Debug VPN connection
Closed this issue · 12 comments
Describe the bug
Issues connecting to the wireguard network.
To Reproduce
Steps to reproduce the behavior:
- Place
wg_config.conffile inpriv/directory of app ssh nerves.localwg_conf = Application.app_dir(:my_app) |> Path.join("priv/wg_config.conf") |> VintageNetWireguard.ConfigFile.parseVintageNet.configure("wg0", wg_conf)ifconfig, shows status ofwg0: flags=[:up, :pointtopoint, :running] inet 192.168.178.202 netmask 255.255.255.0ping("1.1.1.1", ifname: "wg0")- results in:eaddrnotavail
Expected behavior
The goal is to expose a service over the wireguard network, so I would anticipate that ping should work
VintageNet Info
VintageNet 0.13.4
All interfaces: ["can0", "eth0", "lo", "wg0", "wlan0"]
Available interfaces: ["wlan0"]
Interface wg0
Type: VintageNetWireguard
Present: true
State: :retrying (24.6 s)
Connection: :disconnected (0:01:43)
Addresses: 192.168.178.202/24
MAC Address: nil
Configuration:
%{
type: VintageNetWireguard,
dns: [{192, 168, 178, 1}],
addresses: [{{192, 168, 178, 202}, 24}],
private_key: "....",
peers: [
%{
public_key: "redacted",
preshared_key: "....",
persistent_keepalive: 25,
endpoint: "redacted",
allowed_ips: [{{192, 168, 178, 0}, 24}, {{0, 0, 0, 0}, 0}]
}
]
}
Interface wlan0
Type: VintageNetWiFi
Present: true
State: :configured (0:01:43)
Connection: :internet (0:01:36)
Addresses: 192.168.178.33/24, redacted/64, redacted/64
MAC Address: "b8:27:eb:3a:ea:1f"
Configuration:
%{
type: VintageNetWiFi,
vintage_net_wifi: %{
networks: [
%{mode: :infrastructure, psk: "....", ssid: "myssid", key_mgmt: :wpa_psk}
]
},
ipv4: %{method: :dhcp}
}
Environment
Pkg: custom_rpi3 - this is the same as the most recent release of nerves_system_rpi3
Vsn: 1.23.1
Type: system
BuildRunner: {Nerves.Artifact.BuildRunners.Docker, [make_args: ["source", "all", "legal-info"]]}
Pkg: nerves_toolchain_armv7_nerves_linux_gnueabihf
Vsn: 1.8.0
Type: toolchain
BuildRunner: {Nerves.Artifact.BuildRunners.Local, []}
Pkg: nerves_toolchain_ctng
Vsn: 1.9.3
Type: toolchain_platform
BuildRunner: {nil, []}
Pkg: nerves_system_br
Vsn: 1.23.2
Type: system_platform
BuildRunner: {nil, []}
Additional context
Running on Raspberry Pi 3. The VintageNet configuration shown above is for connecting to my home network VPN (Fritz!Box Wireguard), however since I don't trust that I configured everything correctly or that it would work when connecting to the VPN server running on the local network, I also tried connecting to fly.io via the fly fireguard create command and using the output config file in the same manner as above, with the same :disconnected result.
I also tried changing the DNS key in the .conf file to a public DNS (1.1.1.1), but that didn't change the result either.
I know that writing docs for connecting to Fly.io is on the to-do list, so if I figure this out I'd be happy to help with that!
