<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body smarttemplateinserted="true">
<div id="smartTemplate4-quoteHeader">
<div style="font-size:10.0pt;font-family:Verdana,Arial">First of
all, check if the server receives the handshake with: <font
face="Courier New">sudo wg show wg0 help</font> (you'll see
all available options). Start with <font face="Courier New">latest-handshakes</font>
and <font face="Courier New">endpoints</font>. If the server
sees the client in the endpoints and its latest handshake time
updates accordingly, then the tunnel is working.<br>
<br>
Then check the routes. When you do <font face="Courier New">sudo
wg-quick up wg0</font>, what's the output? Are the routes
created? What's the output of <font face="Courier New">ip rule
show</font> and <font face="Courier New">ip route show table
all</font>? If you specify on the client <font face="Courier
New">AllowedIPs = 0.0.0.0/0</font>, then wg-quick creates all
needed routes automatically. If not, you'll have to create them
manually. Check the man pages:
<a class="moz-txt-link-freetext" href="https://git.zx2c4.com/WireGuard/about/src/tools/man/wg-quick.8">https://git.zx2c4.com/WireGuard/about/src/tools/man/wg-quick.8</a>
and <a class="moz-txt-link-freetext" href="https://git.zx2c4.com/WireGuard/about/src/tools/man/wg.8">https://git.zx2c4.com/WireGuard/about/src/tools/man/wg.8</a>.<br>
<br>
Try to see what's the route to the desired destination with: <font
face="Courier New">ip -s route get <IP></font>.<br>
<br>
</div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm
0cm;font-size:10.0pt;font-family:"Tahoma","sans-serif""><b>From:</b>
Wojtek Swiatek <a class="moz-txt-link-rfc2396E" href="mailto:w@swtk.info"><w@swtk.info></a><br>
<b>Sent:</b> Tuesday, February 26, 2019 06:59<br>
<b>To:</b> Wireguard Mailing List
<a class="moz-txt-link-rfc2396E" href="mailto:wireguard@lists.zx2c4.com"><wireguard@lists.zx2c4.com></a><br>
<b>Subject:</b> How to debug wireguard on the server?<br>
</div>
<br>
</div>
<div class="replaced-blockquote"
cite="mid:CAPRYYOZY_fPDkQyebrY6vu7CTvzHoniHyhiZwNHLS6zfgk5JQg@mail.gmail.com"
type="cite">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">Hello everyone
<div><br>
</div>
<div>I am trying to set up wireguard on a Linux server
(Ubuntu 18.04) and I am having some issues. The
configuration of the server:</div>
<div><br>
</div>
<div>
<div>[Interface]</div>
<div>Address = <a href="http://192.168.20.1/24"
moz-do-not-send="true">192.168.20.1/24</a></div>
<div>ListenPort = 51820</div>
<div>PrivateKey = UbuntuPrivateKey</div>
<div><br>
</div>
<div># the laptop I want to connect from</div>
<div>[Peer]</div>
<div># this public key is derived from the laptop's
private key LaptopPrivateKey</div>
<div>PublicKey =
kExj276RLpqCZoDdOYHiq4FQHKA94y0eY1W/ptvT2y4=</div>
<div>AllowedIPs = <a href="http://192.168.20.0/24"
moz-do-not-send="true">192.168.20.0/24</a></div>
</div>
<div><br>
</div>
<div>Bringing up the wg0 interface via wg-quick is OK:</div>
<div><br>
</div>
<div>
<div>root@srv ~# wg</div>
<div>interface: wg0</div>
<div> public key:
A7MreEBC3maH305tVrU0HEoQrBhy+An6KlvZ+z9KFRA=</div>
<div> private key: (hidden)</div>
<div> listening port: 51820</div>
<div><br>
</div>
<div>peer:
kExj276RLpqCZoDdOYHiq4FQHKA94y0eY1W/ptvT2y4=</div>
<div> allowed ips: <a href="http://192.168.20.0/24"
moz-do-not-send="true">192.168.20.0/24</a></div>
</div>
<div><br>
</div>
<div>I have a client peer configured as well:</div>
<div><br>
</div>
<div>
<div>[Interface]</div>
<div>Address = <a href="http://192.168.20.2/24"
moz-do-not-send="true">192.168.20.2/24</a></div>
<div>ListenPort = 51820</div>
<div>PrivateKey = LaptopPrivateKey</div>
<div><br>
</div>
<div># the server I want to connect to</div>
<div>[Peer]</div>
<div># this public key is derived from the server's
private key UbuntuPrivateKey</div>
<div>PublicKey =
A7MreEBC3maH305tVrU0HEoQrBhy+An6KlvZ+z9KFRA=</div>
<div>AllowedIPs = <a href="http://192.168.20.0/24"
moz-do-not-send="true">192.168.20.0/24</a></div>
<div># Address of the server</div>
<div>Endpoint = <a
href="http://wireguard.example.com:51820"
moz-do-not-send="true">wireguard.example.com:51820</a></div>
<div># Send periodic keepalives to ensure connection
stays up behind NAT.</div>
<div>PersistentKeepalive = 25</div>
</div>
<div><br>
</div>
<div>When connecting from the client, I see handshake
packets leaving it, and arriving on the server - on
its external interface:</div>
<div><br>
</div>
<div>
<div>root@srv ~# tcpdump -i eth0 port 51820 -vvv -X</div>
<div>tcpdump: listening on br0, link-type EN10MB
(Ethernet), capture size 262144 bytes</div>
<div>10:35:29.386976 IP (tos 0x0, ttl 115, id 17333,
offset 0, flags [none], proto UDP (17), length 176)</div>
<div> 91-244-238-14.rev.ltt.li.59958 >
srv.swtk.info.51820: [udp sum ok] UDP, length 148</div>
<div> 0x0000: 4500 00b0 43b5 0000 7311 eeda
5bf4 ee0e E...C...s...[...</div>
<div> 0x0010: c0a8 0a02 ea36 ca6c 009c 98e7
0100 0000 .....6.l........</div>
<div> 0x0020: ac50 0f85 6ead 67f6 2c38 4b74
43c4 6388 .P..n.g.,8KtC.c.</div>
<div> 0x0030: f594 1886 6699 f439 183e ad2b
0e02 4e13 ....f..9.>.+..N.</div>
<div> 0x0040: c1a8 d14a f1c6 8d13 1f98 8c2c
6cfd dbf6 ...J.......,l...</div>
<div> 0x0050: 9f2f 8d35 9073 bad1 ddd7 927e
0552 aadf ./.5.s.....~.R..</div>
</div>
<div><br>
</div>
<div>The same tcpdump command ran against wg0 does not
show any traffic (but maybe this is normal?)</div>
<div><br>
</div>
<div>The client keeps on sending handshake packets.</div>
<div><br>
</div>
<div>Q1: is there anything I should do in order for the
packets to reach wg0, or do they reach it but I just
do not see that with tcpdump (sorry, I am not well
versed with virtual interfaces)</div>
<div>Q2: if there is nothing more to do than a wg-quick,
is there a way to debug the server to understand what
happens with this handshake packet (= it is rejected
because ...)</div>
<div><br>
</div>
<div>Thanks!</div>
<div><br>
</div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
WireGuard mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WireGuard@lists.zx2c4.com">WireGuard@lists.zx2c4.com</a>
<a class="moz-txt-link-freetext" href="https://lists.zx2c4.com/mailman/listinfo/wireguard">https://lists.zx2c4.com/mailman/listinfo/wireguard</a>
</pre>
</div>
<br>
</body>
</html>