netns.sh: Sending cookie response for denied handshake
René van Dorst
opensource at vdorst.com
Fri Oct 6 13:22:15 CEST 2017
Also WireGuard 0.0.20171001 has it.
[root at cubox tests]# ./netns.sh
[+] ip netns add wg-test-863-0
[+] ip netns add wg-test-863-1
[+] ip netns add wg-test-863-2
[+] NS0: ip link set up dev lo
[+] NS0: ip link add dev wg0 type wireguard
[ 172.621122] wireguard: loading out-of-tree module taints kernel.
[ 172.628391] wireguard: module verification failed: signature and/or
required
key missing - tainting
kernel
[ 172.642541] wireguard: routing table self-tests: pass
[ 172.650545] wireguard: nonce counter self-tests: pass
[ 172.660875] wireguard: curve25519 self-tests: pass
[ 172.665806] wireguard: chacha20poly1305 self-tests: pass
[ 172.673951] wireguard: blake2s self-tests: pass
[ 173.014255] wireguard: ratelimiter self-tests: pass
[ 173.019415] wireguard: WireGuard 0.0.20171001 loaded. See
www.wireguard.com f
or information.
[ 173.027933] wireguard: Copyright (C) 2015-2017 Jason A. Donenfeld
<Jason at zx2c
4.com>. All Rights
Reserved.
[ 173.040380] wireguard: wg0: Interface created
[+] NS0: ip link set wg0 netns wg-test-863-1
[+] NS0: ip link add dev wg0 type wireguard
[ 173.128583] wireguard: wg0: Interface created
[+] NS0: ip link set wg0 netns wg-test-863-2
[+] wg genkey
[+] wg genkey
[+] wg pubkey
[+] wg pubkey
[+] wg genpsk
[+] NS1: ip addr add 192.168.241.1/24 dev wg0
[+] NS1: ip addr add fd00::1/24 dev wg0
[+] NS2: ip addr add 192.168.241.2/24 dev wg0
[+] NS2: ip addr add fd00::2/24 dev wg0
[+] NS1: wg set wg0 private-key /dev/fd/63 listen-port 1 peer
xU8gpc+t5m8/Aa7+Vs
JXj/U7yS05L3+5ffVxLOOuWDw= preshared-key /dev/fd/62 allowed-ips
192.168.241.2/32
,fd00::2/128
[ 173.412056] wireguard: wg0: Peer 1 created
[+] NS2: wg set wg0 private-key /dev/fd/63 listen-port 2 peer
XdjZJkqTsFnVFO/gHW
Hf6Xqribof8bHd2BeFUZAjA2Y= preshared-key /dev/fd/62 allowed-ips
192.168.241.1/32
,fd00::1/128
[ 173.457206] wireguard: wg0: Peer 2 created
[+] NS1: ip link set up dev wg0
[+] NS2: ip link set up dev wg0
[+] NS1: ip link show dev wg0
[+] NS1: wg set wg0 peer xU8gpc+t5m8/Aa7+VsJXj/U7yS05L3+5ffVxLOOuWDw=
endpoint 1
27.0.0.1:2
[+] NS2: wg set wg0 peer XdjZJkqTsFnVFO/gHWHf6Xqribof8bHd2BeFUZAjA2Y=
endpoint 1
27.0.0.1:1
[+] NS2: ping -c 10 -f -W 1 192.168.241.1
PING 192.168.241.1 (192.168.241.1) 56(84) bytes of data.
.[ 173.687604] wireguard: wg0: Sending handshake initiation to peer 2
(127.0.0.
1:1)
[ 173.689508] wireguard: wg0: Sending cookie response for denied
handshake mess
age for 127.0.0.1:2
[ 173.689608] wireguard: wg0: Receiving cookie response from 127.0.0.1:1
.........
--- 192.168.241.1 ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 98ms
[+] NS0: ip link del dev wg0
[+] NS1: ip link del dev wg0
[ 174.898691] wireguard: wg0: Peer 1 (127.0.0.1:2) destroyed
[ 174.908717] wireguard: wg0: Interface deleted
[+] NS2: ip link del dev wg0
[ 174.960702] wireguard: wg0: Peer 2 (127.0.0.1:1) destroyed
[ 174.982706] wireguard: wg0: Interface deleted
[+] ip netns del wg-test-863-1
[+] ip netns del wg-test-863-2
[+] ip netns del wg-test-863-0
[root at cubox tests]#
[+] ip netns add wg-test-863-2
[+] NS0: ip link set up dev lo
[+] NS0: ip link add dev wg0 type wireguard
[ 172.621122] wireguard: loading out-of-tree module taints kernel.