Thank you :)
Okay part of my problem was that my network VPN was configured poorly - I only had an IPv6 address available, but no IPv4. A quick call to the ISP solved that issue. Now, I'm getting the following output in the logger:
14:02:37.483 [debug] VintageNet(wg0): :configuring -> done error: retrying after 30000 ms
14:03:07.484 [info] RouteManager: clear_route wg0
14:03:07.486 [warn] RouteManager: new set_connection_status wg0 -> :disconnected (Elixir.VintageNet.Interface.start_configuring/3([file: ~c"lib/vintage_net/interface.ex", line: 669]))
14:03:07.496 [debug] ip:RTNETLINK answers: File exists
14:03:07.529 [info] mdns_lite wg0/{192, 168, 178, 202}
14:03:07.548 [error] Nonzero exit setting peer: 1
Some more VintageNet.info:
VintageNet 0.13.4
All interfaces: ["can0", "eth0", "lo", "wg0", "wlan0"]
Available interfaces: ["wlan0"]
Interface wg0
Type: VintageNetWireguard
Present: true
State: :retrying (11.9 s)
Connection: :disconnected (0:05:51)
Addresses: 192.168.178.202/24
MAC Address: nil
Configuration:
%{
type: VintageNetWireguard,
dns: [{192, 168, 178, 1}],
addresses: [{{192, 168, 178, 202}, 24}],
private_key: "....",
peers: [
%{
public_key: "redacted",
preshared_key: "....",
allowed_ips: [{{192, 168, 178, 0}, 24}, {{0, 0, 0, 0}, 0}],
endpoint: "redacted_endpoint",
persistent_keepalive: 25
}
]
}
Interface wlan0
Type: VintageNetWiFi
Present: true
State: :configured (0:05:50)
Connection: :internet (0:05:44)
Addresses: redacted_ipv6/64, 192.168.178.33/24, redacted_ipv6/64
MAC Address: "b8:27:eb:3a:ea:1f"
Configuration:
%{
type: VintageNetWiFi,
vintage_net_wifi: %{
networks: [
%{mode: :infrastructure, psk: "....", ssid: "myssid", key_mgmt: :wpa_psk}
]
},
ipv4: %{method: :dhcp}
}
Hey @gworkman ! Sorry, I've been on vacation. I'll take a look into this in the next couple of days
Hi @jjcarstens! Thanks for getting back to me :) hope you had a good break! If I can assist by providing any additional info, let me know, I'm happy to help!
Well...this might somehow be related to OTP 26, but I haven't fully tracked down what.
@gworkman Can you try with nerves_system_rpi3 1.22.2 which is OTO 25.3 (Elixir version won't matter as long as its built for OTP 25). Or if you're using a different device, just find the appropriate version in the Compatibility Chart that has OTP 25
Hi @jjcarstens, big thank you for taking a look at this! I know it's not a trivial amount of time you spend on it :)
I was able to test with your branch fix-otp-26-starting, but I found a few issues. First, I was getting error messages from wireguard that the AllowedIPs parameter was not in the right format. It looks like from the spec that the argument should be a comma-separated list of addresses. I've submitted a 1-character PR into this branch for that :)
Otherwise, I was getting some timeout errors. After sshing into the box and manually running VintageNet.configure("wg0", wg_config) from the parsed config file, I was getting a timeout from VintageNet:
08:41:47.298 [debug] VintageNet(wg0): :configuring -> recovering from hang: retrying after 30000 ms
08:41:47.299 [error] GenServer #PID<0.1147.0> terminating
** (stop) killed
Last message: {:EXIT, #PID<0.1146.0>, :killed}
State: MapSet.new(["/tmp/f-1693212087-79-yzhv6l"])
I'm not sure if there is a way to bump the default amount of time up?
However, when it retries to make the connection, I think there is some error from something not being cleaned up properly:
08:48:07.344 [info] RouteManager: clear_route wg0
08:48:07.346 [warn] RouteManager: new set_connection_status wg0 -> :disconnected (Elixir.VintageNet.Interface.start_configuring/3([file: ~c"lib/vintage_net/interface.ex", line: 669]))
08:48:07.355 [debug] ip:RTNETLINK answers: File exists
08:48:07.387 [info] mdns_lite wg0/{192, 168, 178, 202}
Particularly I'm referring to the ip:RTNETLINK answers: File exists here, although maybe since it's just a debug message it is not consequential.
I'm going to give OTP 25 a chance right now, will report back in hopefully next 30 mins to determine if that fixes the issue.
Thanks again!
