I'm trying to setup WireGuard VPN server on a cloud virtual server (Yandex cloud).
Server config:
[Interface]
Address = 10.128.0.19/24
MTU = 1500
SaveConfig = false
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t >
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables ->
ListenPort = 41820
PrivateKey = <cut>
[Peer]
PublicKey = 0fWTvnU+j4D4pXfv0hWtAJDatRj/DxgPH3zwrSbT7js=
AllowedIPs = 10.128.0.201/32
Client config:
[Interface]
PrivateKey = <cut>
Address = 10.128.0.200/32
DNS = 1.1.1.1, 1.0.0.1
[Peer]
PublicKey = g9HF8K1303CwDrYb0ga8/dBe8EY8tb3wlreO0lHA9iI=
AllowedIPs = 0.0.0.0/0
Endpoint = <cut>:41820
PersistentKeepalive = 25
I've enabled the net.ipv4.ip_forward=1 option on the server. The server is on the public cloud compute instance. The client is an Android device in a home network behind NAT.
When I turn on the tunnel, all the communications stops. I can't ping anything from the device. At the same time, I can see successful handshakes in the wg output:
interface: wg0
public key: g9HF8K1303CwDrYb0ga8/dBe8EY8tb3wlreO0lHA9iI=
private key: (hidden)
listening port: 41820
peer: 0fWTvnU+j4D4pXfv0hWtAJDatRj/DxgPH3zwrSbT7js=
endpoint: <cut>:38517
allowed ips: 10.128.0.201/32
latest handshake: 15 seconds ago
transfer: 2.25 KiB received, 124 B sent
I can't ping neither the VPN server internal IP address (10.128.0.19) nor any of public IPs (like 1.1.1.1).
The server's ifconfig output is the following:
$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.128.0.19 netmask 255.255.255.0 broadcast 10.128.0.255
inet6 fe80::d20d:1bff:fe98:a801 prefixlen 64 scopeid 0x20<link>
ether d0:0d:1b:98:a8:01 txqueuelen 1000 (Ethernet)
RX packets 16530 bytes 2016056 (2.0 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12031 bytes 1483606 (1.4 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 177 bytes 14328 (14.3 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 177 bytes 14328 (14.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1500
inet 10.128.0.19 netmask 255.255.255.0 destination 10.128.0.19
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
RX packets 145 bytes 16504 (16.5 KB)
RX errors 54 dropped 0 overruns 0 frame 54
TX packets 11 bytes 472 (472.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
The OS on the server is Ubuntu 20.04.
I tried to set MTU on the client side to 1500 but nothing changed.
What I'm doing wrong?
The issue was in the server's interface IP address. The correct one is
[Interface]
Address = 10.128.0.19/32
The subnet part should be 32 instead of 24 in my case.
After that, the connection works well.
The allowed ip is wrong in the server configuration.
Please change it from:
[Peer]
PublicKey = 0fWTvnU+j4D4pXfv0hWtAJDatRj/DxgPH3zwrSbT7js=
AllowedIPs = 10.128.0.201/32
to:
[Peer]
PublicKey = 0fWTvnU+j4D4pXfv0hWtAJDatRj/DxgPH3zwrSbT7js=
AllowedIPs = 10.128.0.200/32
Related
I am unable to connect to PSql from my DigitalOcean server. This happened after resizing the droplet.
