database64128
Macos routes
Thanks a lot for creating this. Here is how i am using this on macOS. It is pretty ugly (without syscall), but it might help out the if someone want to use this in macOS. It is working for me. I am just sharing my solution, rather than hoping getting it merged into the codebase.
@database64128 could this be merged into the main source code tree? Or any additional things needs to be done? I would love to see clean MacOS implementation, if possible!
@alexander-potemkin No, like the author said, this is too much of a hack to be merged.
If your internet-facing physical interface has a fixed IP address, like 192.168.50.11, you could specify "proxyConnListenAddress": "192.168.50.11:" in your client config to let swgp-go bind to 192.168.50.11:0 for its outgoing sockets.
@lsgrep Off-topic shameless plug: Saw you wrote https://github.com/lsgrep/cfbind, thought you might be interested in a similar project of mine: https://github.com/database64128/ddns-go. On Linux and Windows, ddns-go can use native platform APIs to monitor network interface address changes, without the need of polling at a fixed interval.
If your internet-facing physical interface has a fixed IP address, like 192.168.50.11, you could specify "proxyConnListenAddress": "192.168.50.11:" in your client config to let swgp-go bind to 192.168.50.11:0 for its outgoing sockets.
I move around a lot with laptop and sometimes I use mobile hotspot so fixed IP does not work for me.
I move around a lot with laptop and sometimes I use mobile hotspot so fixed IP does not work for me.
Does the network interface change? Would it work for you if I add an option to bind to a specific interface?
Thank you for rebasing and keeping this PR up-to-date! It's in much better shape now that the route calls are implemented in code. Still, I have some concerns with the approach taken here. Polling for route changes will always leave room for routing loops in between polls. Instead of relying on the OS routing table, may I suggest another approach?
Currently, swgp-go implements sticky sockets at the "listener" end. That is, it remembers the last network interface and IP the client packet was received from, and always sends back via the same path. The facility for implementing this is well abstracted, and can be used for the outgoing end as well.
https://github.com/database64128/swgp-go/blob/8c4f6a1f0dd9e0f0d09de6f6c42e0a497b98e13f/service/client.go#L649-L651
Your "default gateway" (or whatever you call it) service could maintain an atomic pointer to the current outgoing network interface index and IP address, and in the above code snippet, populate the relevant fields in conn.SocketControlMessage, something like:
if c.autoOutgoingIface {
if info := outgoingIfaceState.Load(); info != nil {
scm.PktinfoAddr = info.Addr
scm.PktinfoIfindex = info.Ifindex
}
}
Does the network interface change? Would it work for you if I add an option to bind to a specific interface?
I can fix the IP address, but this may cause problems as I switch to new network the range might not be totally different from what I've setup on my machine. And There could be some IP address conflict even if the network range is the same.
Currently, swgp-go implements sticky sockets at the "listener" end. That is, it remembers the last network interface and IP the client packet was received from, and always sends back via the same path. The facility for implementing this is well abstracted, and can be used for the outgoing end as well.
Please correct me If I am wrong, I am assuming that this approach assumes that we could get to send out packets successfully and we get to parse the control message out from the received packets?
Current problem I am facing is that when swgp (default version) and wireguard are running, I could not send out any packets as the routing is not correctly setup for macOS. There is a loop and all the traffic goes to wg.
I've been using the new deployed code on my machine it is working great. I could not see any issues so far.
Does the network interface change? Would it work for you if I add an option to bind to a specific interface?
I can fix the IP address, but this may cause problems as I switch to new network the range might not be totally different from what I've setup on my machine. And There could be some IP address conflict even if the network range is the same.
I'm not asking you to use a fixed IP address. I'm asking whether the physical interface in use changes between places. For example, when you switch to a mobile hotspot, is the physical interface still en0?
Please correct me If I am wrong, I am assuming that this approach assumes that we could get to send out packets successfully and we get to parse the control message out from the received packets?
No, that's not what I meant. Your current approach is to discover the default physical interface and add a route to the swgp-go server address via the interface's gateway. What I'm saying is, instead of using the information to create routes, you could simply set the pktinfo on outgoing packets so they are sent via the right physical interface.
I'm not asking you to use a fixed IP address. I'm asking whether the physical interface in use changes between places. For example, when you switch to a mobile hotspot, is the physical interface still en0?
Yes. will be fixed for most of the time. en0
No, that's not what I meant. Your current approach is to discover the default physical interface and add a route to the swgp-go server address via the interface's gateway. What I'm saying is, instead of using the information to create routes, you could simply set the pktinfo on outgoing packets so they are sent via the right physical interface.
I surely can set the pktinfo via the socket control message, but it still cannot solve no route problem ? I mean specifying the outgoing networking interface is not enough not send the packet out if there is not route?
I surely can set the
pktinfovia the socket control message, but it still cannot solveno routeproblem ? I mean specifying the outgoing networking interface is not enough not send the packet out if there is not route?
What's this no route problem? Isn't there a default route for the physical interface?
It should be easy to verify whether my approach works or not.
https://github.com/database64128/swgp-go/blob/8c4f6a1f0dd9e0f0d09de6f6c42e0a497b98e13f/service/client.go#L649-L651
Just hardcode the PktinfoAddr and PktinfoIfindex fields here and see if it works.
