wireguard broke with recent update on fedora 31

Barry Scott barry at barrys-emacs.org
Tue Dec 31 13:03:13 CET 2019 

I had wireguard working but the recent update of somethng has broken it.

I'm happy to help debug, run test code.

My server end is fedora 31, which is up to date.

kernel-5.3.16-300.fc31.x86_64
wireguard-dkms-0.0.20191226-1.fc31.noarch
wireguard-tools-1.0.20191226-1.fc31.x86_64

The server has 2 phys interfaces, external that is connected to the internet (no NAT)
and internal that is home network. I uses systemd-networkd for the phys interfaces.
wireguard uses a service that runnings these commands to start it up.

    ip link add wg0 type wireguard
    wg setconf wg0 /etc/wireguard/wg0.conf
    ip -4 address add 172.16.4.1/24 dev wg0
    ip link set mtu 1420 up dev wg0

(I also tried a smaller MTU, 1280, with no change).

I use firewalld configured to allow access through wg0.
I have also turned off firewalld to eliminate iptables rules
as a source of problem.

$ wg
interface: wg0
  public key: KNwXI8p8zJVed81RI3WhHQuYEUxIe0/PDP77Z2YSKTI=
  private key: (hidden)
  listening port: 51820

peer: bXUXQRJ9e2RXuxpSofQPVsvGMb5idhZiiF3lTOs1PRQ=
  endpoint: 213.205.240.12:43029
  allowed ips: (none)
  latest handshake: 33 seconds ago
  transfer: 1.02 KiB received, 3.11 KiB sent
  persistent keepalive: every 30 seconds

peer: JGxzN0iT+WIL2rltsWfaKD1IFC/f7b/AxF9peecTDEU=
  allowed ips: (none)
  persistent keepalive: every 30 seconds

peer: hom+2y5nNr9UnsSeyNJvWS6RkvnbTQOWwd8Zopsuzwo=
  allowed ips: 0.0.0.0/0
  persistent keepalive: every 30 seconds

peer bX... is an Android phone running wireguard v0.0.20191220.

A tcpdump show 2 ways comms with the phone

$ tcpdump -n -i external port 51820
11:35:09.545035 IP 213.205.240.12.43029 > 86.19.118.184.51820: UDP, length 112
11:35:09.792170 IP 86.19.118.184.51820 > 213.205.240.12.43029: UDP, length 32
11:35:14.533234 IP 213.205.240.12.43029 > 86.19.118.184.51820: UDP, length 112
11:35:14.800147 IP 213.205.240.12.43029 > 86.19.118.184.51820: UDP, length 148
11:35:14.802647 IP 86.19.118.184.51820 > 213.205.240.12.43029: UDP, length 92
... etc...

But I see nothing for "tcpdump -i wg0". And these stats:

$ ip -s addr show wg0
4: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none
    inet 172.16.4.1/24 scope global wg0
       valid_lft forever preferred_lft forever
    RX: bytes  packets  errors  dropped overrun mcast
    180        2        1       0       0       0
    TX: bytes  packets  errors  dropped carrier collsns
    92         1        0       3       0       0


Run test from phone here. Turn on wireguard, attempt to browse to http://172.16.4.1.

$ ip -s addr show wg0
4: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none
    inet 172.16.4.1/24 scope global wg0
       valid_lft forever preferred_lft forever
    RX: bytes  packets  errors  dropped overrun mcast
    180        2        28      0       0       0
    TX: bytes  packets  errors  dropped carrier collsns
    188        4        0       3       0       0

The RX errors have increased. dmesg is dull.

Barry

More information about the WireGuard mailing list