Re: Getting wg(4) NetBSD server to work with WireGuard(R) macOS client

To: "Paul W. Rankin" <rnkn%rnkn.xyz@localhost>
Subject: Re: Getting wg(4) NetBSD server to work with WireGuard(R) macOS client
From: "J. Hannken-Illjes" <hannken%mailbox.org@localhost>
Date: Wed, 15 Jan 2025 10:50:02 +0100

Paul,

I don't see an utun interface with address 10.2.0.X on the macOS Side.  My macs with MacPorts wireguard have an interface like:

utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1420
	inet 172.16.254.244 --> 172.16.254.244 netmask 0xfffffff0

where 172.16.254.244 is the inside-tunnel address.

--
J. Hannken-Illjes - hannken%mailbox.org@localhost

> On 15. Jan 2025, at 10:31, Paul W. Rankin <rnkn%rnkn.xyz@localhost> wrote:
> 
> RVP <rvp%SDF.ORG@localhost> wrote:
>> On Tue, 14 Jan 2025, Paul W. Rankin wrote:
>> 
>>> I disabled the firewall entirely and saw no change. At least we can
>>> rule that out.
>>> 
>> 
>> OK, judging from the `vioif0' i/f name, the server is running in a VM, and
>> from the client i/f name you were doing the tcpdump on, utun4, plus the fact
>> that ICMP packets (pings) from the client were seen as UDP packets on the
>> server (this is what QEMU, for one, does when it's running unprivileged--it
>> doesn't have rootly powers, so it "compensates") , I would judge that the
>> client is running inside a VM too?
>> 
>> Can you show the output of `ifconfig -a' on both the server and client?
>> Have the VMs assigned a 10.x.x.x (again, std. for QEMU in some config.) to
>> the virtual i/f addresses?
>> 
>> If so, can you reassign the Wireguard addresses to some other range?
> 
> The server is a VM, the host uses KVM. The macOS client is not a VM,
> it's 100% pure Apple.
> 
> On the NetBSD server/VM:
> 
> # ifconfig -a
> vioif0: flags=0x8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> ec_capabilities=0x1<VLAN_MTU>
> ec_enabled=0
> address: 56:00:05:34:d7:f6
> status: active
> inet6 fe80::5400:5ff:fe34:d7f6%vioif0/64 flags 0 scopeid 0x1
> inet6 2001:19f0:5:34b4:43ba:2063:5ba4:b14d/64 flags 0x40<AUTOCONF>
> inet 64.176.222.118/23 broadcast 64.176.223.255 flags 0
> lo0: flags=0x8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33624
> status: active
> inet6 ::1/128 flags 0x20<NODAD>
> inet6 fe80::1%lo0/64 flags 0 scopeid 0x2
> inet 127.0.0.1/8 flags 0
> wg0: flags=0x8041<UP,RUNNING,MULTICAST> mtu 1420
> status: active
> inet6 fe80::1457:1bc8:34cf:69c0%wg0/64 flags 0 scopeid 0x3
> inet6 fd00:2::1/64 flags 0
> inet 10.2.0.1/24 flags 0
> 
> On the macOS client (with WireGuard up):
> 
> # ifconfig -a
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
> options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
> inet 127.0.0.1 netmask 0xff000000
> inet6 ::1 prefixlen 128 
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
> nd6 options=201<PERFORMNUD,DAD>
> gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
> stf0: flags=0<> mtu 1280
> anpi0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> options=400<CHANNEL_IO>
> ether 32:81:29:1a:04:10
> media: none
> status: inactive
> anpi1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> options=400<CHANNEL_IO>
> ether 32:81:29:1a:04:11
> media: none
> status: inactive
> en3: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> options=400<CHANNEL_IO>
> ether 32:81:29:1a:04:f0
> nd6 options=201<PERFORMNUD,DAD>
> media: none
> status: inactive
> en4: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> options=400<CHANNEL_IO>
> ether 32:81:29:1a:04:f1
> nd6 options=201<PERFORMNUD,DAD>
> media: none
> status: inactive
> en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> options=460<TSO4,TSO6,CHANNEL_IO>
> ether 36:72:48:7c:ca:40
> media: autoselect <full-duplex>
> status: inactive
> en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
> options=460<TSO4,TSO6,CHANNEL_IO>
> ether 36:72:48:7c:ca:44
> media: autoselect <full-duplex>
> status: inactive
> bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> options=63<RXCSUM,TXCSUM,TSO4,TSO6>
> ether 36:72:48:7c:ca:40
> Configuration:
> id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
> maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
> root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
> ipfilter disabled flags 0x0
> member: en1 flags=3<LEARNING,DISCOVER>
>        ifmaxaddr 0 port 8 priority 0 path cost 0
> member: en2 flags=3<LEARNING,DISCOVER>
>        ifmaxaddr 0 port 9 priority 0 path cost 0
> nd6 options=201<PERFORMNUD,DAD>
> media: <unknown type>
> status: inactive
> ap1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> options=6460<TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
> ether 52:91:5a:1a:42:6e
> nd6 options=201<PERFORMNUD,DAD>
> media: autoselect (none)
> status: inactive
> en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> options=6460<TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
> ether ca:99:92:43:3b:a2
> inet6 fe80::1ca6:590:f8a2:bef4%en0 prefixlen 64 secured scopeid 0xb 
> inet6 2001:8004:4441:9766:10d2:3653:5ef:b94d prefixlen 64 autoconf secured 
> inet6 2001:8004:4441:9766:fc9f:865:9605:fe57 prefixlen 64 autoconf temporary 
> inet 192.168.1.111 netmask 0xffffff00 broadcast 192.168.1.255
> nd6 options=201<PERFORMNUD,DAD>
> media: autoselect
> status: active
> utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
> inet6 fe80::e935:47f0:ab8f:346f%utun0 prefixlen 64 scopeid 0xd 
> nd6 options=201<PERFORMNUD,DAD>
> utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
> inet6 fe80::a7f7:6660:f35a:9eb4%utun1 prefixlen 64 scopeid 0xe 
> nd6 options=201<PERFORMNUD,DAD>
> awdl0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> options=6460<TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
> ether 2e:1b:ea:d8:46:aa
> inet6 fe80::2c1b:eaff:fed8:46aa%awdl0 prefixlen 64 scopeid 0xf 
> nd6 options=201<PERFORMNUD,DAD>
> media: autoselect
> status: active
> llw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> options=400<CHANNEL_IO>
> ether 2e:1b:ea:d8:46:aa
> inet6 fe80::2c1b:eaff:fed8:46aa%llw0 prefixlen 64 scopeid 0x10 
> nd6 options=201<PERFORMNUD,DAD>
> media: autoselect (none)
> utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
> inet6 fe80::d339:6b9b:7bce:8c12%utun2 prefixlen 64 scopeid 0x11 
> nd6 options=201<PERFORMNUD,DAD>
> utun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1000
> inet6 fe80::ce81:b1c:bd2c:69e%utun3 prefixlen 64 scopeid 0x12 
> nd6 options=201<PERFORMNUD,DAD>
> utun5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
> inet6 fe80::5368:e35c:6e05:aa2f%utun5 prefixlen 64 scopeid 0x14 
> nd6 options=201<PERFORMNUD,DAD>
> utun6: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
> inet6 fe80::812b:b59e:1e0f:eb87%utun6 prefixlen 64 scopeid 0x15 
> nd6 options=201<PERFORMNUD,DAD>