Actually I tried this, it threw routing errors (could not route to the proxy server). It did not work.
https://github.com/lsgrep/swgp-go/tree/macos-routes2
Actually I tried this, it threw routing errors (could not route to the proxy server). It did not work.
https://github.com/lsgrep/swgp-go/tree/macos-routes2
Sorry I didn't describe it clearly. The PktinfoAddr needs to be the network interface's IP address, not the gateway address. Say your assigned IPv4 address on en0 is 192.168.1.5/24, you set PktinfoAddr to 192.168.1.5, not 192.168.1.1.
I also could not wrap my head around the networking, without the route how networking interface could send the packet out? Sorry this might be a dumb question
Dec 23 21:49:30.393 WRN Failed to write swgpPacket to proxyConn client=client-mac listenAddress=[::]:23456 clientAddress=[::ffff:127.0.0.1]:51820 proxyConnListenAddress=192.168.1.4:60100 pr
oxyAddress=PROXY_SERVER:20221 swgpPacketLength=1229 segmentSize=1229 err="write udp4 192.168.1.4:60100->PROXY_SERVER:20221: sendmsg: no route to host"
@lsgrep I just tested the pktinfo approach with some minimal test code on my MacBook and did not see no route to host errors. Could you adapt the following code to your environment and see if it fails with the error? Thanks.
package service
import (
"context"
"net/netip"
"testing"
"github.com/database64128/swgp-go/conn"
)
func TestPktinfo4(t *testing.T) {
c, _, err := conn.DefaultUDPClientListenConfig.ListenUDP(context.Background(), "udp4", "")
if err != nil {
t.Fatal(err)
}
t.Cleanup(func() {
_ = c.Close()
})
scm := conn.SocketControlMessage{
// 192.168.2.11
PktinfoAddr: netip.AddrFrom4([4]byte{192, 168, 2, 11}),
PktinfoIfindex: 11,
}
cmsg := scm.AppendTo(nil)
// 1.1.1.1:53
addrPort := netip.AddrPortFrom(netip.AddrFrom4([4]byte{1, 1, 1, 1}), 53)
if _, _, err = c.WriteMsgUDPAddrPort([]byte("hello"), cmsg, addrPort); err != nil {
t.Fatal(err)
}
}
func TestPktinfo6(t *testing.T) {
c, _, err := conn.DefaultUDPClientListenConfig.ListenUDP(context.Background(), "udp", "")
if err != nil {
t.Fatal(err)
}
t.Cleanup(func() {
_ = c.Close()
})
scm := conn.SocketControlMessage{
// fd96:377:aa32:a38f::8
PktinfoAddr: netip.AddrFrom16([16]byte{0xfd, 0x96, 0x03, 0x77, 0xaa, 0x32, 0xa3, 0x8f, 15: 0x08}),
PktinfoIfindex: 22,
}
cmsg := scm.AppendTo(nil)
// [2606:4700:4700::1111]:53
addrPort := netip.AddrPortFrom(netip.AddrFrom16([16]byte{0x26, 0x06, 0x47, 0x00, 0x47, 0x00, 14: 0x11, 15: 0x11}), 53)
if _, _, err = c.WriteMsgUDPAddrPort([]byte("hello"), cmsg, addrPort); err != nil {
t.Fatal(err)
}
}
You could observe whether the packet is successfully sent on the right interface with tools like WireShark.
@lsgrep Hi, I just finished implementing this feature for the BSDs. Can you give it a try? It's on the main branch. Add "proxyAutoPickInterface": true to your client config to enable it.
yAddress=172.237.20.56:20221 swgpPacketLength=734 segmentSize=734 err="write udp4 0.0.0.0:50972->server_ip:20221: sendmsg: network is unreachable"
It did't work
@lsgrep Can you post all relevant log messages, especially the ones from the interface picker? I tested this on my MacBook and it worked perfectly.
Aug 12 20:04:21.924 INF swgp-go version=1.8.0
Aug 12 20:04:21.925 INF Started service client=client-mac listenAddress=[::]:23456 proxyAddress=SERVER_IP:20221 wgTunnelMTU=1328 maxUDPGSOSegments=1 udpGRO=false
Aug 12 20:04:21.925 DBG Discovered default route rtmType=4 rtmIndex=15 rtmPid=0 ifaAddr=192.168.1.5
Aug 12 20:04:21.925 DBG Discovered default route rtmType=4 rtmIndex=19 rtmPid=0 ifaAddr=fe80::8a45:e975:3a35:3009
