<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
As a follow up, wireguard-tools v1.0.20200102 also has the issue.<br>
<br>
I did think of updating nftables to the latest, but that then
started dragging in too many other updated dependencies I wasn't
comfortable with. So, as nftables currently isn't used on Slack, I
renamed the binary so that wg-quick wouldn't find it, which allowed
the connection to be made.<br>
<br>
Now all I need do is work out why the handshakes between client and
server are working, but traffic doesn't flow.<br>
<br>
Cheers.<br>
<br>
<br>
<div class="moz-cite-prefix">On 1/2/2020 12:04 AM, Eddie wrote:<br>
</div>
<blockquote type="cite"
cite="mid:b1fa4bed-d9cd-d20e-2037-9794f1a53185@attglobal.net">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Not sure if this helps, or not. But this is the relevant part
from a bash trace:<br>
<br>
<tt>+ cmd nft -f /dev/fd/63</tt><tt><br>
</tt><tt>+ echo '[#] nft -f /dev/fd/63'</tt><tt><br>
</tt><tt>[#] nft -f /dev/fd/63</tt><tt><br>
</tt><tt>+ nft -f /dev/fd/63</tt><tt><br>
</tt><tt>++ echo -n 'add table ip wg-quick-wg0</tt><tt><br>
</tt><tt>add chain ip wg-quick-wg0 preraw { type filter hook
prerouting priority -300; }</tt><tt><br>
</tt><tt>add chain ip wg-quick-wg0 premangle { type filter hook
prerouting priority -150; }</tt><tt><br>
</tt><tt>add chain ip wg-quick-wg0 postmangle { type filter hook
postrouting priority -150; }</tt><tt><br>
</tt><tt>add rule ip wg-quick-wg0 preraw iifname != wg0 ip daddr
192.168.150.14 fib saddr type != local drop</tt><tt><br>
</tt><tt>add rule ip wg-quick-wg0 postmangle meta l4proto udp mark
51820 ct mark set mark</tt><tt><br>
</tt><tt>add rule ip wg-quick-wg0 premangle meta l4proto udp meta
mark set ct mark</tt><tt><br>
</tt><tt>'</tt><tt><br>
</tt><tt>/dev/fd/63:5:76-80: Error: syntax error, unexpected saddr</tt><tt><br>
</tt><tt><br>
</tt><tt>
^^^^^</tt><br>
Cheers.<br>
<br>
<br>
<div class="moz-cite-prefix">On 1/1/2020 11:34 PM, Eddie wrote:<br>
</div>
<blockquote type="cite"
cite="mid:3d6ae658-2184-5da2-ddaa-c4060419bee5@attglobal.net">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
Ha. Even older:<br>
<br>
root@The-Tardis:~# nft -v<br>
nftables v0.6 (Support Edward Snowden)<br>
<br>
<br>
And in reply to a couple of off-list messages:<br>
<br>
wireguard-tools-1.0.20191226<br>
<br>
There are different reasons for using different VPNs. Can you
really "totally" trust the one that you're using.<br>
<br>
Cheers.<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On 1/1/2020 10:22 PM, Edward
Vielmetti wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAPRZce10tz0KgBUMFcHj09WDvUF_ygpMBQckB-Nebnjk52479g@mail.gmail.com">
<meta http-equiv="content-type" content="text/html;
charset=UTF-8">
<div dir="ltr">Eddie - what version of nftables does Slackware
come with? The output of `nft -v` should be helpful.
<div><br>
</div>
<div>There is a report from stackexchange that nftables at
0.7 gives this error, but at 0.8.1 or better it's OK. I
was not easily able to verify that from the source code,
but it would be where I'd start to look. There was </div>
<div><br>
</div>
<div>The nftables 0.8.1 release notes (from 2018) are here: <a
href="https://lwn.net/Articles/744480/"
moz-do-not-send="true">https://lwn.net/Articles/744480/</a> and
it points to new syntax in this release.</div>
<div><br>
</div>
<div>good luck!</div>
<div><br>
</div>
<div>Ed</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Jan 2, 2020 at
12:27 AM Eddie <<a href="mailto:stunnel@attglobal.net"
moz-do-not-send="true">stunnel@attglobal.net</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">First time running
wireguard as a native client on my Slackware 14.2 <br>
system throws this:<br>
<br>
root@The-Tardis:~# wg-quick up wg0<br>
[#] ip link add wg0 type wireguard<br>
[#] wg setconf wg0 /dev/fd/63<br>
[#] ip -4 address add <a href="http://192.168.150.14/32"
rel="noreferrer" target="_blank" moz-do-not-send="true">192.168.150.14/32</a>
dev wg0<br>
[#] ip link set mtu 1420 up dev wg0<br>
[#] wg set wg0 fwmark 51820<br>
[#] ip -4 route add <a href="http://0.0.0.0/0"
rel="noreferrer" target="_blank" moz-do-not-send="true">0.0.0.0/0</a>
dev wg0 table 51820<br>
[#] ip -4 rule add not fwmark 51820 table 51820<br>
[#] ip -4 rule add table main suppress_prefixlength 0<br>
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1<br>
[#] nft -f /dev/fd/63<br>
/dev/fd/63:5:76-80: Error: syntax error, unexpected saddr<br>
<br>
Fairly simple config to connect to my VPS:<br>
<br>
[Interface]<br>
Address = <a href="http://192.168.150.14/32"
rel="noreferrer" target="_blank" moz-do-not-send="true">192.168.150.14/32</a><br>
PrivateKey = <Not the key you're looking for><br>
<br>
[Peer]<br>
PublicKey = <Just being overly paranoid><br>
Endpoint = <a class="moz-txt-link-abbreviated"
href="http://www.xxx.yyy.zzz:51820"
moz-do-not-send="true">www.xxx.yyy.zzz:51820</a><br>
AllowedIPs = <a href="http://0.0.0.0/0" rel="noreferrer"
target="_blank" moz-do-not-send="true">0.0.0.0/0</a><br>
<br>
Not sure what additional information you need collected at
this point.<br>
<br>
I'm able to connect outbound successfully using NordVPN's
version of <br>
wireguard, but that doesn't use wg-quick, which is where
the issue is.<br>
<br>
Cheers.<br>
_______________________________________________<br>
WireGuard mailing list<br>
<a href="mailto:WireGuard@lists.zx2c4.com" target="_blank"
moz-do-not-send="true">WireGuard@lists.zx2c4.com</a><br>
<a
href="https://lists.zx2c4.com/mailman/listinfo/wireguard"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.zx2c4.com/mailman/listinfo/wireguard</a><br>
</blockquote>
</div>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr" class="gmail_signature">Edward Vielmetti +1 734
330 2465
<div><a href="mailto:edward.vielmetti@gmail.com"
target="_blank" moz-do-not-send="true">edward.vielmetti@gmail.com</a></div>
<div><br>
</div>
</div>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
WireGuard mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WireGuard@lists.zx2c4.com" moz-do-not-send="true">WireGuard@lists.zx2c4.com</a>
<a class="moz-txt-link-freetext" href="https://lists.zx2c4.com/mailman/listinfo/wireguard" moz-do-not-send="true">https://lists.zx2c4.com/mailman/listinfo/wireguard</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
WireGuard mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WireGuard@lists.zx2c4.com">WireGuard@lists.zx2c4.com</a>
<a class="moz-txt-link-freetext" href="https://lists.zx2c4.com/mailman/listinfo/wireguard">https://lists.zx2c4.com/mailman/listinfo/wireguard</a>
</pre>
</blockquote>
<br>
</body>
</html>