From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: svar@tutanota.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 6b7e7eba for ; Mon, 26 Feb 2018 15:47:53 +0000 (UTC) Received: from w1.tutanota.de (w1.tutanota.de [81.3.6.162]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id c8a84687 for ; Mon, 26 Feb 2018 15:47:53 +0000 (UTC) Received: from w1.tutanota.de (unknown [192.168.1.162]) by w1.tutanota.de (Postfix) with ESMTP id 00716FBA846 for ; Mon, 26 Feb 2018 15:56:14 +0000 (UTC) From: To: Message-ID: Subject: few wg peers over the same port in the main office? Cryptokey routing MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_2396_2138303936.1519660574982" List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Mon, 26 Feb 2018 15:47:56 -0000 ------=_Part_2396_2138303936.1519660574982 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable First of all a BIG thanks to developers for great job! There is a main office with WG running on Lede reboot (17.01.4) with ports = 51820 and 51821. Until I've two peers, one pointing to port 51820 and 2nd t= o 51821 everything worked fine. Now I want to add another one peer to have 3 remote peers in total. The que= stions is: should I open the new port for each remote peer to connect? It's how wg wor= ks? How to run few tunnels/peers on the same port 51820 for example? Does C= ryptokey routing can work in this way over one port only instead opening th= ird one 51822? As If I try to use the same port for two peers, the 2nd peer for the same p= ort will not create interface. See evidence bellow. Once ifconfig brings T1 interface up (listening on 51820 port), the TU inte= rface can't be raised up as it listens on the same port 51820.=20 # Lede reboot (17.01.4) root@OpenWrt:~# wg interface: T1 =C2=A0 public key: =C2=A0 listening port: 51820 peer: =C2=A0 endpoint: x.x.13.235:56649 =C2=A0 allowed ips: p.p.5.0/24 =C2=A0 latest handshake: 45 seconds ago =C2=A0 transfer: 150.31 KiB received, 286.11 KiB sent interface: RA =C2=A0 public key: =C2=A0 private key: (hidden) =C2=A0 listening port: 51821 peer: =C2=A0 endpoint: x.x.125.213:51820 =C2=A0 allowed ips: p.p.30.0/24, 10.1.1.16/30 =C2=A0 latest handshake: 54 seconds ago =C2=A0 transfer: 285.81 KiB received, 14.89 KiB sent interface: TU =C2=A0 public key: =C2=A0 private key: (hidden) =C2=A0 listening port: 51820=C2=A0 # If I use THE SAME as for T1 interface,= it won't start. How to solve this? peer: =C2=A0 endpoint: x.x.147.136:51820 =C2=A0 allowed ips: p.p.57.0/24, 10.2.1.32/30 With p - rfc1918 private address space address is marked (local addresses) Mon Feb 26 15:28:57 2018 daemon.notice netifd: Interface 'T' is now up Mon Feb 26 15:28:57 2018 daemon.notice netifd: Network device 'T' link is u= p Mon Feb 26 15:28:57 2018 daemon.notice netifd: Interface 'RA' is now up Mon Feb 26 15:28:57 2018 daemon.notice netifd: Network device 'RA' link is = up Mon Feb 26 15:28:57 2018 daemon.notice netifd: Interface 'TU' is now down Mon Feb 26 15:28:58 2018 daemon.notice netifd: Interface 'TU' is setting up= now Mon Feb 26 15:28:58 2018 daemon.notice netifd: Interface 'wan' is now up Mon Feb 26 15:28:59 2018 kern.err kernel: [1972650.446719] wireguard: TU: C= ould not create IPv4 socket Mon Feb 26 15:28:59 2018 daemon.notice netifd: Interface 'TU' is now up root@OpenWrt:~# ifconfig RA=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Link encap:UNSPEC=C2=A0 HWaddr= 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 inet addr:10.1.1.16= =C2=A0 P-t-P:10.1.1.16=C2=A0 Mask:255.255.255.252 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 UP POINTOPOINT RUNNI= NG NOARP=C2=A0 MTU:1420=C2=A0 Metric:1 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 RX packets:3 errors:= 0 dropped:0 overruns:0 frame:0 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 TX packets:3 errors:= 0 dropped:0 overruns:0 carrier:0 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 collisions:0 txqueue= len:1 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 RX bytes:444 (444.0 = B)=C2=A0 TX bytes:612 (612.0 B) T1=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Link encap:UNSPEC=C2=A0 HWaddr= 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 UP POINTOPOINT RUNNI= NG NOARP=C2=A0 MTU:1420=C2=A0 Metric:1 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 RX packets:312 error= s:0 dropped:0 overruns:0 frame:0 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 TX packets:312 error= s:0 dropped:0 overruns:0 carrier:0 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 collisions:0 txqueue= len:1 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 RX bytes:26400 (25.7= KiB)=C2=A0 TX bytes:40164 (39.2 KiB) Where is TU interface? Or it can't be raised because it listens on the same= port 51820 as T1 tunnel? Thanks You! ------=_Part_2396_2138303936.1519660574982 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable First of all a BIG thanks to developers for great job!