Aug 12 20:04:21.925 DBG Discovered default route rtmType=4 rtmIndex=33 rtmPid=0 ifaAddr=fe80::48a4:7de0:1b32:a6b8
Aug 12 20:04:21.925 DBG Discovered default route rtmType=4 rtmIndex=34 rtmPid=0 ifaAddr=fe80::9df1:fd3a:5c47:a7d6
Aug 12 20:04:21.925 DBG Discovered default route rtmType=4 rtmIndex=35 rtmPid=0 ifaAddr=fe80::ce81:b1c:bd2c:69e
Aug 12 20:04:21.925 DBG Discovered default route rtmType=4 rtmIndex=37 rtmPid=0 ifaAddr=fe80::c8f0:79ff:2002:fbf8
Aug 12 20:04:21.925 DBG Discovered default route rtmType=4 rtmIndex=38 rtmPid=0 ifaAddr=fe80::6e08:865f:3e39:2043
Aug 12 20:04:21.925 DBG Processing interface address ifindex=15 ifaAddr=192.168.1.5
Aug 12 20:04:21.925 INF Updating default pktinfo4 oldAddr="" oldIfindex=0 newAddr=192.168.1.5 newIfindex=15
Aug 12 20:04:21.925 INF Started interface picker
Aug 12 20:04:25.862 DBG Updated client pktinfo client=client-mac listenAddress=[::]:23456 clientAddress=[::ffff:127.0.0.1]:51820 clientPktinfoAddr=::ffff:127.0.0.1 clientPktinfoIfindex=1
Aug 12 20:04:25.862 DBG New client session client=client-mac listenAddress=[::]:23456 clientAddress=[::ffff:127.0.0.1]:51820 proxyAddress=SERVER_IP:20221
Aug 12 20:04:25.862 INF Client relay started client=client-mac listenAddress=[::]:23456 clientAddress=[::ffff:127.0.0.1]:51820 proxyConnListenAddress=0.0.0.0:57010 proxyAddress=172.237.20
.56:20221 wgTunnelMTU=1328 maxUDPGSOSegments=1 udpGRO=false
Aug 12 20:04:25.862 WRN Failed to write swgpPacket to proxyConn client=client-mac listenAddress=[::]:23456 clientAddress=[::ffff:127.0.0.1]:51820 proxyConnListenAddress=0.0.0.0:57010 prox
yAddress=SERVER_IP:20221 swgpPacketLength=961 segmentSize=961 err="write udp4 0.0.0.0:57010->SERVER_IP:20221: sendmsg: network is unreachable"
Aug 12 20:04:30.864 WRN Failed to write swgpPacket to proxyConn client=client-mac listenAddress=[::]:23456 clientAddress=[::ffff:127.0.0.1]:51820 proxyConnListenAddress=0.0.0.0:57010 prox
yAddress=SERVER_IP:20221 swgpPacketLength=686 segmentSize=686 err="write udp4 0.0.0.0:57010->SERVER_IP:20221: sendmsg: network is unreachable"
Aug 12 20:04:36.193 WRN Failed to write swgpPacket to proxyConn client=client-mac listenAddress=[::]:23456 clientAddress=[::ffff:127.0.0.1]:51820 proxyConnListenAddress=0.0.0.0:57010 prox
yAddress=SERVER_IP:20221 swgpPacketLength=307 segmentSize=307 err="write udp4 0.0.0.0:57010->SERVER_IP:20221: sendmsg: network is unreachable"
newAddr=192.168.1.5 newIfindex=15
Is this the right interface to send packets from?
What’s the configuration of your WireGuard tunnel? I’m using the WireGuard app from the App Store. My allowed IPs are ::/0, 0.0.0.0/0.
Can you post the output of netstat -rln before and after activating the tunnel?
Wireguard:
Endpoint = 0.0.0.0:23456
AllowedIPs = 0.0.0.0/0, ::/0
before activating the proxy:
Routing tables
Internet:
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire
default 192.168.1.1 192.168.1.5 UGScg 218 0 1500 en0
127 127.0.0.1 127.0.0.1 UCS 2 1054793445 16384 lo0
127.0.0.1 127.0.0.1 127.0.0.1 UHW3I 0 1054793443 16384 lo0 !
169.254 link#15 192.168.1.5 UCS 1 0 1500 en0 !
192.168.1 link#15 192.168.1.5 UCS 1 0 1500 en0 !
192.168.1.1/32 link#15 192.168.1.5 UCS 2 0 1500 en0 !
192.168.1.1 8:74:58:71:57:d0 192.168.1.5 UHLWIir 43 0 1500 en0 1196
192.168.1.5/32 link#15 192.168.1.5 UCS 0 0 1500 en0 !
192.168.1.255 ff:ff:ff:ff:ff:ff 192.168.1.5 UHLWbI 0 2 1500 en0 !
224.0.0/4 link#15 192.168.1.5 UmCS 1 0 1500 en0 !
224.0.0.251 1:0:5e:0:0:fb 192.168.1.5 UHmLWI 0 0 1500 en0
255.255.255.255/32 link#15 192.168.1.5 UCS 0 0 1500 en0 !
