Multicast packet drop with wg tunnel up

Chris Ruehl chris.ruehl at gtsys.com.hk
Tue Nov 14 02:28:02 CET 2017 

Hi,

first message to the list, want say hello and want report with a problem I 
discovered when I play with the wireguard.

Setup:
Point to point tunnel (ARM-10.x.x.x) (FW) (www) (Server)
Tunnel fine no problem all works as expected.


On the ARM-10.x.x.x runs a service announce kind of service refesh
using MCAST group message.

ARM-10.x.x.x >> MCAST >> Service-listener
IP 10.128.2.193.10800 > 239.255.43.80.20800: UDP, length 19

Once WG is up the MCAST not shows up at Service-listener.

If remove the rules added by wg-quick:
root at 91f4:/etc/wireguard# ip -4 rule delete table 51820
root at 91f4:/etc/wireguard# ip -4 rule delete table main suppress_prefixlength 0

All back to normal, tunnel and MCAST works.

Is that a bug in the IP rule?

Regards
Chris


System info:
------------
Kernel 4.9.60

root at 91f4:/etc/wireguard# wg-quick up wg0net
[#] ip link add wg0net type wireguard
[#] wg setconf wg0net /dev/fd/63
[#] ip address add 10.7.128.3/24 dev wg0net
[#] ip link set mtu 1420 dev wg0net
[#] ip link set wg0net up
[#] wg set wg0net fwmark 51820
[#] ip -6 route add ::/0 dev wg0net table 51820
[#] ip -6 rule add not fwmark 51820 table 51820
[#] ip -6 rule add table main suppress_prefixlength 0
sysctl: unable to open directory "/proc/sys/fs/binfmt_misc/"
[#] wg set wg0net fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0net table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
sysctl: unable to open directory "/proc/sys/fs/binfmt_misc/"

root at 91f4:/etc/wireguard# wg
interface: wg0net
   public key: EpdQHhUC4woDnL5gILT8drtAqHfdCPM2tnZe0ztM4n4=
   private key: (hidden)
   listening port: 35987
   fwmark: 0xca6c

peer: E/lOgU90jnqSKluYGCPvTGWQMCpthd4Xzm0qhbZj/nU=
   endpoint: 203.86.233.122:22114
   allowed ips: 0.0.0.0/0, ::/0
   latest handshake: 1 minute, 4 seconds ago
   transfer: 2.20 KiB received, 5.55 KiB sent





-- 
GTSYS Limited RFID Technology
9/F, Unit E, R07, Kwai Shing Industrial Building Phase 2,
42-46 Tai Lin Pai Road, Kwai Chung, N.T., Hong Kong
Tel (852) 9079 9521

Disclaimer: https://www.gtsys.com.hk/email/classified.html

More information about the WireGuard mailing list