listen_addresses = '*' added to postgresql.conf
host all all 0.0.0.0/0 md5 added to pg_hba.conf
netstat -nlp displays the following:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 1705/redis-server 1
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 23688/unicorn.conf
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1693/nginx
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1390/sshd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1693/nginx
tcp6 0 0 :::22 :::* LISTEN 1390/sshd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 10806 1173/dbus-daemon /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 711 1213/systemd /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 11921 1213/systemd /run/systemd/journal/stdout
unix 2 [ ACC ] STREAM LISTENING 11924 1213/systemd /run/snapd.socket
unix 2 [ ACC ] STREAM LISTENING 11925 1213/systemd /run/snapd-snap.socket
unix 2 [ ACC ] STREAM LISTENING 2813 1449/acpid /var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 9801 1/init #/com/ubuntu/upstart
unix 2 [ ACC ] SEQPACKET LISTENING 427 708/systemd-udevd /run/udev/control
I am trying to use gcp to host my back end rest api. I have created successfully a vm instsnce ubuntu debian 9 , configured the firewall rules vpc network and now I have to to "make" it listen to some ports, in order the vm instance to accept requests from adresses. I followed the tutorials here: https://geekflare.com/gcp-load-balancer/ and https://www.scaleway.com/en/docs/how-to-configure-nginx-reverse-proxy/ , but neither of them works for me. Using load balancing and running the netstat -l in shh terimal , I get this :
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
udp 0 0 instance-group-2-ff:ntp 0.0.0.0:*
udp 0 0 localhost:ntp 0.0.0.0:*
udp 0 0 0.0.0.0:ntp 0.0.0.0:*
udp6 0 0 fe80::4001:aff:fea6:ntp [::]:*
udp6 0 0 localhost:ntp [::]:*
udp6 0 0 [::]:ntp [::]:*
and
from nginx :
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp6 0 0 [::]:http [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
udp 0 0 instance-group-for-:ntp 0.0.0.0:*
udp 0 0 localhost:ntp 0.0.0.0:*
udp 0 0 0.0.0.0:ntp 0.0.0.0:*
udp6 0 0 fe80::4001:aff:fea6:ntp [::]:*
udp6 0 0 localhost:ntp [::]:*
udp6 0 0 [::]:ntp [::]:*
and when writing the external ip on web browser : 502 Bad Gateway nginx/1.10.3
The reverse-proxy.conf is :
server {
listen 80;
listen [::]:80;
access_log /var/log/nginx/reverse-access.log;
error_log /var/log/nginx/reverse-error.log;
location / {
proxy_pass http://external:80;
}
}
I also tested nginx and everything is ok.
Do you know maybe what is wrong? Any help would be really appreciated
I've created a LXC container in Ubuntu 18.04. Physically, there is an USB to Ethernet adapter connected on the host machine. After starting the LXC container, how to access the USB ethernet adapter? Are there configurations for LXC to do?
The info on the Host machine:
rui#rui-desktop:~$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::f763:92fe:8145:163 prefixlen 64 scopeid 0x20<link>
ether 00:0e:c6:c9:1a:18 txqueuelen 1000 (Ethernet)
RX packets 1 bytes 46 (46.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 158 bytes 29470 (29.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1430
inet 173.39.202.159 netmask 255.255.255.128 broadcast 173.39.202.255
inet6 fe80::2e0:4cff:fe68:12c prefixlen 64 scopeid 0x20<link>
ether 00:e0:4c:68:01:2c txqueuelen 1000 (Ethernet)
RX packets 1911906 bytes 851840909 (851.8 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 350546 bytes 25613552 (25.6 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 149 base 0xd000
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 35420 bytes 2918763 (2.9 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 35420 bytes 2918763 (2.9 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lxcbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 10.0.3.1 netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::216:3eff:fe00:0 prefixlen 64 scopeid 0x20<link>
ether 00:16:3e:00:00:00 txqueuelen 1000 (Ethernet)
RX packets 859 bytes 86124 (86.1 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 831 bytes 88890 (88.8 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
rndis0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether be:86:e5:ee:9a:ed txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
usb0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether be:86:e5:ee:9a:ef txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0 is the interface that I want to access, and the output from lsusb is
rui#rui-desktop:~$ lsusb
Bus 002 Device 002: ID 0bda:0411 Realtek Semiconductor Corp.
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
**Bus 001 Device 015: ID 0b95:7720 ASIX Electronics Corp. AX88772**
Bus 001 Device 002: ID 0bda:5411 Realtek Semiconductor Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
LXC container info:
Last login: Sat Feb 24 17:40:28 UTC 2018 on pts/0
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.9.140-tegra aarch64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
cisco#ul:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
40: eth0#if41: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:d6:9b:38 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.0.3.194/24 brd 10.0.3.255 scope global dynamic eth0
valid_lft 3586sec preferred_lft 3586sec
inet6 fe80::216:3eff:fed6:9b38/64 scope link
valid_lft forever preferred_lft forever
Adding these setting in /var/lib/lxc/ul/config make it working.
lxc.net.1.type = phys
lxc.net.1.link = eth0
lxc.net.1.flags = up
lxc.net.1.hwaddr = 00:0e:c6:c9:1a:18
Wired connection was not identified by Ubuntu.