Internet6:
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire
default fe80::%utun0 fe80::8a45:e975:3a35:3009%utun0 UGcIg 0 0 1500 utun0
default fe80::%utun1 fe80::48a4:7de0:1b32:a6b8%utun1 UGcIg 0 0 1380 utun1
default fe80::%utun2 fe80::9df1:fd3a:5c47:a7d6%utun2 UGcIg 0 0 2000 utun2
default fe80::%utun3 fe80::ce81:b1c:bd2c:69e%utun3 UGcIg 0 0 1000 utun3
default fe80::%utun5 fe80::c8f0:79ff:2002:fbf8%utun5 UGcIg 0 0 1380 utun5
default fe80::%utun6 fe80::6e08:865f:3e39:2043%utun6 UGcIg 0 0 1380 utun6
::1 ::1 ::1 UHL 0 397304 16384 lo0
fe80::%lo0/64 fe80::1%lo0 fe80::1%lo0 UcI 1 0 16384 lo0
fe80::1%lo0 link#1 fe80::1%lo0 UHLI 1 895 16384 lo0
fe80::%en8/64 link#13 fe80::30eb:4bff:fe33:81cb%en8 UCI 2 0 1500 en8
fe80::30eb:4bff:fe33:8134%en8 32:eb:4b:33:81:34 fe80::30eb:4bff:fe33:81cb%en8 UHLWIi 5 54623 1500 en8
fe80::30eb:4bff:fe33:81cb%en8 32:eb:4b:33:81:cb fe80::30eb:4bff:fe33:81cb%en8 UHLI 0 8 16384 lo0
fe80::%en0/64 link#15 fe80::4d2:406f:7096:9b18%en0 UCI 1 0 1500 en0
fe80::4d2:406f:7096:9b18%en0 16:5d:80:ce:8:80 fe80::4d2:406f:7096:9b18%en0 UHLI 1 0 16384 lo0
fe80::5053:f5ff:fe05:e153%awdl0 52:53:f5:5:e1:53 fe80::5053:f5ff:fe05:e153%awdl0 UHLI 0 0 16384 lo0
fe80::5053:f5ff:fe05:e153%llw0 52:53:f5:5:e1:53 fe80::5053:f5ff:fe05:e153%llw0 UHLI 0 0 16384 lo0
fe80::%utun0/64 fe80::8a45:e975:3a35:3009%utun0 fe80::8a45:e975:3a35:3009%utun0 UcI 2 0 1500 utun0
fe80::8a45:e975:3a35:3009%utun0 link#19 fe80::8a45:e975:3a35:3009%utun0 UHLI 1 0 16384 lo0
fe80::%utun1/64 fe80::48a4:7de0:1b32:a6b8%utun1 fe80::48a4:7de0:1b32:a6b8%utun1 UcI 2 0 1380 utun1
fe80::48a4:7de0:1b32:a6b8%utun1 link#33 fe80::48a4:7de0:1b32:a6b8%utun1 UHLI 1 0 16384 lo0
fe80::%utun2/64 fe80::9df1:fd3a:5c47:a7d6%utun2 fe80::9df1:fd3a:5c47:a7d6%utun2 UcI 2 0 2000 utun2
fe80::9df1:fd3a:5c47:a7d6%utun2 link#34 fe80::9df1:fd3a:5c47:a7d6%utun2 UHLI 1 0 16384 lo0
fe80::%utun3/64 fe80::ce81:b1c:bd2c:69e%utun3 fe80::ce81:b1c:bd2c:69e%utun3 UcI 2 0 1000 utun3
fe80::ce81:b1c:bd2c:69e%utun3 link#35 fe80::ce81:b1c:bd2c:69e%utun3 UHLI 1 0 16384 lo0
fe80::%utun5/64 fe80::c8f0:79ff:2002:fbf8%utun5 fe80::c8f0:79ff:2002:fbf8%utun5 UcI 3 0 1380 utun5
fe80::c8f0:79ff:2002:fbf8%utun5 link#37 fe80::c8f0:79ff:2002:fbf8%utun5 UHLI 0 0 16384 lo0
fe80::%utun6/64 fe80::6e08:865f:3e39:2043%utun6 fe80::6e08:865f:3e39:2043%utun6 UcI 2 0 1380 utun6
fe80::6e08:865f:3e39:2043%utun6 link#38 fe80::6e08:865f:3e39:2043%utun6 UHLI 1 0 16384 lo0
ff00::/8 ::1 ::1 UmCI 0 0 16384 lo0
ff00::/8 link#13 fe80::30eb:4bff:fe33:81cb%en8 UmCI 0 0 1500 en8
ff00::/8 link#15 fe80::10c2:f7f6:b2fb:59b2%en0 UmCI 0 0 1500 en0
ff00::/8 link#17 fe80::44bf:7bff:fe45:312a%awdl0 UmCI 0 0 1500 awdl0
ff00::/8 link#18 fe80::44bf:7bff:fe45:312a%llw0 UmCI 0 0 1500 llw0
ff00::/8 fe80::8a45:e975:3a35:3009%utun0 fe80::8a45:e975:3a35:3009%utun0 UmCI 0 0 1500 utun0
ff00::/8 fe80::48a4:7de0:1b32:a6b8%utun1 fe80::48a4:7de0:1b32:a6b8%utun1 UmCI 0 0 1380 utun1
ff00::/8 fe80::9df1:fd3a:5c47:a7d6%utun2 fe80::9df1:fd3a:5c47:a7d6%utun2 UmCI 0 0 2000 utun2
ff00::/8 fe80::ce81:b1c:bd2c:69e%utun3 fe80::ce81:b1c:bd2c:69e%utun3 UmCI 0 0 1000 utun3
ff00::/8 fe80::c8f0:79ff:2002:fbf8%utun5 fe80::c8f0:79ff:2002:fbf8%utun5 UmCI 0 0 1380 utun5
ff00::/8 fe80::6e08:865f:3e39:2043%utun6 fe80::6e08:865f:3e39:2043%utun6 UmCI 0 0 1380 utun6
ff01::%lo0/32 ::1 ::1 UmCI 0 0 16384 lo0
ff01::%en8/32 link#13 fe80::30eb:4bff:fe33:81cb%en8 UmCI 0 0 1500 en8
ff01::%en0/32 link#15 fe80::10c2:f7f6:b2fb:59b2%en0 UmCI 0 0 1500 en0
ff01::%utun0/32 fe80::8a45:e975:3a35:3009%utun0 fe80::8a45:e975:3a35:3009%utun0 UmCI 0 0 1500 utun0
