Hm I can't seem to get wireguard working on my FreeBSD laptop

the config should work... same steps and it worked on my phone, wg-quick(8) seems to have put the route in correctly

but its not handshaking

I assume it *could* be pf being the issue... but I have two simple rules, block in, pass out

any ideas?

works just fine on my phone same network too... so I assume its a firewall isue

issue*

polarian: pass in from the other end?

polarian: have you tried tcpdump to gain some insight into the handshake?

I made something stupid: github.com/X8X-XZDX/echo-compile

polarian: can you ping your endpoint? and in the other direction too?

entrop: the other end is fine, the server side works just fine with my phone, its my laptop to my phone which is the issue

kevans: I did tcpdump, nothing on wg0 apart from some ntp packets

so I assume pf is dropping the packets, but if I disable pf it doesn't work either...

so could be that the route is unknown and the packets are being dropped, but 0.0.0.0/1 to wg0 is entered into the routing table correctly

so shouldn't do

nimaje: with the tunnel? no, without? yes

wg0 won't handshake

I have checked all the configs it *should* work, so I assume its a firewall issue, but block in/pass out on a laptop should be sufficient

yeah, I meant outside the tunnel

hm, pretty sure wg is udp based, not sure how keeping state works for udp in firewalls

nimaje: well same network and my phone can connect just fine... so I assume this is an issue with configuration on my laptop

not with wireguard, I have checked the config over and over again

skim reading but I setup incoming and outgoing wg the other day and kept getting confused about which key was supposed to go where

I found putting it in a simple template and then using `qrencode -t ansiutf8 < myTemplate` to generate a QR code made mobile app setup much easier

At least on iOS the wg app logs are close to pointless

@polarian, rougly followed this blog.mqbx.nl/2022/09/07/road-warrior-style-wireguard-vpn-pfsense-ios

sbr: thats how I did it for my phone :)

From another machine its the same template and should be even simpler

s/template/format

sbr: that link is obvious

yup, wg is general is pretty obvious I was just being dumb with the ios app and the QR codes helped. Everything else "just worked"

ugh...

I wonder if the inkernel driver for wireguard is buggy :/

I found it in the OpenBSD src tree

polarian: no, tcpdump the interface wg is negotiating over

wg itself won't see any traffic until the handshake is finished

What's the correct way to use `resolveconf`? The MAN page doesn't give any examples. I've been doing it like this: "sysrc -f /etc/resolvconf.conf search_domains="mydomain.tld" name_servers="10.1.1.10" && resolvconf -u" which I know is "wrong".

tuaris: what interfaces are changing in your configuration

in this case it's for any interface

The "-d" is for deleting, but what does it delete. The "-d" flag is missing from the man page.

kevans: oh right yeah duh xD

sbr: why do you need multiple gigs to your home

polarian: yeah, I think that might be enlightening; but my guess if it doesn't work with your firewall disabled is that there's some other misconfiguration involved

hmm

tuaris: why not updating /etc/resolv.conf directly? but if you want to use resolvconf, then probably something like printf "search %s\nnameserver %s\n" <domain> <nameserver> | resolvconf -x -a <interface> (I assume you want the exclusive there, as you override those settings via sysrc)

tuaris, Normally when an interface comes up: echo search_domains=example.com name_servers=8.8.8.8 | resolvconf -a $iface.inet

tuaris, Normally when an interface goes down: resolvconf -d $iface.inet