Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#3653 - wireguard is not working - not sending any packets #8688

Open
openwrt-bot opened this issue Mar 1, 2021 · 6 comments
Open

FS#3653 - wireguard is not working - not sending any packets #8688

openwrt-bot opened this issue Mar 1, 2021 · 6 comments
Labels
flyspray kernel

Comments

@openwrt-bot
Copy link

@openwrt-bot openwrt-bot commented Mar 1, 2021

piontec:

I'm using 19.07.7 r11306-c4a6851c72 build on xiaomi mi router 4a gigabit, built by [[https://gitlab.com/db260179/xiaomi-m4a/-/releases|David Betham]] (it doesn't affect wireguard, I think).

The problem I'm having is that wireguard is completely not working: although the tunnel is configured, it never sends any traffic to the destination peer.

My wg config:

wg show

interface: wg0
public key: Kus59Dar/4ki3/IWM7UVn5uFFco79btQgH9CKCDERF8=
private key: (hidden)
listening port: 31833

peer: qEgo8fA/w9pXtBoQnB5/U/jNn30AFxloPV/owjxKj0A=
endpoint: 185.X.Y.Z:1195
allowed ips: 10.10.10.0/24
persistent keepalive: every 15 seconds

Now, I start

tcpdump -i any -f "udp and port 1195"

and ping the remote end tunnel, but not a single ping is returned nor I see a single packet captured by tcpdump. The same config and device were working on some unofficial 17.07.4 build I was using previously.

Kernel used:

uname -a

Linux coffee 4.14.221 #0 SMP Mon Feb 15 15:22:37 2021 mips GNU/Linux

My software versions are:

kmod-udptunnel4 - 4.14.221-1
kmod-udptunnel6 - 4.14.221-1
kmod-wireguard - 4.14.221+1.0.20200611-2
luci-app-wireguard - git-21.054.03371-3b137b5-1
luci-proto-wireguard - git-21.054.03371-3b137b5-1
wireguard - 1.0.20200611-2
wireguard-tools - 1.0.20191226-1

Please let me know how can I help investigate it further.

@openwrt-bot
Copy link
Author

@openwrt-bot openwrt-bot commented Mar 1, 2021

cryobry:

//allowed ips: 10.10.10.0/24//

Are you testing from this subnet? Perhaps your network layout has changed w/ the version upgrade?

Do you have software flow offloading enabled? Try disabling it and retesting.

@openwrt-bot
Copy link
Author

@openwrt-bot openwrt-bot commented Mar 2, 2021

piontec:

Yes, I have an IP from the same subnet and the src IP is chosen correctly in the routing process.

I'm not sure about the software flow offloading - how can I check and change it?

@openwrt-bot
Copy link
Author

@openwrt-bot openwrt-bot commented Mar 2, 2021

piontec:

OK, found it. I've checked with both software flow offloading on and off - no difference.

@openwrt-bot
Copy link
Author

@openwrt-bot openwrt-bot commented Mar 2, 2021

cryobry:

Are you sure that the wan interface is up? Try restarting it. You can use pbr or a vlan to bypass the tunnel for testing, if necessary. I've found that it's sometimes necessary to restart the wan interface(s) after adding a new interface.

@openwrt-bot
Copy link
Author

@openwrt-bot openwrt-bot commented Mar 2, 2021

piontec:

Thanks for the suggestions, but I'm sure wan is up, I'm using it to write this response and I've verified with tcpdump that packets created with netcat with UDP and the same port number successfully leave my openwrt router and reach tunnel gateway. I tried restarting wan, but still no luck :(

@openwrt-bot
Copy link
Author

@openwrt-bot openwrt-bot commented Mar 8, 2021

piontec:

I rolled back to firmware "OpenWrt 19.07.4 r11208-ce6496d796 / LuCI openwrt-19.07 branch git-20.247.75781-0d0ab01" built by https://github.com/araujorm/openwrt/releases/ and my wireguard just works - no config changes.

@aparcar aparcar added the kernel label Feb 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
flyspray kernel
Projects
None yet
Development

No branches or pull requests

2 participants