ff01::%utun1/32 fe80::48a4:7de0:1b32:a6b8%utun1 fe80::48a4:7de0:1b32:a6b8%utun1 UmCI 0 0 1380 utun1
ff01::%utun2/32 fe80::9df1:fd3a:5c47:a7d6%utun2 fe80::9df1:fd3a:5c47:a7d6%utun2 UmCI 0 0 2000 utun2
ff01::%utun3/32 fe80::ce81:b1c:bd2c:69e%utun3 fe80::ce81:b1c:bd2c:69e%utun3 UmCI 0 0 1000 utun3
ff01::%utun5/32 fe80::c8f0:79ff:2002:fbf8%utun5 fe80::c8f0:79ff:2002:fbf8%utun5 UmCI 0 0 1380 utun5
ff01::%utun6/32 fe80::6e08:865f:3e39:2043%utun6 fe80::6e08:865f:3e39:2043%utun6 UmCI 0 0 1380 utun6
ff02::%lo0/32 ::1 ::1 UmCI 0 0 16384 lo0
ff02::%en8/32 link#13 fe80::30eb:4bff:fe33:81cb%en8 UmCI 0 0 1500 en8
ff02::%en0/32 link#15 fe80::10c2:f7f6:b2fb:59b2%en0 UmCI 0 0 1500 en0
ff02::%utun0/32 fe80::8a45:e975:3a35:3009%utun0 fe80::8a45:e975:3a35:3009%utun0 UmCI 0 0 1500 utun0
ff02::%utun1/32 fe80::48a4:7de0:1b32:a6b8%utun1 fe80::48a4:7de0:1b32:a6b8%utun1 UmCI 0 0 1380 utun1
ff02::%utun2/32 fe80::9df1:fd3a:5c47:a7d6%utun2 fe80::9df1:fd3a:5c47:a7d6%utun2 UmCI 0 0 2000 utun2
ff02::%utun3/32 fe80::ce81:b1c:bd2c:69e%utun3 fe80::ce81:b1c:bd2c:69e%utun3 UmCI 0 0 1000 utun3
ff02::%utun5/32 fe80::c8f0:79ff:2002:fbf8%utun5 fe80::c8f0:79ff:2002:fbf8%utun5 UmCI 0 0 1380 utun5
ff02::%utun6/32 fe80::6e08:865f:3e39:2043%utun6 fe80::6e08:865f:3e39:2043%utun6 UmCI 0 0 1380 utun6
after activation of the proxy & wg
Routing tables
Internet:
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire
0/1 utun4 10.6.0.2 UScg 173 0 1296 utun4
default 192.168.1.1 192.168.1.5 UGScg 0 0 1500 en0
10.6.0.2 10.6.0.2 10.6.0.2 UH 0 0 1296 utun4
127 127.0.0.1 127.0.0.1 UCS 3 1054793467 16384 lo0
127.0.0.1 127.0.0.1 127.0.0.1 UHW3I 0 1054793467 16384 lo0 8
128.0/1 utun4 10.6.0.2 USc 7 0 1296 utun4
169.254 link#15 192.168.1.5 UCS 1 0 1500 en0 !
192.168.1 link#15 192.168.1.5 UCS 1 0 1500 en0 !
192.168.1.1/32 link#15 192.168.1.5 UCS 1 0 1500 en0 !
192.168.1.1 8:74:58:71:57:d0 192.168.1.5 UHLWIir 1 30 1500 en0 1177
192.168.1.5/32 link#15 192.168.1.5 UCS 0 0 1500 en0 !
192.168.1.255 ff:ff:ff:ff:ff:ff 192.168.1.5 UHLWbI 0 6 1500 en0 !
224.0.0/4 link#15 192.168.1.5 UmCS 1 0 1500 en0 !
224.0.0.251 1:0:5e:0:0:fb 192.168.1.5 UHmLWI 0 0 1500 en0
255.255.255.255/32 link#15 192.168.1.5 UCS 0 0 1500 en0 !
Internet6:
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire
default fe80::%utun0 fe80::8a45:e975:3a35:3009%utun0 UGcIg 0 0 1500 utun0
default fe80::%utun1 fe80::48a4:7de0:1b32:a6b8%utun1 UGcIg 0 0 1380 utun1
default fe80::%utun2 fe80::9df1:fd3a:5c47:a7d6%utun2 UGcIg 0 0 2000 utun2
default fe80::%utun3 fe80::ce81:b1c:bd2c:69e%utun3 UGcIg 0 0 1000 utun3
default fe80::%utun5 fe80::c8f0:79ff:2002:fbf8%utun5 UGcIg 0 0 1380 utun5
default fe80::%utun6 fe80::6e08:865f:3e39:2043%utun6 UGcIg 0 0 1380 utun6
::1 ::1 ::1 UHL 0 397306 16384 lo0
fe80::%lo0/64 fe80::1%lo0 fe80::1%lo0 UcI 1 0 16384 lo0
fe80::1%lo0 link#1 fe80::1%lo0 UHLI 1 895 16384 lo0
fe80::%en8/64 link#13 fe80::30eb:4bff:fe33:81cb%en8 UCI 2 0 1500 en8
fe80::30eb:4bff:fe33:8134%en8 32:eb:4b:33:81:34 fe80::30eb:4bff:fe33:81cb%en8 UHLWIi 5 54857 1500 en8
fe80::30eb:4bff:fe33:81cb%en8 32:eb:4b:33:81:cb fe80::30eb:4bff:fe33:81cb%en8 UHLI 0 8 16384 lo0
fe80::%en0/64 link#15 fe80::4d2:406f:7096:9b18%en0 UCI 2 0 1500 en0
fe80::4d2:406f:7096:9b18%en0 16:5d:80:ce:8:80 fe80::4d2:406f:7096:9b18%en0 UHLI 0 0 16384 lo0
fe80::8c9:76f7:1b5a:39ce%en0 da:e1:1:93:2e:28 fe80::4d2:406f:7096:9b18%en0 UHLWIi 2 13 1500 en0
fe80::5053:f5ff:fe05:e153%awdl0 52:53:f5:5:e1:53 fe80::5053:f5ff:fe05:e153%awdl0 UHLI 0 0 16384 lo0
