Ubuntu client OpenBSD server

Ubuntu client OpenBSD server

[Chris Eidem]

I have a Wireguard server set up on an OpenBSD 6.9 server with OpenBSD,
Android, iOS and Ubuntu clients. All clients are connecting, although
the Ubuntu clients only work when the PSK is not enabled in the wg0.conf
file. Has anyone else seen this behavior? Is there any information I
could provide to help figure out why the PSK isn't working on my Linux
clients?

I don't know if wg uses the system's TLS libraries, but if so, I suspect
that the fact gnutls and libressl don't play well together may have
something to do with it. But, that is a guess pulled from my fundament...

   - chris

Re: Ubuntu client OpenBSD server

[Marios Makassikis]

On Mon, Nov 29, 2021 at 4:45 PM Chris Eidem <ceidem@ceidem.com> wrote:
>
> I have a Wireguard server set up on an OpenBSD 6.9 server with OpenBSD,
> Android, iOS and Ubuntu clients. All clients are connecting, although
> the Ubuntu clients only work when the PSK is not enabled in the wg0.conf
> file. Has anyone else seen this behavior? Is there any information I
> could provide to help figure out why the PSK isn't working on my Linux
> clients?
>
> I don't know if wg uses the system's TLS libraries, but if so, I suspect
> that the fact gnutls and libressl don't play well together may have
> something to do with it. But, that is a guess pulled from my fundament...
>
>    - chris
>

wg doesn't use TLS libraries at all, so the issue is somewhere else.
Have you checked that the PSK is the same on both ends ?

Which kernel version are you using ?

Enabling debug logs on both ends may shed some light on what is
going on. On OpenBSD, enable using the command:
  ifconfig wgX debug
To disable:
  ifconfig wgX -debug

On Ubuntu, enable using:
  echo 'module wireguard +p' > /sys/kernel/debug/dynamic_debug/control

and disable with:
  echo 'module wireguard -p' > /sys/kernel/debug/dynamic_debug/control