Weird connected but not established wireguard connection

Alex Rodriguez alex at secureideas.com
Tue May 14 07:36:42 CEST 2019


Greetings everyone,

So I am working on establishing a wireguard connection that is acting very
strange, and I am thinking that the problem is that specific machine is
acting weird and not wireguard. I wanted to message in here to figure out
if there was a way I could confirm this though.

I currently have 2 machines that I have hooked up to the vpn server,
through wireguard, no problem. They have established connections and
traffic flows perfectly.

The problem is, with this third machine that is running Kali Linux
(version 0.0.20190227 of wireguard dkms by default), I can see that it is
successfully contacting my server (because it registers the endpoints
external ip address) but it never sends a handshake successfully (that the
server knows of). If you look in the gist below I ran wg show (or just wg
which does a show), and it says that from the client side thinks that it
sent a successful handshake. The server side though doesn't have any latest
handshake field populated, and I can confirm that from the server side it
didn't by looking at the dump (also in the gist).

So it seems like it is trying to connect, but something isn't allowing it
handshake properly. As you can see from me running the wg show the keys
match up properly, so it isn't that I miss-configured the keys. If it was a
firewall in the way then I wouldn't be seeing on the server side that it is
connecting, right? So I don't think that it is a firewall.

I have tried the following:

   - purge the apt installed version completely (i.e. sudo apt remove
   --purge "wireguard*")
   - walked through twice (after doing the purge of the first one)
   confirming that the setup wasn't a mistake the first time
   - upgraded wg version by compiling and installing 0.0.20190406
   - Multiple tcpdumps on both sides, and I see that the traffic is
   attempting to send, but only sends syns (because the connection isn't
   established)


So here is my setup:

*https://gist.github.com/elreydetoda/948dd184402493c5e1d97d826d22a4a5
<https://gist.github.com/elreydetoda/948dd184402493c5e1d97d826d22a4a5>*

The weird thing is that the 80NPQXXXXX peer in the wg0.conf is identical in
os, kernel, etc...  (i.e. kali linux) and it establishes perfectly fine
with that machine. So there is something weird with specifically that
machine but I don't know of anything that would affect the connection when
it already makes the initial connection.

Sincerely,
Alex Rodriguez

P.S. So one of my co-workers and I figured out the weird vulnerability
scanner and wireguard issue kind of...So we assume that the problem with
the vulnerability scanner is implementing their own network driver/stack
thing to handle the scanning that they do. So having wireguard on that
server wasn't acting properly, so we simply moved wireguard to another
server and just route all traffic through that wireguard server into
whatever wireguard pipe we want. I will probably post a blog post about it
soon to let you all know how we implemented it. Just wanted to give a heads
up.

--
Alex Rodriguez
Developer

Secure Ideas, LLC - Professionally Evil ®

https://www.secureideas.com/

Cell: 980-277-2746 / Office: 866-404-7837 x741
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20190514/4c97f562/attachment.html>


More information about the WireGuard mailing list