fe80::5053:f5ff:fe05:e153%llw0 52:53:f5:5:e1:53 fe80::5053:f5ff:fe05:e153%llw0 UHLI 0 0 16384 lo0
fe80::%utun0/64 fe80::8a45:e975:3a35:3009%utun0 fe80::8a45:e975:3a35:3009%utun0 UcI 2 0 1500 utun0
fe80::8a45:e975:3a35:3009%utun0 link#19 fe80::8a45:e975:3a35:3009%utun0 UHLI 1 0 16384 lo0
fe80::%utun1/64 fe80::48a4:7de0:1b32:a6b8%utun1 fe80::48a4:7de0:1b32:a6b8%utun1 UcI 2 0 1380 utun1
fe80::48a4:7de0:1b32:a6b8%utun1 link#33 fe80::48a4:7de0:1b32:a6b8%utun1 UHLI 1 0 16384 lo0
fe80::%utun2/64 fe80::9df1:fd3a:5c47:a7d6%utun2 fe80::9df1:fd3a:5c47:a7d6%utun2 UcI 2 0 2000 utun2
fe80::9df1:fd3a:5c47:a7d6%utun2 link#34 fe80::9df1:fd3a:5c47:a7d6%utun2 UHLI 1 0 16384 lo0
fe80::%utun3/64 fe80::ce81:b1c:bd2c:69e%utun3 fe80::ce81:b1c:bd2c:69e%utun3 UcI 2 0 1000 utun3
fe80::ce81:b1c:bd2c:69e%utun3 link#35 fe80::ce81:b1c:bd2c:69e%utun3 UHLI 1 0 16384 lo0
fe80::%utun5/64 fe80::c8f0:79ff:2002:fbf8%utun5 fe80::c8f0:79ff:2002:fbf8%utun5 UcI 3 0 1380 utun5
fe80::c8f0:79ff:2002:fbf8%utun5 link#37 fe80::c8f0:79ff:2002:fbf8%utun5 UHLI 0 0 16384 lo0
fe80::%utun6/64 fe80::6e08:865f:3e39:2043%utun6 fe80::6e08:865f:3e39:2043%utun6 UcI 2 0 1380 utun6
fe80::6e08:865f:3e39:2043%utun6 link#38 fe80::6e08:865f:3e39:2043%utun6 UHLI 1 0 16384 lo0
ff00::/8 ::1 ::1 UmCI 0 0 16384 lo0
ff00::/8 link#13 fe80::30eb:4bff:fe33:81cb%en8 UmCI 0 0 1500 en8
ff00::/8 link#15 fe80::10c2:f7f6:b2fb:59b2%en0 UmCI 0 0 1500 en0
ff00::/8 link#17 fe80::44bf:7bff:fe45:312a%awdl0 UmCI 0 0 1500 awdl0
ff00::/8 link#18 fe80::44bf:7bff:fe45:312a%llw0 UmCI 0 0 1500 llw0
ff00::/8 fe80::8a45:e975:3a35:3009%utun0 fe80::8a45:e975:3a35:3009%utun0 UmCI 0 0 1500 utun0
ff00::/8 fe80::48a4:7de0:1b32:a6b8%utun1 fe80::48a4:7de0:1b32:a6b8%utun1 UmCI 0 0 1380 utun1
ff00::/8 fe80::9df1:fd3a:5c47:a7d6%utun2 fe80::9df1:fd3a:5c47:a7d6%utun2 UmCI 0 0 2000 utun2
ff00::/8 fe80::ce81:b1c:bd2c:69e%utun3 fe80::ce81:b1c:bd2c:69e%utun3 UmCI 0 0 1000 utun3
ff00::/8 fe80::c8f0:79ff:2002:fbf8%utun5 fe80::c8f0:79ff:2002:fbf8%utun5 UmCI 0 0 1380 utun5
ff00::/8 fe80::6e08:865f:3e39:2043%utun6 fe80::6e08:865f:3e39:2043%utun6 UmCI 0 0 1380 utun6
ff01::%lo0/32 ::1 ::1 UmCI 0 0 16384 lo0
ff01::%en8/32 link#13 fe80::30eb:4bff:fe33:81cb%en8 UmCI 0 0 1500 en8
ff01::%en0/32 link#15 fe80::10c2:f7f6:b2fb:59b2%en0 UmCI 0 0 1500 en0
ff01::%utun0/32 fe80::8a45:e975:3a35:3009%utun0 fe80::8a45:e975:3a35:3009%utun0 UmCI 0 0 1500 utun0
ff01::%utun1/32 fe80::48a4:7de0:1b32:a6b8%utun1 fe80::48a4:7de0:1b32:a6b8%utun1 UmCI 0 0 1380 utun1
ff01::%utun2/32 fe80::9df1:fd3a:5c47:a7d6%utun2 fe80::9df1:fd3a:5c47:a7d6%utun2 UmCI 0 0 2000 utun2
ff01::%utun3/32 fe80::ce81:b1c:bd2c:69e%utun3 fe80::ce81:b1c:bd2c:69e%utun3 UmCI 0 0 1000 utun3
ff01::%utun5/32 fe80::c8f0:79ff:2002:fbf8%utun5 fe80::c8f0:79ff:2002:fbf8%utun5 UmCI 0 0 1380 utun5
ff01::%utun6/32 fe80::6e08:865f:3e39:2043%utun6 fe80::6e08:865f:3e39:2043%utun6 UmCI 0 0 1380 utun6
ff02::%lo0/32 ::1 ::1 UmCI 0 0 16384 lo0
ff02::%en8/32 link#13 fe80::30eb:4bff:fe33:81cb%en8 UmCI 0 0 1500 en8
ff02::%en0/32 link#15 fe80::10c2:f7f6:b2fb:59b2%en0 UmCI 0 0 1500 en0
ff02::%utun0/32 fe80::8a45:e975:3a35:3009%utun0 fe80::8a45:e975:3a35:3009%utun0 UmCI 0 0 1500 utun0
ff02::%utun1/32 fe80::48a4:7de0:1b32:a6b8%utun1 fe80::48a4:7de0:1b32:a6b8%utun1 UmCI 0 0 1380 utun1
ff02::%utun2/32 fe80::9df1:fd3a:5c47:a7d6%utun2 fe80::9df1:fd3a:5c47:a7d6%utun2 UmCI 0 0 2000 utun2
ff02::%utun3/32 fe80::ce81:b1c:bd2c:69e%utun3 fe80::ce81:b1c:bd2c:69e%utun3 UmCI 0 0 1000 utun3
ff02::%utun5/32 fe80::c8f0:79ff:2002:fbf8%utun5 fe80::c8f0:79ff:2002:fbf8%utun5 UmCI 0 0 1380 utun5
