Connection works, ping does not
Hendrik Friedel
hendrik at friedels.name
Sat Nov 28 17:50:06 CET 2020
Hello,
in the mail below the mtr results as picture, as "mtr" opens a GUI for
me.
Here the results again, but from the commandline:
homeserver.fritz.box (2003:xxxxxxxxx:feaa:27bb)
2020-11-28T17:39:11+0100
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host
Loss% Snt Last Avg Best
Wrst StDev
1. p200300cb972aa0009ec7a6fffefd3a69.dip0.t-ipconnect.de
0.0% 15 0.5 0.5 0.5
0.7 0.1
2. 2003:0:8501::1
0.0% 15 7.9 13.1 7.5
47.7 11.1
3. ???
4. ???
5. ddf-b2-v6.telia.net
0.0% 14 75.9 81.7 75.9
96.7 5.0
6. glasfaser-svc070650-ic356771.c.telia.net
76.9% 14 78.2 81.0 78.2
82.4 2.4
7. 2a00:6020:0:a::2
0.0% 14 82.5 79.7 72.0
83.2 3.4
8. lo1007.kr1.dc1-bor.dg-ao.de
0.0% 14 81.8 82.9 68.1
87.6 4.9
9. 2a00:6020:1000:3:dd0e:7f3d:d93e:f23d
0.0% 14 84.0 85.6 71.6
90.5 5.0
10. 2a00:yyyyyyyyyyy:fe7f:c33a
0.0% 14 84.3 84.1 77.4 88.9 3.8
and in the opposite direction
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host
Loss% Snt Last Avg Best
Wrst StDev
1. fritz.box
0.0% 15 0.5 0.5 0.4
0.8 0.0
2. ???
3. 2a00:6020:0:a::1
20.0% 15 7.5 7.6 7.5
8.5 0.0
4. ddf-b2-link.telia.net
0.0% 15 6.2 7.7 6.0
26.8 5.3
5. ???
6. hbg-b2-v6.telia.net
26.7% 15 12.9 13.0 12.8
14.0 0.0
7. 2003:0:1400:c004::1
33.3% 15 71.6 72.1 68.7
75.9 2.8
8. 2003:0:8501::1
0.0% 14 80.2 76.9 69.1
80.3 3.1
9. ddddddddddddd.dip0.t-ipconnect.de
0.0% 14 83.6 85.4 66.0 92.9 6.2
There are many packet losses, as far as I see.
But also many packets seem to go through (never 100% loss).
Does that help?
Regards,
Hendrik
>
>------ Originalnachricht ------
>Von: "Hendrik Friedel" <hendrik at friedels.name>
>An: "Max R. P. Grossmann" <m at max.pm>
>Cc: wireguard at lists.zx2c4.com
>Gesendet: 23.11.2020 21:37:24
>Betreff: Re[2]: Connection works, ping does not
>
>>Hello Max,
>>
>>thanks for your reply.
>>
>>>
>>>Could it be that some kind of firewall is restricting UDP traffic to your other server?
>>>
>>Well, locally, I do use this machine as Host for many tunnels.
>>
>>
>>>
>>>E.g. could you try to run `mtr --udp [other server's public IP address]` on your computer (while disabling your other WireGuard connection, if applicable) and report back whether there is any kind of packet loss?
>>I used traceroute on the commandline for this:
>>
>>Remote_
>>
>>wg-quick up wgnet0
>>[#] ip link add wgnet0 type wireguard
>>[#] wg setconf wgnet0 /dev/fd/63
>>[#] ip -4 address add 10.192.122.3/32 dev wgnet0
>>[#] ip link set mtu 1420 up dev wgnet0
>>[#] wg set wgnet0 fwmark 51820
>>[#] ip -4 route add 0.0.0.0/0 dev wgnet0 table 51820
>>[#] ip -4 rule add not fwmark 51820 table 51820
>>[#] ip -4 rule add table main suppress_prefixlength 0
>>
>>root at openmediavault:/etc/wireguard# wg show
>>interface: wgnet0
>> public key: cebXSaxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxMFw=
>> private key: (hidden)
>> listening port: 42759
>> fwmark: 0xca6c
>>
>>peer: oNjmmmmmmmmmmmmmmmmmmmmmmmmmmmmU=
>> endpoint: [2003:cb:97ff:33d8:9ec7:a6ff:fefd:3a6d]:51820
>> allowed ips: 0.0.0.0/0
>> transfer: 0 B received, 444 B sent
>> persistent keepalive: every 25 seconds
>>
>>
>>Local:
>>traceroute to 2a00:sdfs:sdfsdf:sdfs:erre:ereee:sdf:c33a (2a00:sdfs:sdfsdf:sdfs:erre:ereee:sdf:c33a), 30 hops max, 80 byte packets
>> 1 p200300cb9733ca009ec7a6fffefd3a69.dip0.t-ipconnect.de (2003:cb:9733:ca00:9ec7:a6ff:fefd:3a69) 0.946 ms 3.435 ms 3.645 ms
>> 2 2003:0:8501::1 (2003:0:8501::1) 13.884 ms 13.839 ms 14.193 ms
>> 3 * * *
>> 4 2001:2000:3019:6b::1 (2001:2000:3019:6b::1) 86.609 ms 88.002 ms 87.874 ms
>> 5 ddf-b2-v6.telia.net (2001:2000:3018:21::1) 88.137 ms 89.508 ms 89.639 ms
>> 6 * * *
>> 7 2a00:6020:0:b::2 (2a00:6020:0:b::2) 81.576 ms 81.989 ms 2a00:6020:0:a::2 (2a00:6020:0:a::2) 82.201 ms
>> 8 lo1007.kr1.dc1-bor.dg-ao.de (2a00:6020:1000:3::1) 86.281 ms 84.259 ms 85.760 ms
>> 9 2a00:xxxx:1000:3:yyyy:7f3d:d93e:f23d (2a00:xxxx:1000:3:yyyy:7f3d:d93e:f23d) 88.483 ms !X 87.579 ms !X 88.447 ms !X
>>
>>And here the mtr results (wg up and down)
>>https://1drv.ms/u/s!AvbzKdYzkh6gl0BVLcuR9eeWUaqj?e=9wKxSC
>>https://1drv.ms/u/s!AvbzKdYzkh6gl0HVwPz1FabOtemM?e=c7bCcB
>>
>>>If not, you may wish to check whether the port on the machine is reachable, e.g. by running `nc -v -l -u -p 12345` on your server and then executing `echo test | nc -u [server's IP] 12345`, to check whether the message arrives at the server.
