[WireGuard] Troubleshooting with WireGuard

Baptiste Jonglez baptiste at bitsofnetworks.org
Tue Jul 12 17:58:58 CEST 2016

On Tue, Jul 12, 2016 at 11:42:28PM +0800, Quan Zhou wrote:
> I'm trying to connect to [2600:3c01:..:1487]:41414 from [2400:6180:...:1]
> I have added the specific IPv6 /128 address to the AllowedIPs on one side,
> and
> on the other side I simply put ::0/0.
> The address I've set was:
> srv1 # ip addr add dev wg0
> srv2 # ip addr add dev wg0

I think you are confusing IP addresses used on the public Internet and IP
addresses used "inside" the wireguard VPN.  AllowedIPs refers to IP
addresses *inside* the VPN.

From what I gathered, your hosts have public IPv6 addresses, and you are
using this to make the hosts communicate with each other over the public
Internet.  You are then trying to use IPv4 addresses inside the VPN.

If that is the case, then AllowedIPs should refer to the IPv4 addresses
(10.24.XX.XX in your example).

> I will deal with routing later, with OSPF or simply a static route. Right
> now the
> problem is:
> Jul 12 15:32:41 debian kernel: [1081190.595578] Invalid MAC of handshake,
> dropping packet from [2400:...:aec:1]:41414/0%0
> Having no idea about handshake, what should I do next.
> On Tue, Jul 12, 2016 at 5:05 PM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> > Hi Quan,
> >
> > WireGuard is a layer 3 tunnel device, so AllowedIPs should probably be
> > a different IP than endpoint unless you've set up some policy based
> > routing. Also, you'll need to configure the devices with ip-addr too
> > -- what were your commands there?
> >
> > Regards,
> > Jason
> >

> _______________________________________________
> WireGuard mailing list
> WireGuard at lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/wireguard

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20160712/cc00b437/attachment.asc>

More information about the WireGuard mailing list