Here's my result if I run ifconfig -a on terminal
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 308 bytes 22700 (22.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 308 bytes 22700 (22.7 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.42.0.249 netmask 255.255.255.0 broadcast 10.42.0.255
inet6 fe80::a78:589e:2107:b3c4 prefixlen 64 scopeid 0x20<link>
ether dc:53:60:e2:ce:99 txqueuelen 1000 (Ethernet)
RX packets 13416 bytes 9588247 (9.5 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9109 bytes 1698278 (1.6 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Help me to get out of this
Thanks in Advance :)
The following helped me (I'm not quite sure why, but it did! :D)
Check ethernet state with
$ nmcli device
Check if there are errors or warnings from NetworkManager
$ systemctl status NetworkManager.service
Go root:
$ sudo -s
Delete all files in the directory /var/lib/NetworkManager/ except secret_key
$ cd /var/lib/NetworkManager/
$ rm -v !("secret_key")
Now reboot system and check ethernet state with nmcli device
If that does not help, you can create an empty file with this command and restart the computer again.
sudo touch /etc/NetworkManager/conf.d/10-globally-managed-devices.conf
Source: https://forum.ubuntuusers.de/topic/kein-netzzugriff/
So I wanted to create peer for webrtc in C, but I still don't quite get how the connection is made. I wanted to use the https://webrtc.github.io/samples/src/content/peerconnection/munge-sdp/ sample generating a SDP file in my computer, change the IP4 field (so i don't just do a loopback), put it in offer, do the same in another computer (to put in answer) [basically i'd do the signalling myself] to connect.
i tried it over my local network, but i failled miserably.
here is one of the SDP files
`
v=0
o=mozilla...THIS_IS_SDPARTA-52.4.0 7301737099351893139 0 IN IP4 0.0.0.0
s=-
t=0 0
a=fingerprint:sha-256 29:C1:12:C2:D7:03:B6:A8:E1:28:DC:DC:DE:A5:A0:0E:A8:D4:3A:CF:D5:67:9A:6B:4A:38:8C:DE:9C:ED:4E:D8
a=group:BUNDLE sdparta_0 sdparta_1 sdparta_2
a=ice-options:trickle
a=msid-semantic:WMS *
m=audio 9 UDP/TLS/RTP/SAVPF 109 9 0 8 101
c=IN IP4 0.0.0.0
a=sendrecv
a=extmap:1/sendonly urn:ietf:params:rtp-hdrext:ssrc-audio-level
a=fmtp:109 maxplaybackrate=48000;stereo=1;useinbandfec=1
a=fmtp:101 0-15
a=ice-pwd:f0fa540801b8b01d2616d465cdbaf888
a=ice-ufrag:23f84f96
a=mid:sdparta_0
a=msid:{518019eb-2799-4525-ac2f-486dc4eb8ef4} {ebd29374-a915-41f1-868f-a5bca57540c1}
a=rtcp-mux
a=rtpmap:109 opus/48000/2
a=rtpmap:9 G722/8000/1
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000/1
a=setup:actpass
a=ssrc:3747370289 cname:{5339d74a-cea8-4286-9a6f-5c6682f03b4a}
m=video 9 UDP/TLS/RTP/SAVPF 120 121
c=IN IP4 0.0.0.0
a=sendrecv
a=fmtp:120 max-fs=12288;max-fr=60
a=fmtp:121 max-fs=12288;max-fr=60
a=ice-pwd:f0fa540801b8b01d2616d465cdbaf888
a=ice-ufrag:23f84f96
a=mid:sdparta_1
a=msid:{518019eb-2799-4525-ac2f-486dc4eb8ef4} {38ff8810-1ae3-4786-b95c-e945f649f032}
a=rtcp-fb:120 nack
a=rtcp-fb:120 nack pli
a=rtcp-fb:120 ccm fir
a=rtcp-fb:120 goog-remb
a=rtcp-fb:121 nack
a=rtcp-fb:121 nack pli
a=rtcp-fb:121 ccm fir
a=rtcp-fb:121 goog-remb
a=rtcp-mux
a=rtpmap:120 VP8/90000
a=rtpmap:121 VP9/90000
a=setup:actpass
a=ssrc:8090718 cname:{5339d74a-cea8-4286-9a6f-5c6682f03b4a}
m=application 9 DTLS/SCTP 5000
c=IN IP4 0.0.0.0
a=sendrecv
a=ice-pwd:f0fa540801b8b01d2616d465cdbaf888
a=ice-ufrag:23f84f96
a=mid:sdparta_2
a=sctpmap:5000 webrtc-datachannel 256
a=setup:actpass
a=ssrc:3024981980 cname:{5339d74a-cea8-4286-9a6f-5c6682f03b4a}
`
obs: i left the IP4 as 0.0.0.0 on purpose
obs2: I missed the ICE candidates, but not sure
I appreciate any help
no you can not. To connect to another PC you need a signaling server and exchange things like ice ufrag/pwd and the dtls fingerprints. Take a look at https://appr.tc/