[ 172.628391] wireguard: module verification failed: signature and/or
required key missing - tainting kernel
[ 172.642541] wireguard: routing table self-tests: pass
[ 172.650545] wireguard: nonce counter self-tests: pass
[ 172.660875] wireguard: curve25519 self-tests: pass
[ 172.665806] wireguard: chacha20poly1305 self-tests: pass
[ 172.673951] wireguard: blake2s self-tests: pass
[ 173.014255] wireguard: ratelimiter self-tests: pass
[ 173.019415] wireguard: WireGuard 0.0.20171001 loaded. See
www.wireguard.com for information.
[ 173.027933] wireguard: Copyright (C) 2015-2017 Jason A. Donenfeld
<Jason at zx2c4.com>. All Rights Reserved.
[ 173.040380] wireguard: wg0: Interface created
[+] NS0: ip link set wg0 netns wg-test-863-1
[+] NS0: ip link add dev wg0 type wireguard
[ 173.128583] wireguard: wg0: Interface created
[+] NS0: ip link set wg0 netns wg-test-863-2
[+] wg genkey
[+] wg genkey
[+] wg pubkey
[+] wg pubkey
[+] wg genpsk
[+] NS1: ip addr add 192.168.241.1/24 dev wg0
[+] NS1: ip addr add fd00::1/24 dev wg0
[+] NS2: ip addr add 192.168.241.2/24 dev wg0
[+] NS2: ip addr add fd00::2/24 dev wg0
[+] NS1: wg set wg0 private-key /dev/fd/63 listen-port 1 peer
xU8gpc+t5m8/Aa7+VsJXj/U7yS05L3+5ffVxLOOuWDw= preshared-key /dev/fd/62
allowed-ips 192.168.241.2/32,fd00::2/128
[ 173.412056] wireguard: wg0: Peer 1 created
[+] NS2: wg set wg0 private-key /dev/fd/63 listen-port 2 peer
XdjZJkqTsFnVFO/gHWHf6Xqribof8bHd2BeFUZAjA2Y= preshared-key /dev/fd/62
allowed-ips 192.168.241.1/32,fd00::1/128
[ 173.457206] wireguard: wg0: Peer 2 created
[+] NS1: ip link set up dev wg0
[+] NS2: ip link set up dev wg0
[+] NS1: ip link show dev wg0
[+] NS1: wg set wg0 peer xU8gpc+t5m8/Aa7+VsJXj/U7yS05L3+5ffVxLOOuWDw=
endpoint 127.0.0.1:2
[+] NS2: wg set wg0 peer XdjZJkqTsFnVFO/gHWHf6Xqribof8bHd2BeFUZAjA2Y=
endpoint 127.0.0.1:1
[+] NS2: ping -c 10 -f -W 1 192.168.241.1
PING 192.168.241.1 (192.168.241.1) 56(84) bytes of data.
.[ 173.687604] wireguard: wg0: Sending handshake initiation to peer 2
(127.0.0.1:1)
[ 173.689508] wireguard: wg0: Sending cookie response for denied
handshake message for 127.0.0.1:2
[ 173.689608] wireguard: wg0: Receiving cookie response from 127.0.0.1:1
.........
--- 192.168.241.1 ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 98ms
[+] NS0: ip link del dev wg0
[+] NS1: ip link del dev wg0
[ 174.898691] wireguard: wg0: Peer 1 (127.0.0.1:2) destroyed
[ 174.908717] wireguard: wg0: Interface deleted
[+] NS2: ip link del dev wg0
[ 174.960702] wireguard: wg0: Peer 2 (127.0.0.1:1) destroyed
[ 174.982706] wireguard: wg0: Interface deleted
[+] ip netns del wg-test-863-1
[+] ip netns del wg-test-863-2
[+] ip netns del wg-test-863-0
More information about the WireGuard
mailing list