AW: two client connections -> crash?

Xand Meaden xand at xand.uk
Tue Jul 14 15:50:13 CEST 2020


"AllowedIPs" is the list of IP addresses/subnets that should be routed
via that wireguard tunnel. In your case you've set both tunnels to be
default route (0.0.0.0/0) for IPv4 traffic.

So it depends on what is the other end of each tunnel - and what you
want the tunnel to be used for. AllowedIPs might just be the private IP
address of each peer if you just want to communicate with that.

Xand

On 14/07/2020 14:43, Joachim Lindenberg wrote:
> Good observation. I never really understood  what IPs I should put there and also didn´t find a good  documentation on that. And obviously with one connection it wasn´t that important to get it right. What IP addresses or network should AllowedIPs refer to? Client? Server? Tunnel?
> Thanks, Joachim
>
> -----Ursprüngliche Nachricht-----
> Von: M. Dietrich <mdt at emdete.de> 
> Gesendet: Tuesday, 14 July 2020 12:11
> An: wireguard at lindenberg.one; 'WireGuard mailing list' <wireguard at lists.zx2c4.com>
> Betreff: Re: two client connections -> crash?
>
>
> Quotation from wireguard at lindenberg.one at Juli 13, 2020 20:53:
>> I am trying to configure one client system (Ubuntu 18.04.4 LTS 
>> (GNU/Linux 5.3.0-62-generic x86_64)) against two servers. The 
>> configuration is very similar:
>>
>> root at Mailcow:/home/joachim# cat /etc/wireguard/wg0-client.conf 
>> [Interface] Address = 10.200.200.2/24 PrivateKey = *** DNS = 8.8.8.8 
>> #10.200.200.1
>>
>> [Peer]
>> PublicKey = qn6CTz578gbrYpzYkvV2okoqkIFHKye+mRj4i/I8Sz8=
>> Endpoint = fire.lindenberg.one:51820
>> AllowedIPs = 0.0.0.0/0
>> PersistentKeepalive = 21
>>
>> root at Mailcow:/home/joachim# cat /etc/wireguard/wg1-client.conf 
>> [Interface] Address = 10.200.201.2/24 PrivateKey = *** DNS = 8.8.8.8 
>> #10.200.200.1
>>
>> [Peer]
>> PublicKey = QAJANxtuAvdT+HR3fP1I2DXq0Azl0T3jF5s+cW7foSA=
>> Endpoint = nc.lindenberg.one:51820
>> AllowedIPs = 0.0.0.0/0
>> PersistentKeepalive = 21
>>
>> Wg-quick up wg0-client ist at system startup. Now unfortunately when I 
>> do wg-quick up wg1-client the network stack kind of crashes. The 
>> command does not terminate, and connectivity on all interfaces is 
>> broken.
>> Is this a configuration issue? Should I change ports to be different? 
>> Is there some other issue?
> The ports are fine because the IPs are different. You use the same AllowedIPs for both. And they cover the whole network. 
> This cannot work. What is the intention of that config?
>
>> Do I have to define two interfaces or could I have just one with 
>> multiple peers? But how could I then specify which tunnel to use?
> Depends on what you want to achieve. Sure you can use multiple peers for one interface.
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20200714/2ee68f26/attachment.asc>


More information about the WireGuard mailing list