wg-crypt-wg0 process

Fatih USTA fatihusta86 at gmail.com
Wed Dec 30 09:19:30 CET 2020 

Hi

I'm playing wireguard with the namespace. I think I caught a litle problem.

If I delete netns directly, everything is removed, but wg-crypt-wg0 
process is still alive.

root      8127  0.0  0.0      0     0 ?        S<   07:26 0:00 
[wg-crypt-wg0]
root      8143  0.0  0.0      0     0 ?        S<   07:26 0:00 
[wg-crypt-wg0]
root      8449  0.0  0.0      0     0 ?        S<   07:26 0:00 
[wg-crypt-wg0]
root      8454  0.0  0.0      0     0 ?        S<   07:26 0:00 
[wg-crypt-wg0]

If I delete first wireguard interface from the netns, everthing works fine.

wg_version:        1.0.20201221
kernel_version:       3.16.85-1

#!/bin/bash

case $1 in
     remove)
         ip link del dev bridge0 || { echo "Please add first."; exit 1; }
         ip link del dev veth1
         ip link del dev veth2
         #ip netns exec ns1 ip link del dev wg0
         #ip netns exec ns2 ip link del dev wg0
         ip netns del ns1
         ip netns del ns2
         iptables -D FORWARD -i bridge0 -o bridge0 -j ACCEPT
         rm -f /tmp/private-ns1 /tmp/private-ns2 /tmp/public-ns1 
/tmp/public-ns2
     ;;
     add)
         ip link add name bridge0 type bridge || { echo "Please remove 
first."; exit 1; }
         ip link set dev bridge0 up

         ip netns add ns1
         ip netns add ns2
         ip link add name veth1 type veth peer name eth0 netns ns1
         ip link add name veth2 type veth peer name eth0 netns ns2
         ip link set dev veth1 up master bridge0
         ip link set dev veth2 up master bridge0

         ip netns exec ns1 ip link set dev lo up
         ip netns exec ns1 ip link set dev eth0 up
         ip netns exec ns1 ip addr add 10.150.150.1/24 dev eth0

         ip netns exec ns2 ip link set dev lo up
         ip netns exec ns2 ip link set dev eth0 up
         ip netns exec ns2 ip addr add 10.150.150.2/24 dev eth0

         ( umask 0077;
           wg genkey | \
           tee /tmp/private-ns1 | \
           wg pubkey > /tmp/public-ns1

           wg genkey | \
           tee /tmp/private-ns2 | \
           wg pubkey > /tmp/public-ns2
         )

         ip netns exec ns1 ip link add name wg0 type wireguard
         ip netns exec ns1 ip addr add 172.16.1.1/24 dev wg0

         ip netns exec ns2 ip link add name wg0 type wireguard
         ip netns exec ns2 ip addr add 172.16.1.2/24 dev wg0

         ip netns exec ns1 wg set wg0 private-key /tmp/private-ns1 
listen-port 51820
         ip netns exec ns1 ip link set wg0 up

         ip netns exec ns2 wg set wg0 private-key /tmp/private-ns2 
listen-port 51820
         ip netns exec ns2 ip link set wg0 up

         ip netns exec ns1 wg set wg0 peer "$(</tmp/public-ns2)" 
allowed-ips 172.16.1.0/24 endpoint 10.150.150.2:51820
         ip netns exec ns2 wg set wg0 peer "$(</tmp/public-ns1)" 
allowed-ips 172.16.1.0/24 endpoint 10.150.150.1:51820

         iptables -I FORWARD -i bridge0 -o bridge0 -j ACCEPT

         ip netns exec ns1 wg
         ip netns exec ns2 wg
         ip netns exec ns1 ping -i 0.3 -c 2 172.16.1.2 &>/dev/null && \
                           echo -e "\n\nWorked" || \
                           echo -e "\n\nFailed"
     ;;
     *)echo "$(basename $0) add|remove" ;;
esac


-- 
Fatih USTA

More information about the WireGuard mailing list