From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: mrgranthaywood@gmail.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 45c05637 for ; Mon, 13 Nov 2017 02:34:34 +0000 (UTC) Received: from mail-yw0-f182.google.com (mail-yw0-f182.google.com [209.85.161.182]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id b96e5775 for ; Mon, 13 Nov 2017 02:34:34 +0000 (UTC) Received: by mail-yw0-f182.google.com with SMTP id p74so1935476ywe.2 for ; Sun, 12 Nov 2017 18:38:29 -0800 (PST) MIME-Version: 1.0 From: Grant Haywood Date: Mon, 13 Nov 2017 02:38:26 +0000 Message-ID: Subject: only last configured peer has allowed-ips To: wireguard@lists.zx2c4.com Content-Type: multipart/alternative; boundary="f4030438bd8049024f055dd42abe" List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --f4030438bd8049024f055dd42abe Content-Type: text/plain; charset="UTF-8" When I run the following on a wireguard instance wireguard@lists.zx2c4.com wg set wg0 peer *SOMEPUB1* allowed-ips 0.0.0.0/0 persistent-keepalive 25 wg set wg0 peer *SOMEPUB2* allowed-ips 0.0.0.0/0 persistent-keepalive 25 only the last key gets set with an allowed-ips directive interface: wg0 public key: *HOSTKEY* private key: (hidden) listening port: 51820 peer: *SOMEPUB2* endpoint: *SOMEIP*:38568 allowed ips: 0.0.0.0/0 latest handshake: 1 minute, 11 seconds ago transfer: 4.81 KiB received, 3.47 KiB sent persistent keepalive: every 25 seconds peer: *SOMEPUB1* endpoint: *SOMEIP*:36411 allowed ips: (none) #<< This appears wrong latest handshake: 1 minute, 24 seconds ago transfer: 44.05 KiB received, 47.68 KiB sent persistent keepalive: every 25 seconds I cannot pass traffic from SOMEPUB1, and no handshake occurs if SOMEPUB1 occurs last in the sequence of running wg set commands, it retains the allowed-ips configuration and it CAN pass traffic, so it seems only the last command run for me is valid for allowed-ips the host is running the following ii wireguard-dkms 0.0.20171111-wg1~zesty all fast, modern, secure kernel VPN tunnel (DKMS version) ii wireguard-tools 0.0.20171111-wg1~zesty amd64 fast, modern, secure kernel VPN tunnel (userland utilities) one of the peers is running the same, the other is a rasberry pi built from source snapshot as described on wireguard.com (WireGuard-0.0.20171111) Am I missing something or is there an issue with configuring 2 peers with 0.0.0.0/0 in this release? Thanks in advance --f4030438bd8049024f055dd42abe Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
When I run the following on a wireguard instance
wireguard@lists.zx2c4.com
=
=C2=A0 =C2=A0 w= g set wg0 peer *SOMEPUB1* allowed-ips 0.0.0.0/= 0 persistent-keepalive 25
=C2=A0 =C2=A0 wg set wg0 peer *SOME= PUB2* allowed-ips 0.0.0.0/0 persistent-kee= palive 25

only the last key gets set with an allow= ed-ips directive

interface: wg0
=C2= =A0 public key: *HOSTKEY*
=C2=A0 private key: (hidden)
= =C2=A0 listening port: 51820

peer: *SOMEPUB2*
=C2=A0 endpoint: *SOMEIP*:38568
=C2=A0 allowed ips: 0.0.0.0/0
=C2=A0 latest handshake: 1 mi= nute, 11 seconds ago
=C2=A0 transfer: 4.81 KiB received, 3.47 KiB= sent
=C2=A0 persistent keepalive: every 25 seconds
peer: *SOMEPUB1*
=C2=A0 endpoint: *SOMEIP*:36411
=C2=A0 allowed ips: (none)=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0#<<= This appears wrong
=C2=A0 latest handshake: 1 minute, 24 seconds= ago
=C2=A0 transfer: 44.05 KiB received, 47.68 KiB sent
=C2=A0 persistent keepalive: every 25 seconds

<= div>I cannot pass traffic from SOMEPUB1, and no handshake occurs
=
if SOMEPUB1 occurs last in the sequence of running wg set co= mmands, it retains the allowed-ips configuration and it CAN pass traffic, s= o it seems only the last command run for me is valid for allowed-ips
<= div>
the host is running the following=C2=A0
ii=C2=A0= wireguard-dkms=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 0.0.20171111-wg1~zesty=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 all=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 fast, modern, secure kernel VP= N tunnel (DKMS version)
ii=C2=A0 wireguard-tools=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A00.0.20171111-wg1= ~zesty=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 amd64=C2=A0 =C2=A0 =C2=A0 = =C2=A0 fast, modern, secure kernel VPN tunnel (userland utilities)

one of the peers is running the same, the other is a= rasberry pi built from source snapshot as described on wireguard.com (WireGuard-0.0.20171111)

Am I missing something or is there an issue with configuring 2 peers= with 0.0.0.0/0 in this release?

Thanks in advance


--f4030438bd8049024f055dd42abe--