NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
bin/58016: wg-userspace(8) requires explicit route setup
>Number: 58016
>Category: bin
>Synopsis: wg-userspace(8) requires explicit route setup
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Mar 09 12:30:01 +0000 2024
>Originator: Taylor R Campbell
>Release: current, 10
>Organization:
The NotWG Configuration
>Environment:
>Description:
Setting up wg-userspace(8) with an IPv4 address seems to require creating an explicit route.
Setting up wg-userspace(8) with an IPv6 address ends up with the necessary route out of the box.
>How-To-Repeat:
Set up a wg(4) instance with wg-userspace(8), having both IPv4 and IPv6 addresses:
# (umask 0077; wg-keygen | tee wg.key | wg-keygen --pub >wg.pub)
# wg-userspace 0 create
# wg-userspace 0 wgconfig wg0 set private-key wg.key
# wg-userspace 0 wgconfig wg0 add peer mypeer "...pubkey..." --endpoint=192.0.2.86:51820 --allowed-ips=10.1.0.1/32,fd01::1/128
# wg-userspace 0 ifconfig wg0 inet 10.1.0.2/24
# wg-userspace 0 ifconfig wg0 inet6 fd01::2/64
# wg-userspace 0 ifconfig wg0 up
# wg-userspace 0 ifconfig wg0
wg0: flags=0x8041<UP,RUNNING,MULTICAST> mtu 1420
status: active
inet6 fe80::b431:bed4:662e:e17c%wg0/64 flags 0 scopeid 0x2
inet6 fd01::2/64 flags 0
inet 10.1.0.2/24 flags 0
# ifconfig tun0
tun0: flags=0x51<UP,POINTOPOINT,RUNNING> mtu 1500
status: active
inet6 fd01::2/64 -> flags 0
inet 10.1.0.2/24 -> flags 0
For some reason, packets destined for the wg IPv4 subnet are still routed by the default route:
# route -n get 10.1.0.1
route to: 10.1.0.1
destination: default
mask: default
gateway: 192.168.1.1
local addr: 192.168.1.123
interface: iwm0
flags: 0x843<UP,GATEWAY,DONE,STATIC>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 0 0
But packets destined for the wg IPv6 subnet are routed correctly out of the box through tun0:
# route -n get -inet6 fd01::1
route to: fd01::1
destination: fd01::
mask: ffff:ffff:ffff:ffff::
local addr: fd01::2
interface: tun0
flags: 0x141<UP,DONE,CONNECTED>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire
0 0 0 0 0 0 0 0
Full routing table:
# route -n show -inet
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Interface
default 192.168.1.1 UGS - - - iwm0
127/8 127.0.0.1 UGRS - - 33624 lo0
127.0.0.1 lo0 UHl - - 33624 lo0
127.0.1.0 lo0 UHl - - 33624 lo0
127.0.1.1 lo0 UHl - - 33624 lo0
127.0.1.2 lo0 UHl - - 33624 lo0
127.0.1.3 lo0 UHl - - 33624 lo0
192.168.1/24 link#3 UC - - - iwm0
192.168.1.123 link#3 UHl - - - lo0
192.168.1.1 xx:xx:xx:xx:xx:xx UHL - - - iwm0
# route -n show -inet6
Routing tables
Internet6:
Destination Gateway Flags Refs Use Mtu Interface
::/96 ::1 UGRS - - 33624 lo0
default fe80::xxxx:xxff:fexx:xxxx UGS - - 1500 iwm0
::1 lo0 UHl - - 33624 lo0
::127.0.0.0/104 ::1 UGRS - - 33624 lo0
::224.0.0.0/100 ::1 UGRS - - 33624 lo0
::255.0.0.0/104 ::1 UGRS - - 33624 lo0
::ffff:0.0.0.0/96 ::1 UGRS - - 33624 lo0
2001:db8::/32 ::1 UGRS - - 33624 lo0
2002::/24 ::1 UGRS - - 33624 lo0
2002:7f00::/24 ::1 UGRS - - 33624 lo0
2002:e000::/20 ::1 UGRS - - 33624 lo0
2002:ff00::/24 ::1 UGRS - - 33624 lo0
2xxx:xxxx:xxxx:xxxx::/64 link#3 UCS - - 1500 iwm0
2xxx:xxxx:xxxx:xxxx::123 link#3 UHl - - - lo0
2xxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx link#3 UHl - - - lo0
fd00::/64 link#3 UCS - - 1500 iwm0
fd00::123 link#3 UHl - - - lo0
fd00::xxxx:xxxx:xxxx:xxxx link#3 UHl - - - lo0
fd01::/64 fd01::2 UC - - - tun0
fd01::2 tun0 UHl - - - lo0
fe80::/10 ::1 UGRS - - 33624 lo0
fe80::%lo0/64 fe80::1 U - - - lo0
fe80::1 lo0 UHl - - - lo0
fe80::%iwm0/64 link#3 UC - - - iwm0
fe80::xxxx:xxxx:xxxx:xxxx link#3 UHl - - - lo0
ff01:2::/32 ::1 UC - - 33624 lo0
ff01:3::/32 link#3 UC - - - iwm0
ff02::%lo0/32 ::1 UC - - 33624 lo0
ff02::%iwm0/32 link#3 UC - - - iwm0
fe80::xxxx:xxff:fexx:xxxx xx:xx:xx:xx:xx:xx UHL - - - iwm0
>Fix:
Yes, please!
Unclear if this is really a wg-userspace(8) issue or a tun(4) issue.
Home |
Main Index |
Thread Index |
Old Index