Freebsd Wireguard-go behavior

Thu Feb 6 18:10:34 CET 2020

Hi,

I’ve been using wireguard as a peer-to-peer VPN on linux for many years now (thanks Jason!) 
Recently I’ve been using wireguard-go on Freebsd. I noticed that there are a difference.

I used to add an IP address to the wg interface on both sides, which is a good starting point to verify that I got the VPN up and running. Ping responses on both local and remote IP address tells me everything is ok.

However on Freebsd ( wireguard version 1.0.20200121 ) with same config, local ping does not respond?!, remote works from either side but not local ping on the wg interface IP address.

I verified Freebsd behavior by creating a tun interface with ifconfig, added an IP address and that local IP address responds to ping...

I actually get two different scenarios, either no ping response or a response that the ping packet where sent trough the tunnel and bounced back:

root at bsd1:~ # ping 192.168.9.1
PING 192.168.9.1 (192.168.9.1): 56 data bytes
92 bytes from 192.168.9.2: Redirect Host(New addr: 192.168.9.1)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 cdcd   0 0000  40  01 1989 192.168.9.1  192.168.9.1 

64 bytes from 192.168.9.1: icmp_seq=0 ttl=63 time=4.401 ms
92 bytes from 192.168.9.2: Redirect Host(New addr: 192.168.9.1)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 21c7   0 0000  40  01 c58f 192.168.9.1  192.168.9.1 

I’m confused.  Is this expected behavior? Can someone please explain.

Thanks
Peter

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20200206/05449772/attachment.html>