01:36:09 <polarian> Hm I can't seem to get wireguard working on my FreeBSD laptop
01:36:27 <polarian> the config should work... same steps and it worked on my phone, wg-quick(8) seems to have put the route in correctly
01:36:43 <polarian> but its not handshaking
01:37:39 <polarian> I assume it *could* be pf being the issue... but I have two simple rules, block in, pass out
01:44:03 <polarian> any ideas?
01:47:44 <polarian> works just fine on my phone same network too... so I assume its a firewall isue
01:47:46 <polarian> issue*
02:44:23 <entrop> polarian: pass in from the other end?
02:53:16 <kevans> polarian: have you tried tcpdump to gain some insight into the handshake?
06:53:44 <xzdx> I made something stupid:  https://github.com/X8X-XZDX/echo-compile
08:57:31 <nimaje> polarian: can you ping your endpoint? and in the other direction too?
11:22:10 <polarian> entrop: the other end is fine, the server side works just fine with my phone, its my laptop to my phone which is the issue
11:22:24 <polarian> kevans: I did tcpdump, nothing on wg0 apart from some ntp packets
11:22:36 <polarian> so I assume pf is dropping the packets, but if I disable pf it doesn't work either...
11:23:04 <polarian> so could be that the route is unknown and the packets are being dropped, but 0.0.0.0/1 to wg0 is entered into the routing table correctly
11:23:09 <polarian> so shouldn't do
11:23:36 <polarian> nimaje: with the tunnel? no, without? yes
11:23:52 <polarian> wg0 won't handshake
11:24:35 <polarian> I have checked all the configs it *should* work, so I assume its a firewall issue, but block in/pass out on a laptop should be sufficient
11:31:08 <nimaje> yeah, I meant outside the tunnel
11:32:00 <nimaje> hm, pretty sure wg is udp based, not sure how keeping state works for udp in firewalls
11:39:38 <polarian> nimaje: well same network and my phone can connect just fine... so I assume this is an issue with configuration on my laptop
11:39:47 <polarian> not with wireguard, I have checked the config over and over again
11:50:20 <sbr> skim reading but I setup incoming and outgoing wg the other day and kept getting confused about which key was supposed to go where
11:51:08 <sbr> I found putting it in a simple template and then using `qrencode -t ansiutf8 < myTemplate` to generate a QR code made mobile app setup much easier
11:51:29 <sbr> At least on iOS the wg app logs are close to pointless
11:52:29 <sbr> @polarian, rougly followed this https://blog.mqbx.nl/2022/09/07/road-warrior-style-wireguard-vpn-pfsense-ios/
11:52:59 <polarian> sbr: thats how I did it for my phone :)
11:53:37 <sbr> From another machine its the same template and should be even simpler
11:53:45 <sbr> s/template/format
11:54:23 <polarian> sbr: that link is obvious
11:59:06 <sbr> yup, wg is general is pretty obvious I was just being dumb with the ios app and the QR codes helped. Everything else "just worked"
12:05:47 <polarian> ugh...
12:05:54 <polarian> I wonder if the inkernel driver for wireguard is buggy :/
12:06:08 <polarian> I found it in the OpenBSD src tree
13:18:54 <kevans> polarian: no, tcpdump the interface wg is negotiating over
13:19:35 <kevans> wg itself won't see any traffic until the handshake is finished
14:07:07 * sbr_ put a new multi port nic in my router.  Going to get a second fibre line to my home. Fun fun.
20:26:11 <tuaris> What's the correct way to use `resolveconf`?  The MAN page doesn't give any examples.  I've been doing it like this: "sysrc -f /etc/resolvconf.conf search_domains="mydomain.tld" name_servers="10.1.1.10" && resolvconf -u" which I know is "wrong".
20:31:21 <rtprio> tuaris: what interfaces are changing in your configuration
20:56:53 <tuaris> in this case it's for any interface
20:59:02 <tuaris> The "-d" is for deleting, but what does it delete.  The "-d" flag is missing from the man page.
21:17:05 <polarian> kevans: oh right yeah duh xD
21:17:26 <polarian> sbr: why do you need multiple gigs to your home
22:02:08 <kevans> polarian: yeah, I think that might be enlightening; but my guess if it doesn't work with your firewall disabled is that there's some other misconfiguration involved
22:12:50 <polarian> hmm
22:55:07 <nimaje> tuaris: why not updating /etc/resolv.conf directly? but if you want to use resolvconf, then probably something like   printf "search %s\nnameserver %s\n" <domain> <nameserver> | resolvconf -x -a <interface>  (I assume you want the exclusive there, as you override those settings via sysrc)
23:15:21 <rwp> tuaris, Normally when an interface comes up: echo search_domains=example.com name_servers=8.8.8.8 | resolvconf -a $iface.inet
23:15:57 <rwp> tuaris, Normally when an interface goes down: resolvconf -d $iface.inet