Follow-Ups:
- Re: Getting wg(4) NetBSD server to work with WireGuard(R) macOS client
  - From: Paul W . Rankin

References:
- Re: Getting wg(4) NetBSD server to work with WireGuard(R) macOS client
  - From: Paul W . Rankin
- Re: Getting wg(4) NetBSD server to work with WireGuard(R) macOS client
  - From: RVP
- Re: Getting wg(4) NetBSD server to work with WireGuard(R) macOS client
  - From: Greg Troxel
- Re: Getting wg(4) NetBSD server to work with WireGuard(R) macOS client
  - From: Paul W . Rankin
- Re: Getting wg(4) NetBSD server to work with WireGuard(R) macOS client
  - From: J. Hannken-Illjes
- Re: Getting wg(4) NetBSD server to work with WireGuard(R) macOS client
  - From: Paul W . Rankin
- Re: Getting wg(4) NetBSD server to work with WireGuard(R) macOS client
  - From: RVP
- Re: Getting wg(4) NetBSD server to work with WireGuard(R) macOS client
  - From: Paul W . Rankin
- Re: Getting wg(4) NetBSD server to work with WireGuard(R) macOS client
  - From: RVP
- Re: Getting wg(4) NetBSD server to work with WireGuard(R) macOS client
  - From: Paul W . Rankin
- Re: Getting wg(4) NetBSD server to work with WireGuard(R) macOS client
  - From: Christof Meerwald
- Re: Getting wg(4) NetBSD server to work with WireGuard(R) macOS client
  - From: Paul W . Rankin
- Re: Getting wg(4) NetBSD server to work with WireGuard(R) macOS client
  - From: RVP
- Re: Getting wg(4) NetBSD server to work with WireGuard(R) macOS client
  - From: Paul W . Rankin

Prev by Date: Re: Getting wg(4) NetBSD server to work with WireGuard(R) macOS client
Next by Date: Re: building rust with x.py from today's git ends in SIGSEGV
Previous by Thread: Re: Getting wg(4) NetBSD server to work with WireGuard(R) macOS client
Next by Thread: Re: Getting wg(4) NetBSD server to work with WireGuard(R) macOS client
Indexes:

Home | Main Index | Thread Index | Old Index