There is = a main office with WG running on Lede reboot (17.01.4) with ports 51820 and= 51821. Until I've two peers, one pointing to port 51820 and 2nd to 51821 e= verything worked fine.
Now I want to add another one peer to have 3 re= mote peers in total. The questions is:
should I open the new port for = each remote peer to connect? It's how wg works? How to run few tunnels/peer= s on the same port 51820 for example? Does Cryptokey routing can work in th= is way over one port only instead opening third one 51822?

As If= I try to use the same port for two peers, the 2nd peer for the same port w= ill not create interface. See evidence bellow.
Once ifconfig brings T1= interface up (listening on 51820 port), the TU interface can't be raised u= p as it listens on the same port 51820.

# Lede reboot (17.01.4)=
root@OpenWrt:~# wg
interface: T1
  public key: <del= eted1>
  listening port: 51820

peer: <deleted2&g= t;
  endpoint: x.x.13.235:56649
  allowed ips: p.p.5.0/= 24
  latest handshake: 45 seconds ago
  transfer: 150.3= 1 KiB received, 286.11 KiB sent

interface: RA
  public= key: <deleted3>
  private key: (hidden)
  listen= ing port: 51821

peer: <deleted4>
  endpoint: x.x= .125.213:51820
  allowed ips: p.p.30.0/24, 10.1.1.16/30
&nbs= p; latest handshake: 54 seconds ago
  transfer: 285.81 KiB receiv= ed, 14.89 KiB sent

interface: TU
  public key: <del= eted5>
  private key: (hidden)
  listening port: 518= 20  # If I use THE SAME as for T1 interface, it won't start. How to so= lve this?
peer: <deleted6>
  endpoint: x.x.147.136:518= 20
  allowed ips: p.p.57.0/24, 10.2.1.32/30

With p - r= fc1918 private address space address is marked (local addresses)


Mon Feb 26 15:28:57 2018 daemon.notice netifd: Interface 'T' is now = up
Mon Feb 26 15:28:57 2018 daemon.notice netifd: Network device 'T' l= ink is up
Mon Feb 26 15:28:57 2018 daemon.notice netifd: Interface 'RA= ' is now up
Mon Feb 26 15:28:57 2018 daemon.notice netifd: Network dev= ice 'RA' link is up
Mon Feb 26 15:28:57 2018 daemon.notice netifd: Int= erface 'TU' is now down
Mon Feb 26 15:28:58 2018 daemon.notice netifd:= Interface 'TU' is setting up now
Mon Feb 26 15:28:58 2018 daemon.noti= ce netifd: Interface 'wan' is now up
Mon Feb 26 15:28:59 2018 kern.err= kernel: [1972650.446719] wireguard: TU: Could not create IPv4 socket
= Mon Feb 26 15:28:59 2018 daemon.notice netifd: Interface 'TU' is now up

root@OpenWrt:~# ifconfig
RA      = ;  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-= 00-00-00-00
          ine= t addr:10.1.1.16  P-t-P:10.1.1.16  Mask:255.255.255.252
&nbs= p;         UP POINTOPOINT RUNNING N= OARP  MTU:1420  Metric:1
      = ;    RX packets:3 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3 errors= :0 dropped:0 overruns:0 carrier:0
      =     collisions:0 txqueuelen:1
    &= nbsp;     RX bytes:444 (444.0 B)  TX bytes:612 (61= 2.0 B)

T1        Link encap:U= NSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
&nb= sp;         UP POINTOPOINT RUNNING = NOARP  MTU:1420  Metric:1
     &nbs= p;    RX packets:312 errors:0 dropped:0 overruns:0 frame:0          TX packets:312 e= rrors:0 dropped:0 overruns:0 carrier:0
     &= nbsp;    collisions:0 txqueuelen:1
   &n= bsp;      RX bytes:26400 (25.7 KiB)  TX bytes= :40164 (39.2 KiB)

Where is TU interface? Or it can't be raised b= ecause it listens on the same port 51820 as T1 tunnel?

Thanks Yo= u!







------=_Part_2396_2138303936.1519660574982--