>>
>>I am using the machine that is here, locally as server for many tunnels. So, the wireguard port is reachable.
>>On the remote machine, I have NOT done any port forwarding. Is that neccessary at all? I thought that only the machine that is NOT initiating the connection needs a port forwarding.
>>
>>Greetings,
>>Hendrik
>>
>>>
>>>
>>>Best,
>>>
>>>Max
>>>
>>>On 20/11/22 07:39pm, Hendrik Friedel wrote:
>>>> Hello,
>>>>
>>>> (I posted this a while ago, but it never appeared on the list; if the list is the wrong place for this question, please let me know; I would appreciate a hint for a more appropriate place)
>>>>
>>>> I am using wireguard to connect two machines.
>>>> My local server is connected to the internet via a router. I am using theis Server also for connecting other devices (e.g. mobile phones) to my home network. This works great.
>>>>
>>>> But when connecting to another server (both debian 10), I only get a successful connection, but no ping.
>>>> *My server:*
>>>>
>>>> wg show
>>>> interface: wgnet0
>>>> public key: xxxxx=
>>>> private key: (hidden)
>>>> listening port: 51820
>>>>
>>>> peer: sdfsdfsdfsdfsdfsdf=
>>>> endpoint: 109.41.64.83:15167
>>>> allowed ips: 10.192.122.2/32
>>>> latest handshake: 1 minute, 7 seconds ago
>>>> transfer: 10.95 MiB received, 40.35 MiB sent
>>>>
>>>> peer: yyyy=
>>>> endpoint: 185.22.142.254:51380
>>>> allowed ips: 10.192.122.3/32
>>>> transfer: 0 B received, 5.20 KiB sent
>>>>
>>>> peer: yyyy=
>>>> endpoint: 93.214.229.137:64119
>>>> allowed ips: 10.192.122.4/32
>>>>
>>>> peer: yyyy=
>>>> endpoint: 93.214.225.116:49819
>>>> allowed ips: 10.192.122.5/32
>>>>
>>>> peer: yyyy=
>>>> allowed ips: 10.192.122.6/32
>>>>
>>>> peer: yyyy=
>>>> allowed ips: 10.192.122.7/32
>>>>
>>>>
>>>> more /etc/wireguard/wgnet0.conf
>>>> [Interface]
>>>> Address = 10.192.122.1/24
>>>> SaveConfig = true
>>>> PostUp = iptables -A FORWARD -i wgnet0 -j ACCEPT; iptables -A FORWARD -o wgnet0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>>>> PostDown = iptables -D FORWARD -i wgnet0 -j ACCEPT; iptables -D FORWARD -o wgnet0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
>>>> ListenPort = 51820
>>>> PrivateKey = aaa=
>>>>
>>>> [Peer]
>>>> PublicKey = yyyy=
>>>> AllowedIPs = 10.192.122.2/32
>>>> Endpoint = 123.41.67.233:18314
>>>>
>>>> [Peer]
>>>> PublicKey = xxx=
>>>> AllowedIPs = 10.192.122.3/32
>>>> Endpoint = 123.22.142.254:51380
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ip route
>>>> default via 192.168.177.1 dev eth0 proto static
>>>> 10.192.122.0/24 dev wgnet0 proto kernel scope link src 10.192.122.1
>>>>
>>>> and the other side/server:
>>>>
>>>> interface: wgnet0
>>>> public key: xxxxx=
>>>> private key: (hidden)
>>>> listening port: 54004
>>>> fwmark: 0xca6c
>>>>
>>>> peer: yyyyy=
>>>> endpoint: [2003:cb:aaa:bbb:9ec7:a6ff:fefd:3a6d]:51820
>>>> allowed ips: 0.0.0.0/0
>>>> transfer: 0 B received, 2.75 KiB sent
>>>> persistent keepalive: every 25 seconds
>>>>
>>>>
>>>>
>>>> more wgnet0.conf
>>>> [Interface]
>>>> Address = 10.192.122.3/32
>>>> PrivateKey = xxxxx=
>>>>
>>>> [Peer]
>>>> PublicKey = yyyyy=
>>>> Endpoint = v.myfritz.net:51820
>>>> AllowedIPs = 0.0.0.0/0
>>>> PersistentKeepalive = 25
>>>>
>>>> It seems to me, that the connection is successfully established , but data is only transmitted in one direction.
>>>>
>>>> How can I find the reason?
>>>>
>>>> Regards,
>>>> Hendrik
>>>>
>
More information about the WireGuard
mailing list