From owner-freebsd-net@freebsd.org Thu Jan 21 15:38:26 2021 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id ADF744F789E for ; Thu, 21 Jan 2021 15:38:26 +0000 (UTC) (envelope-from shamaz.mazum@gmail.com) Received: from mail-oi1-x22a.google.com (mail-oi1-x22a.google.com [IPv6:2607:f8b0:4864:20::22a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DM6421Cvyz4XSt for ; Thu, 21 Jan 2021 15:38:26 +0000 (UTC) (envelope-from shamaz.mazum@gmail.com) Received: by mail-oi1-x22a.google.com with SMTP id w124so2535919oia.6 for ; Thu, 21 Jan 2021 07:38:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=cfiw258+JUK5KaOl6fM/PR5BTs3wqwFzW93RDznk+wA=; b=fBgt6Ljj8nCMMciudV3EK+DChBQuRRl985axMKDIjIcWVPy95DF5y72hARP16OCfSa 8A5u23eXCTgUrv07pdFVIaFUb9hWtJqh9u3DbYfXCr3ZNOEcCPXEhNsqQ7xDKx7nNgpX gh2uCBAuunDdplOLt7cEm+I2l+XBClubex437EYJCRu012tGKTo8zIe3IVHlWmwPwPLM 5wrqDFJ7B5fdo4jxapRoRWJWLsIhA8s+wh7mUHdfylrzKQv/rrKe6Nfthu2rsqMSUMbp GHjdvi4fhNns2efIdGVkXCq+xpJwGZOm4sDdfWtE+yEwHSEZnTHeKZEsGmSSU1jaKpnn L7xA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=cfiw258+JUK5KaOl6fM/PR5BTs3wqwFzW93RDznk+wA=; b=uNUv9QuKhLHhkb2UOaC4VJyWZbRGNZo8SWgbvtbTQLebrY7g87INzOPGvGNKfEF3LU eTFgBk0ObIfismcuL/8hYFyFW31Y3+MovP9DUQ0jphDdF2OuJOvkqUnB7LpmC7UC39eY ig2nKKEbTcbZKP6VDJWXWaLbiW//Wrp/sSsWtKF39gCAFald9jX3tZ4cDQ3jK/DsSkBi agYS3rol5YYSwQEypRfLCWtgepLPwpzdVVcZIsT5U4O9sHnrsB40sueVZ+otGzzY6Mmn bn0t2B5jRGkcDT3vzjx76WcT6RbZ5DoI5RTBUPzsQ+VP08n2iwG8fqiYrjYB/V3JkHo+ Ywqw== X-Gm-Message-State: AOAM532/cYREVyrgg1wOLJVE3/33Y8/042sOeshR4U+i+OS9OpuI/1tn UqGbLwxtNUwUoh8FtwHaZ71Y5mL7h/FnP6BFrnqWftyWard/7Q== X-Google-Smtp-Source: ABdhPJwoNJAeNK1sW4hymRzcKdlD19av8N+jT67nuzMMBD/JE//RFOQETbDvmeMUP30PDocHL71luOEZziEjA/3V4b4= X-Received: by 2002:aca:4f4d:: with SMTP id d74mr106927oib.21.1611243504575; Thu, 21 Jan 2021 07:38:24 -0800 (PST) MIME-Version: 1.0 From: Vasily Postnicov Date: Thu, 21 Jan 2021 18:38:14 +0300 Message-ID: Subject: New WireGuard kernel module does not work with mullvad VPN To: freebsd-net@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4DM6421Cvyz4XSt X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=fBgt6Ljj; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of shamazmazum@gmail.com designates 2607:f8b0:4864:20::22a as permitted sender) smtp.mailfrom=shamazmazum@gmail.com X-Spamd-Result: default: False [-2.01 / 15.00]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::22a:from]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::22a:from:127.0.2.255]; NEURAL_SPAM_SHORT(0.99)[0.987]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::22a:from]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-net] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jan 2021 15:38:26 -0000 Hello. I try the new module and it does not seem to work for me. I use mullvad VPN and wireguard-go but want to replace wireguard-go with kernelspace implementation. A have the following configuration: [Interface] PrivateKey = Address = 10.66.116.246/32,fc00:bbbb:bbbb:bb01::3:74f5/128 DNS = 193.138.218.74 [Peer] PublicKey = jJVG/lv7RikDG0FMsV3WJgfot5XecPm9aHDrYvU+NAM= AllowedIPs = 0.0.0.0/0,::0/0 Endpoint = 86.107.21.34:51820 So I try this (12345 is just a random port, I do not have it in the configuration): ifconfig wg0 create private-key listen-port 12345 ifconfig wg0 peer public-key allowed-ips 0.0.0.0/0 allowed-ips ::0/0 endpoint 86.107.21.34:51820 ifconfig wg0 inet 10.66.116.246/32 ifconfig wg0 inet6 fc00:bbbb:bbbb:bb01::3:74f5/128 The interface goes up after "ifconfig wg0 inet" command. Then I add new routes just like wireguard-go does: route -q -n add -inet6 ::/1 -interface wg0 route -q -n add -inet6 8000::/1 -interface wg0 route -q -n add -inet 0.0.0.0/1 -interface wg0 route -q -n add -inet 128.0.0.0/1 -interface wg0 route -q -n add -inet 86.107.21.34 -gateway 192.168.20.1 192.168.20.1 is just my default gateway. I also set sysctl net.inet.ip.forwarding = 1 (some manual told so). Nothing works in the result, I can ping my gateway and the endpoint, but nothing else. Wireshark says there are "WireGuard Handshake Initiation" packages from re0 (my interface connected to the internet) to the endpoint, but no responses. What can be wrong?