wireguard-tools icon indicating copy to clipboard operation
wireguard-tools copied to clipboard

Published 20 hours ago verified publisher icon WireGuard

wg-quick for sunos

Open nshalman opened this issue 2 years ago • 4 comments

This is in support of WireGuard/wireguard-go#39

nshalman avatar Aug 31 '22 02:08 nshalman

Updated copyright year, added a couple of extra reference links, removed some TODOs that don't actually require action (https://github.com/WireGuard/wireguard-tools/compare/8588ad10c513e50f2b051a4c48ffe33af562a9d5..491d58a4bae08bb74e82a2d372af660ee6d968b6)

@zx2c4 This is ready for your review. ~~https://github.com/WireGuard/wireguard-tools/pull/17/commits/491d58a4bae08bb74e82a2d372af660ee6d968b6~~ https://github.com/WireGuard/wireguard-tools/pull/17/commits/77de1e949f7e754b28f5b258c0176718c63741a5 is the conversion of the OpenBSD version to the sunos version which might help with review, but let me know if you want me to squash that into the commit that did the simple copy.

nshalman avatar Mar 06 '23 14:03 nshalman

Bug report from a user:

Config file (that works in Linux) with addresses with /32 appended fail

[Interface]  
ListenPort = 41953  
PrivateKey =  REDACTED
Address = 10.254.254.1/32  
  
[Peer]  
PublicKey =  REDACTED
PersistentKeepalive = 25  
AllowedIPs = 10.254.254.3/32  

[root@vpn1 /etc/wireguard]# wg-quick up tun0  
[#] wireguard-go tun  
[#] sleep 0.1  
[+] Interface for tun0 is tun0  
[#] ipadm create-addr -t -T static -a local=10.254.254.1/32,remote=10.254.254.1/32 tun0/tun00  
ipadm: Error in setting remote address: Invalid address

But it works if the user removes the /32 from the addresses.

[root@vpn1 /etc/wireguard]# wg-quick up tun0  
[#] wireguard-go tun  
[#] sleep 0.1  
[+] Interface for tun0 is tun0  
[#] ipadm create-addr -t -T static -a local=10.254.254.1,remote=10.254.254.1 tun0/tun00  
[#] wg setconf tun0 /dev/fd/63  
[#] ifconfig tun0 mtu 1420  
[#] route -q -n add -inet 10.254.254.3/32 -iface 10.254.254.1  
add host 10.254.254.3/32: gateway 10.254.254.1  
[+] Backgrounding route monitor  
[root@vpn1 /etc/wireguard]# ping 10.254.254.3  
PING 10.254.254.3: 56 data bytes  
64 bytes from 10.254.254.3: icmp_seq=0. time=30.550 ms

I'm pretty sure this isn't the first time I've seen ipadm get upset with addresses like those.

nshalman avatar Mar 06 '23 18:03 nshalman

That bug should be fixed by my force-push: https://github.com/WireGuard/wireguard-tools/compare/491d58a4bae08bb74e82a2d372af660ee6d968b6..77de1e949f7e754b28f5b258c0176718c63741a5

nshalman avatar Mar 06 '23 18:03 nshalman

@zx2c4 please review when you have time. Goes along with wireguard/wireguard-go#39

nshalman avatar Mar 13 '23 14:03 nshalman