<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    As a follow up, wireguard-tools v1.0.20200102 also has the issue.<br>
    <br>
    I did think of updating nftables to the latest, but that then
    started dragging in too many other updated dependencies I wasn't
    comfortable with.  So, as nftables currently isn't used on Slack, I
    renamed the binary so that wg-quick wouldn't find it, which allowed
    the connection to be made.<br>
    <br>
    Now all I need do is work out why the handshakes between client and
    server are working, but traffic doesn't flow.<br>
    <br>
    Cheers.<br>
    <br>
    <br>
    <div class="moz-cite-prefix">On 1/2/2020 12:04 AM, Eddie wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:b1fa4bed-d9cd-d20e-2037-9794f1a53185@attglobal.net">
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      Not sure if this helps, or not.  But this is the relevant part
      from a bash trace:<br>
      <br>
      <tt>+ cmd nft -f /dev/fd/63</tt><tt><br>
      </tt><tt>+ echo '[#] nft -f /dev/fd/63'</tt><tt><br>
      </tt><tt>[#] nft -f /dev/fd/63</tt><tt><br>
      </tt><tt>+ nft -f /dev/fd/63</tt><tt><br>
      </tt><tt>++ echo -n 'add table ip wg-quick-wg0</tt><tt><br>
      </tt><tt>add chain ip wg-quick-wg0 preraw { type filter hook
        prerouting priority -300; }</tt><tt><br>
      </tt><tt>add chain ip wg-quick-wg0 premangle { type filter hook
        prerouting priority -150; }</tt><tt><br>
      </tt><tt>add chain ip wg-quick-wg0 postmangle { type filter hook
        postrouting priority -150; }</tt><tt><br>
      </tt><tt>add rule ip wg-quick-wg0 preraw iifname != wg0 ip daddr
        192.168.150.14 fib saddr type != local drop</tt><tt><br>
      </tt><tt>add rule ip wg-quick-wg0 postmangle meta l4proto udp mark
        51820 ct mark set mark</tt><tt><br>
      </tt><tt>add rule ip wg-quick-wg0 premangle meta l4proto udp meta
        mark set ct mark</tt><tt><br>
      </tt><tt>'</tt><tt><br>
      </tt><tt>/dev/fd/63:5:76-80: Error: syntax error, unexpected saddr</tt><tt><br>
      </tt><tt><br>
      </tt><tt>                                                                          
        ^^^^^</tt><br>
      Cheers.<br>
      <br>
      <br>
      <div class="moz-cite-prefix">On 1/1/2020 11:34 PM, Eddie wrote:<br>
      </div>
      <blockquote type="cite"
        cite="mid:3d6ae658-2184-5da2-ddaa-c4060419bee5@attglobal.net">
        <meta http-equiv="Content-Type" content="text/html;
          charset=UTF-8">
        Ha.  Even older:<br>
        <br>
        root@The-Tardis:~# nft -v<br>
        nftables v0.6 (Support Edward Snowden)<br>
        <br>
        <br>
        And in reply to a couple of off-list messages:<br>
        <br>
        wireguard-tools-1.0.20191226<br>
        <br>
        There are different reasons for using different VPNs.  Can you
        really "totally" trust the one that you're using.<br>
        <br>
        Cheers.<br>
        <br>
        <br>
        <br>
        <div class="moz-cite-prefix">On 1/1/2020 10:22 PM, Edward
          Vielmetti wrote:<br>
        </div>
        <blockquote type="cite"
cite="mid:CAPRZce10tz0KgBUMFcHj09WDvUF_ygpMBQckB-Nebnjk52479g@mail.gmail.com">
          <meta http-equiv="content-type" content="text/html;
            charset=UTF-8">
          <div dir="ltr">Eddie - what version of nftables does Slackware
            come with? The output of `nft -v` should be helpful.
