NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Getting wg(4) NetBSD server to work with WireGuard(R) macOS client

Hello,

I'm trying to get a wg(4) NetBSD server to work with a WireGuard(R)
macOS client. I have succeeded in getting a handshake and can send
bytes, but I don't receive bytes via ping or in Firefox. Meanwhile,
mosh works fine.

Here's my step-by-step:

On the NetBSD server:

	# (umask 0077; wg-keygen > /etc/wg0)
	# wg-keygen --pub < /etc/wg/wg0 > /etc/wg/wg0.pub
	# cat /etc/wg0.pub
	1WaiYse6arup/pNqos7CyvtsTm6O8PN+/s/6UZdk0kc=

	# ifconfig wg0 create
	# ifconfig wg0 inet 10.2.0.1/24

	[sever has no ipv6]

	# wgconfig wg0 set private-key /etc/wg0
	# wgconfig wg0 set listen-port 9443
	# wgconfig wg0 add peer sevastopol \
		1WaiYse6arup/pNqos7CyvtsTm6O8PN+/s/6UZdk0kc= \
		--allowed-ips=10.2.0.42/32

	# ifconfig wg0 down
	# ifconfig wg0 up
	# ifconfig wg0
	wg0: flags=0x8041<UP,RUNNING,MULTICAST> mtu 1420                               
        	status: active
	        inet6 fe80::1457:1bc8:34cf:69c0%wg0/64 flags 0 scopeid 0x3
	        inet 10.2.0.1/24 flags 0

On the hosting service firewall:

	accept	UDP	9443	0.0.0.0/0
	accept	UDP	51820 	0.0.0.0/0

On the macOS WireGuard(R) client:

	Name = sevastopol
	PublicKey = 8Oe88+HZAJ39RePuIcw3OQjQtC+onX0/lXk2rxC9HUw=

	[Interface]
	PrivateKey = [*** redacted ***]
	Address = 10.2.0.42/24

	[Peer]
	PublicKey = 1WaiYse6arup/pNqos7CyvtsTm6O8PN+/s/6UZdk0kc=
	AllowedIPs = 1.0.0.0/8, 2.0.0.0/8, 3.0.0.0/8, 4.0.0.0/6, 8.0.0.0/7,
	11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2,
	128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.32.0.0/11,
	172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4,
	192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16,
	192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10,
	193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4
	Endpoint = starbeastie.rnkn.xyz:9443

	$ ping -c5 10.2.0.1
	PING 10.2.0.1 (10.2.0.1): 56 data bytes
	Request timeout for icmp_seq 0
	Request timeout for icmp_seq 1
	Request timeout for icmp_seq 2
	Request timeout for icmp_seq 3

	--- 10.2.0.1 ping statistics ---
	5 packets transmitted, 0 packets received, 100.0% packet loss

Back on the NetBSD server:

	# wgconfig wg0
	interface: wg0
	        private-key: (hidden)
	        listen-port: 9443
	        peer: sevastopol
	                public-key: 8Oe88+HZAJ39RePuIcw3OQjQtC+onX0/lXk2rxC9HUw=
	                endpoint: 1.146.105.131:1085
                	preshared-key: (hidden)
        	        allowed-ips: 10.2.0.42/32
	                latest-handshake: Sat Jan 11 13:40:49 2025

What am I doing wrong here?

Thanks in advance,

-- 
Paul W. Rankin
https://rnkn.xyz
Home | Main Index | Thread Index | Old Index