Possible regression between 5.18.2 and 6.2.1

Dan Crawford dnlcrwfrd at gmail.com
Mon Mar 6 09:51:54 UTC 2023


I recently updated a server from kernel version 5.18.2 to 6.2.1 and
discovered that WG clients could no longer connect; there were no
changes to configs. Reverting to 5.18.2 resolves the issue.

My server config looks something like

[Interface]
Address = 192.168.1.0/24
ListenPort = 51820
PrivateKey = XXX
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = XXX
AllowedIPs = 192.168.1.3/32

and my client config looks something like


[Interface]
Address = 192.168.1.3/32
DNS = 1.1.1.1
PrivateKey = XXX

[Peer]
AllowedIPs = 0.0.0.0/0
Endpoint = example.com:51820
PublicKey = XXX

On the server I get mysterious "packet has unallowed src ip" errors.
Playing around with various combinations of subnets and iptables
invocations doesn't seem to help. Was there a change to the config spec
that I missed? Or otherwise any other ideas what might be going on?

Thanks.


More information about the WireGuard mailing list