NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Getting wg(4) NetBSD server to work with WireGuard(R) macOS client

RVP <rvp%SDF.ORG@localhost> wrote:
> On Tue, 14 Jan 2025, Paul W. Rankin wrote:
> 
> >> From the NetBSD server...
> >
> > 	$ nc -ul 9443; echo $?
> > 	nc: Address already in use
> > 	1
> >
> 
> You'll have to stop wireguard first.

NetBSD server:

	$ ifconfig wg0 destroy

> > UDP works:
> >
> > 	$ nc -zu starbeastie.rnkn.xyz 9443; echo $?
> > 	Connection to starbeastie.rnkn.xyz port 9443 [udp/tungsten-https] succeeded!
> > 	0
> >
> 
> UDP's not a connection-oriented protocol, so you'll have to pass data to see
> if the connection works.

NetBSD server:

	$ nc -ul 9443
	hello world

macOS client:

	$ nc -u starbeastie.rnkn.xyz 9443
	hello world

UDP works!

> > TCP does not:
> >
> > 	$ nc -z starbeastie.rnkn.xyz 9443; echo $?
> > 	1
> >
> 
> No TCP server at the other end (and the UDP one didn't start/won't do).
> Run a TCP server with: nc -l 9443 (after stopping WG, of course).

I opened up TCP port 9443 on my hosting firewall (previously only UDP
was open) and:

NetBSD server:

	$ nc -l 9443
	hello world

macOS client:

	$ nc starbeastie.rnkn.xyz 9443
	hello world

TCP works!

Also I don't know if this is of note, but after configuring wg again
on the server, and starting the WireGuard client:

On the client:

	$ nc -u starbeastie.rnkn.xyz 9443
	hello

On the server:

	$ doas tcpdump -tn -i wg0 port 9443
	Password:
	tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
	listening on wg0, link-type NULL (BSD loopback), capture size 262144 bytes
	IP 10.2.0.42.50968 > 64.176.222.118.9443: UDP, length 6


With the TCP port open I can ping the server from the client with
WireGuard up:

	$ ping 10.2.0.1
	PING 10.2.0.1 (10.2.0.1): 56 data bytes
	64 bytes from 10.2.0.1: icmp_seq=0 ttl=255 time=326.084 ms
	64 bytes from 10.2.0.1: icmp_seq=1 ttl=255 time=354.826 ms
	64 bytes from 10.2.0.1: icmp_seq=2 ttl=255 time=425.718 ms
	64 bytes from 10.2.0.1: icmp_seq=3 ttl=255 time=357.604 ms
	64 bytes from 10.2.0.1: icmp_seq=4 ttl=255 time=336.651 ms
	64 bytes from 10.2.0.1: icmp_seq=5 ttl=255 time=379.865 ms
	^C
	--- 10.2.0.1 ping statistics ---
	7 packets transmitted, 6 packets received, 14.3% packet loss
	round-trip min/avg/max/stddev = 326.084/363.458/425.718/32.582 ms

Still nothing from Firefox/curl on the client though.
Home | Main Index | Thread Index | Old Index