ff02::%utun6/32 fe80::6e08:865f:3e39:2043%utun6 fe80::6e08:865f:3e39:2043%utun6 UmCI 0 0 1380 utun6
logs:
Aug 12 23:13:50.983 INF swgp-go version=1.8.0
Aug 12 23:13:50.983 INF Started service client=client-mac listenAddress=[::]:23456 proxyAddress=172.237.20.56:20221 wgTunnelMTU=1328 maxUDPGSOSegments=1 udpGRO=false
Aug 12 23:13:50.983 DBG Discovered default route rtmType=4 rtmIndex=15 rtmPid=0 ifaAddr=192.168.1.5
Aug 12 23:13:50.983 DBG Discovered default route rtmType=4 rtmIndex=19 rtmPid=0 ifaAddr=fe80::8a45:e975:3a35:3009
Aug 12 23:13:50.983 DBG Discovered default route rtmType=4 rtmIndex=33 rtmPid=0 ifaAddr=fe80::48a4:7de0:1b32:a6b8
Aug 12 23:13:50.983 DBG Discovered default route rtmType=4 rtmIndex=34 rtmPid=0 ifaAddr=fe80::9df1:fd3a:5c47:a7d6
Aug 12 23:13:50.983 DBG Discovered default route rtmType=4 rtmIndex=35 rtmPid=0 ifaAddr=fe80::ce81:b1c:bd2c:69e
Aug 12 23:13:50.983 DBG Discovered default route rtmType=4 rtmIndex=37 rtmPid=0 ifaAddr=fe80::c8f0:79ff:2002:fbf8
Aug 12 23:13:50.983 DBG Discovered default route rtmType=4 rtmIndex=38 rtmPid=0 ifaAddr=fe80::6e08:865f:3e39:2043
Aug 12 23:13:50.983 DBG Processing interface address ifindex=15 ifaAddr=192.168.1.5
Aug 12 23:13:50.983 INF Updating default pktinfo4 oldAddr="" oldIfindex=0 newAddr=192.168.1.5 newIfindex=15
Aug 12 23:13:50.983 INF Started interface picker
Aug 12 23:13:58.405 DBG Updated client pktinfo client=client-mac listenAddress=[::]:23456 clientAddress=[::ffff:127.0.0.1]:51820 clientPktinfoAddr=::ffff:127.0.0.1 clientPktinfoIfindex=1
Aug 12 23:13:58.406 DBG New client session client=client-mac listenAddress=[::]:23456 clientAddress=[::ffff:127.0.0.1]:51820 proxyAddress=172.237.20.56:20221
Aug 12 23:13:58.406 INF Client relay started client=client-mac listenAddress=[::]:23456 clientAddress=[::ffff:127.0.0.1]:51820 proxyConnListenAddress=0.0.0.0:56969 proxyAddress=172.237.20
.56:20221 wgTunnelMTU=1328 maxUDPGSOSegments=1 udpGRO=false
Aug 12 23:13:58.406 WRN Failed to write swgpPacket to proxyConn client=client-mac listenAddress=[::]:23456 clientAddress=[::ffff:127.0.0.1]:51820 proxyConnListenAddress=0.0.0.0:56969 prox
yAddress=172.237.20.56:20221 swgpPacketLength=818 segmentSize=818 err="write udp4 0.0.0.0:56969->172.237.20.56:20221: sendmsg: network is unreachable"
Aug 12 23:14:03.414 WRN Failed to write swgpPacket to proxyConn client=client-mac listenAddress=[::]:23456 clientAddress=[::ffff:127.0.0.1]:51820 proxyConnListenAddress=0.0.0.0:56969 prox
yAddress=172.237.20.56:20221 swgpPacketLength=733 segmentSize=733 err="write udp4 0.0.0.0:56969->172.237.20.56:20221: sendmsg: network is unreachable"
Aug 12 23:14:08.417 WRN Failed to write swgpPacket to proxyConn client=client-mac listenAddress=[::]:23456 clientAddress=[::ffff:127.0.0.1]:51820 proxyConnListenAddress=0.0.0.0:56969 prox
yAddress=172.237.20.56:20221 swgpPacketLength=1207 segmentSize=1207 err="write udp4 0.0.0.0:56969->172.237.20.56:20221: sendmsg: network is unreachable"
Aug 12 23:14:13.476 WRN Failed to write swgpPacket to proxyConn client=client-mac listenAddress=[::]:23456 clientAddress=[::ffff:127.0.0.1]:51820 proxyConnListenAddress=0.0.0.0:56969 prox
yAddress=172.237.20.56:20221 swgpPacketLength=546 segmentSize=546 err="write udp4 0.0.0.0:56969->172.237.20.56:20221: sendmsg: network is unreachable"
Aug 12 23:14:18.682 WRN Failed to write swgpPacket to proxyConn client=client-mac listenAddress=[::]:23456 clientAddress=[::ffff:127.0.0.1]:51820 proxyConnListenAddress=0.0.0.0:56969 prox
