<= /div>
20:02:36.099993 IP 37.244.23.109.3478 > 19= 2.168.88.3.6112: UDP, length 19
<= /div>
20:02:36.100005 IP 37.244.23.109.3478 > 19= 2.168.88.3.6112: UDP, length 19
<= /div>
20:03:05.964077 IP 192.168.88.3.6112 > 37.= 244.23.109.3478: UDP, length 10
<= /div>
20:03:05.964118 IP 192.168.88.3.6112 > 37.= 244.23.109.3478: UDP, length 10
<= /div>
20:03:05.987761 IP 192.168.88.3.6112 > 37.= 244.23.109.3478: UDP, length 10

Any ideas where I can start looking?=C2=A0 I get similar behaviour whe= ther I host the game on my computer or on his.

Thanks in advance for any help you guys can offer!

E

--------------------------------------------
Q: Why is this email five sen= tences or less?
A: http://five.sentenc.es



_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com<= br> https://lists.zx2c4.com/mailman/listinfo/wire= guard


--001a113fe1887bafe705650036c1--