            <div><br>
            </div>
            <div>There is a report from stackexchange that nftables at
              0.7 gives this error, but at 0.8.1 or better it's OK. I
              was not easily able to verify that from the source code,
              but it would be where I'd start to look. There was </div>
            <div><br>
            </div>
            <div>The nftables 0.8.1 release notes (from 2018) are here: <a
                href="https://lwn.net/Articles/744480/"
                moz-do-not-send="true">https://lwn.net/Articles/744480/</a> and
              it points to new syntax in this release.</div>
            <div><br>
            </div>
            <div>good luck!</div>
            <div><br>
            </div>
            <div>Ed</div>
          </div>
          <br>
          <div class="gmail_quote">
            <div dir="ltr" class="gmail_attr">On Thu, Jan 2, 2020 at
              12:27 AM Eddie <<a href="mailto:stunnel@attglobal.net"
                moz-do-not-send="true">stunnel@attglobal.net</a>>
              wrote:<br>
            </div>
            <blockquote class="gmail_quote" style="margin:0px 0px 0px
              0.8ex;border-left:1px solid
              rgb(204,204,204);padding-left:1ex">First time running
              wireguard as a native client on my Slackware 14.2 <br>
              system throws this:<br>
              <br>
              root@The-Tardis:~# wg-quick up wg0<br>
              [#] ip link add wg0 type wireguard<br>
              [#] wg setconf wg0 /dev/fd/63<br>
              [#] ip -4 address add <a href="http://192.168.150.14/32"
                rel="noreferrer" target="_blank" moz-do-not-send="true">192.168.150.14/32</a>
              dev wg0<br>
              [#] ip link set mtu 1420 up dev wg0<br>
              [#] wg set wg0 fwmark 51820<br>
              [#] ip -4 route add <a href="http://0.0.0.0/0"
                rel="noreferrer" target="_blank" moz-do-not-send="true">0.0.0.0/0</a>
              dev wg0 table 51820<br>
              [#] ip -4 rule add not fwmark 51820 table 51820<br>
              [#] ip -4 rule add table main suppress_prefixlength 0<br>
              [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1<br>
              [#] nft -f /dev/fd/63<br>
              /dev/fd/63:5:76-80: Error: syntax error, unexpected saddr<br>
              <br>
              Fairly simple config to connect to my VPS:<br>
              <br>
              [Interface]<br>
              Address = <a href="http://192.168.150.14/32"
                rel="noreferrer" target="_blank" moz-do-not-send="true">192.168.150.14/32</a><br>
              PrivateKey = <Not the key you're looking for><br>
              <br>
              [Peer]<br>
              PublicKey = <Just being overly paranoid><br>
              Endpoint = <a class="moz-txt-link-abbreviated"
                href="http://www.xxx.yyy.zzz:51820"
                moz-do-not-send="true">www.xxx.yyy.zzz:51820</a><br>
              AllowedIPs = <a href="http://0.0.0.0/0" rel="noreferrer"
                target="_blank" moz-do-not-send="true">0.0.0.0/0</a><br>
              <br>
              Not sure what additional information you need collected at
              this point.<br>
              <br>
              I'm able to connect outbound successfully using NordVPN's
              version of <br>
              wireguard, but that doesn't use wg-quick, which is where
              the issue is.<br>
              <br>
              Cheers.<br>
              _______________________________________________<br>
              WireGuard mailing list<br>
              <a href="mailto:WireGuard@lists.zx2c4.com" target="_blank"
                moz-do-not-send="true">WireGuard@lists.zx2c4.com</a><br>
              <a
                href="https://lists.zx2c4.com/mailman/listinfo/wireguard"
                rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.zx2c4.com/mailman/listinfo/wireguard</a><br>
            </blockquote>
          </div>
          <br clear="all">
          <div><br>
          </div>
          -- <br>
          <div dir="ltr" class="gmail_signature">Edward Vielmetti +1 734
            330 2465
            <div><a href="mailto:edward.vielmetti@gmail.com"
                target="_blank" moz-do-not-send="true">edward.vielmetti@gmail.com</a></div>
            <div><br>
            </div>
          </div>
        </blockquote>
        <br>
        <br>
        <fieldset class="mimeAttachmentHeader"></fieldset>
        <pre class="moz-quote-pre" wrap="">_______________________________________________
WireGuard mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WireGuard@lists.zx2c4.com" moz-do-not-send="true">WireGuard@lists.zx2c4.com</a>
<a class="moz-txt-link-freetext" href="https://lists.zx2c4.com/mailman/listinfo/wireguard" moz-do-not-send="true">https://lists.zx2c4.com/mailman/listinfo/wireguard</a>
</pre>
      </blockquote>
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
WireGuard mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WireGuard@lists.zx2c4.com">WireGuard@lists.zx2c4.com</a>
<a class="moz-txt-link-freetext" href="https://lists.zx2c4.com/mailman/listinfo/wireguard">https://lists.zx2c4.com/mailman/listinfo/wireguard</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>