yAddress=172.237.20.56:20221 swgpPacketLength=421 segmentSize=421 err="write udp4 0.0.0.0:56969->172.237.20.56:20221: sendmsg: network is unreachable"
Aug 12 23:14:23.991 WRN Failed to write swgpPacket to proxyConn client=client-mac listenAddress=[::]:23456 clientAddress=[::ffff:127.0.0.1]:51820 proxyConnListenAddress=0.0.0.0:56969 prox
yAddress=172.237.20.56:20221 swgpPacketLength=1215 segmentSize=1215 err="write udp4 0.0.0.0:56969->172.237.20.56:20221: sendmsg: network is unreachable"
Aug 12 23:14:29.286 WRN Failed to write swgpPacket to proxyConn client=client-mac listenAddress=[::]:23456 clientAddress=[::ffff:127.0.0.1]:51820 proxyConnListenAddress=0.0.0.0:56969 prox
yAddress=172.237.20.56:20221 swgpPacketLength=1370 segmentSize=1370 err="write udp4 0.0.0.0:56969->172.237.20.56:20221: sendmsg: network is unreachable"
Aug 12 23:14:34.479 WRN Failed to write swgpPacket to proxyConn client=client-mac listenAddress=[::]:23456 clientAddress=[::ffff:127.0.0.1]:51820 proxyConnListenAddress=0.0.0.0:56969 prox
yAddress=172.237.20.56:20221 swgpPacketLength=349 segmentSize=349 err="write udp4 0.0.0.0:56969->172.237.20.56:20221: sendmsg: network is unreachable"
Aug 12 23:14:39.497 WRN Failed to write swgpPacket to proxyConn client=client-mac listenAddress=[::]:23456 clientAddress=[::ffff:127.0.0.1]:51820 proxyConnListenAddress=0.0.0.0:56969 prox
yAddress=172.237.20.56:20221 swgpPacketLength=242 segmentSize=242 err="write udp4 0.0.0.0:56969->172.237.20.56:20221: sendmsg: network is unreachable"
Your routing table does not match your AllowedIPs. 0.0.0.0/0 should result in a default IPv4 route on the tunnel interface, but you instead have 0/1 and 128.0/1. ::/0 should result in a default IPv6 route, which does not exist in your routing table.
In comparison, here's the default routes on my MacBook before enabling the tunnel:
Internet:
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire
default 192.168.51.1 192.168.51.157 UGScg 164 5254 1500 en0
Internet6:
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire
default fe80::76d0:2bff:fe6d:418a%en0 fe80::1418:6e48:c081:83bc%en0 UGcg 7 0 1500 en0
After:
Internet:
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire
default link#21 10.240.3.5 UCSg 143 0 1408 utun6
default 192.168.51.1 192.168.51.157 UGScIg 17 0 1500 en0
Internet6:
Destination Gateway RT_IFA Flags Refs Use Mtu Netif Expire
default 2***:****:****:****:: fe80::52a6:d8ff:fec2:84e6%utun6 UGcg 3 0 1408 utun6
default fe80::76d0:2bff:fe6d:418a%en0 fe80::1418:6e48:c081:83bc%en0 UGcIg 1 0 1500 en0
In my case, tools like route -n monitor will show you that during tunnel activation, configd deletes the default route on en0, and re-creates it with the IFSCOPE flag. This allows the en0 default route to coexist with the utun6 default route.
What kind of setup do you have? Is it possible for you to modify your setup to have the correct default routes, instead of the weird 0/1 and 128.0/1 routes? I don't know exactly how macOS handles routing in this case, but I'm quite convinced this is the cause of the issue.
I think that is the same reason why my previous attempts failed as well. It is my personal computer and I don't have anything special. Maybe it is the system version, I might need to do some googling.
Endpoint = 0.0.0.0:23456
In general using the unspecified address as the destination address is not considered a good practice, even though it works most of the time. Always use the actual loopback addresses (127.0.0.1 and ::1).
Could this have anything to do with the routes you are getting?