Date: Thu, 21 Jan 2021 19:20:12 +0300 From: Vasily Postnicov <shamaz.mazum@gmail.com> To: freebsd-net@freebsd.org Subject: Re: New WireGuard kernel module does not work with mullvad VPN Message-ID: <CADnZ6BnH1WPmSJc8Uy1YDmaqc7fkxwk5kVSP87rtrj5oAre%2BDA@mail.gmail.com> In-Reply-To: <CADnZ6Bn6uq-sSgBU=n%2BNh4PZ8XV7vVt3JoyoZJ_DBdFWgYJWeg@mail.gmail.com> References: <CADnZ6Bn6uq-sSgBU=n%2BNh4PZ8XV7vVt3JoyoZJ_DBdFWgYJWeg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Aha!
My Public key derived from the private key does not match the key
mullvad VPN derives (they give me my generated private key):
root@vonbraun:~ # ifconfig wg0 create private-key
94krUfNiNdUwZoPwek2PlCDB92h1nbvmavggQbgrfM0=3D listen-port 5423
root@vonbraun:~ # ifconfig wg0
wg0: flags=3D8080a0<NOARP,MULTICAST> metric 0 mtu 1420
options=3D880000<LINKSTATE>
groups: wg
listen-port: 5423
private-key: 8IkrUfNiNdUwZoPwek2PlCDB92h1nbvmavggQbgrfE0=3D
public-key: FpuxfigYTk73RE4VwFV/2zbAc6sWxQkQWnShccOvvSc=3D
media: Ethernet autoselect (25GBase-ACC <full-duplex>)
status: active
nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Mullvad thinks the public key is izjBq6I7GRVaNOvO=E2=80=A6
I delete this key from my account now)
wireguard-go always displays the correct public key (corresponding
with what mullvad thinks)
=D1=87=D1=82, 21 =D1=8F=D0=BD=D0=B2. 2021 =D0=B3. =D0=B2 18:38, Vasily Post=
nicov <shamaz.mazum@gmail.com>:
>
> Hello. I try the new module and it does not seem to work for me. I use
> mullvad VPN and wireguard-go but want to replace wireguard-go with
> kernelspace implementation.
>
> A have the following configuration:
> [Interface]
> PrivateKey =3D <private-key>
> Address =3D 10.66.116.246/32,fc00:bbbb:bbbb:bb01::3:74f5/128
> DNS =3D 193.138.218.74
>
> [Peer]
> PublicKey =3D jJVG/lv7RikDG0FMsV3WJgfot5XecPm9aHDrYvU+NAM=3D
> AllowedIPs =3D 0.0.0.0/0,::0/0
> Endpoint =3D 86.107.21.34:51820
>
> So I try this (12345 is just a random port, I do not have it in the
> configuration):
> ifconfig wg0 create private-key <private-key> listen-port 12345
> ifconfig wg0 peer public-key <public-key> allowed-ips 0.0.0.0/0
> allowed-ips ::0/0 endpoint 86.107.21.34:51820
> ifconfig wg0 inet 10.66.116.246/32
> ifconfig wg0 inet6 fc00:bbbb:bbbb:bb01::3:74f5/128
>
> The interface goes up after "ifconfig wg0 inet" command.
> Then I add new routes just like wireguard-go does:
> route -q -n add -inet6 ::/1 -interface wg0
> route -q -n add -inet6 8000::/1 -interface wg0
> route -q -n add -inet 0.0.0.0/1 -interface wg0
> route -q -n add -inet 128.0.0.0/1 -interface wg0
> route -q -n add -inet 86.107.21.34 -gateway 192.168.20.1
>
> 192.168.20.1 is just my default gateway.
>
> I also set sysctl net.inet.ip.forwarding =3D 1 (some manual told so).
> Nothing works in the result, I can ping my gateway and the endpoint,
> but nothing else. Wireshark says there are "WireGuard Handshake
> Initiation" packages from re0 (my interface connected to the internet)
> to the endpoint, but no responses.
>
> What can be wrong?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADnZ6BnH1WPmSJc8Uy1YDmaqc7fkxwk5kVSP87rtrj5oAre%2BDA>