Update: for OTP 25, it looks like I'm still getting the same timeout issue as above
09:43:02.850 [info] RouteManager: clear_route wg0
09:43:02.852 [warn] RouteManager: new set_connection_status wg0 -> :disconnected (Elixir.VintageNet.Interface.start_configuring/3([file: ~c"lib/vintage_net/interface.ex", line: 669]))
09:43:02.862 [debug] ip:ip: RTNETLINK answers: File exists
09:43:02.893 [info] mdns_lite wg0/{192, 168, 178, 202}
09:43:22.854 [debug] VintageNet(wg0): :configuring -> recovering from hang: retrying after 30000 ms
09:43:22.857 [error] GenServer #PID<0.1159.0> terminating
** (stop) killed
Last message: {:EXIT, #PID<0.1158.0>, :killed}
State: MapSet.new(["/tmp/f-1693215782-75-8lft5i"])
Attempted with {:nerves_system_rpi3, "1.22.2", runtime: false, targets: :rpi3},erlang 25.2.3, elixir 1.15.4-otp-25. Full mix.lock file below:
%{
"beam_notify": {:hex, :beam_notify, "1.1.0", "4ce38e27460a3c03b6f77c10c6f31458b035ebb1035cd52d4b3e771311837dba", [:make, :mix], [{:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "8547a310702bfcea0e401534398617b940808ff6ad10c43dddc85c169de7b9cc"},
"castore": {:hex, :castore, "1.0.3", "7130ba6d24c8424014194676d608cb989f62ef8039efd50ff4b3f33286d06db8", [:mix], [], "hexpm", "680ab01ef5d15b161ed6a95449fac5c6b8f60055677a8e79acf01b27baa4390b"},
"circular_buffer": {:hex, :circular_buffer, "0.4.1", "477f370fd8cfe1787b0a1bade6208bbd274b34f1610e41f1180ba756a7679839", [:mix], [], "hexpm", "633ef2e059dde0d7b89bbab13b1da9d04c6685e80e68fbdf41282d4fae746b72"},
"elixir_make": {:hex, :elixir_make, "0.7.7", "7128c60c2476019ed978210c245badf08b03dbec4f24d05790ef791da11aa17c", [:mix], [{:castore, "~> 0.1 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: true]}], "hexpm", "5bc19fff950fad52bbe5f211b12db9ec82c6b34a9647da0c2224b8b8464c7e6c"},
"gen_state_machine": {:hex, :gen_state_machine, "3.0.0", "1e57f86a494e5c6b14137ebef26a7eb342b3b0070c7135f2d6768ed3f6b6cdff", [:mix], [], "hexpm", "0a59652574bebceb7309f6b749d2a41b45fdeda8dbb4da0791e355dd19f0ed15"},
"jason": {:hex, :jason, "1.4.1", "af1504e35f629ddcdd6addb3513c3853991f694921b1b9368b0bd32beb9f1b63", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "fbb01ecdfd565b56261302f7e1fcc27c4fb8f32d56eab74db621fc154604a7a1"},
"mdns_lite": {:hex, :mdns_lite, "0.8.8", "e455f4d99dc708a9996ae8559f2893429ef39f0ca7d84ee63ce0e4b2f6a00a3f", [:mix], [{:vintage_net, "~> 0.7", [hex: :vintage_net, repo: "hexpm", optional: true]}], "hexpm", "221badb8e7b2a725ef642dc6121a61d8bfb7bad2a70afcc97bce6c9c7ce3c47c"},
"muontrap": {:hex, :muontrap, "1.3.2", "8942689f0727160d97d61ff25156fb35b7a10e4e925c88378a69a4041cc04257", [:make, :mix], [{:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "e29715dafdd8184c68516bad103ba1d58c7b3a7e1f5311fbf75c1d617caefa56"},
"nerves": {:hex, :nerves, "1.10.3", "31e29aaee9d9a4e7aa396a926d646c251cacf7c9e5f96b312dc23486dcd2231e", [:make, :mix], [{:castore, "~> 0.1 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "84ff7f82bd9fb313af90bf5c6230825fa90f2e159d0355584a9d0ff1d29f4e56"},
"nerves_logging": {:hex, :nerves_logging, "0.2.1", "e58d9ec782dc905dcaf65f60deb725c5fa3ad6a6e830f77b956406086e91e3a0", [:make, :mix], [{:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "6224ba920db021215378d1f428ff55209ea7815410d5f8113a595b8ba33c1495"},
"nerves_motd": {:hex, :nerves_motd, "0.1.13", "5ab28a458e8ba8cf7f165573dd413f3ed0f9720dc08eda51c2bcb0d7edffa9ee", [:mix], [{:nerves_runtime, "~> 0.8", [hex: :nerves_runtime, repo: "hexpm", optional: false]}, {:nerves_time, "~> 0.4", [hex: :nerves_time, repo: "hexpm", optional: true]}, {:nerves_time_zones, "~> 0.1", [hex: :nerves_time_zones, repo: "hexpm", optional: true]}], "hexpm", "f3fee43ab52181b0de015eec4a9835b99526170ac83a0f621a155f458e1c9eeb"},
"nerves_pack": {:hex, :nerves_pack, "0.7.0", "bc93834edbb9321b180dc104440070279eb02159359715f68f770e74ed86a582", [:mix], [{:mdns_lite, "~> 0.8", [hex: :mdns_lite, repo: "hexpm", optional: false]}, {:nerves_motd, "~> 0.1", [hex: :nerves_motd, repo: "hexpm", optional: false]}, {:nerves_runtime, "~> 0.6", [hex: :nerves_runtime, repo: "hexpm", optional: false]}, {:nerves_ssh, "~> 0.3", [hex: :nerves_ssh, repo: "hexpm", optional: false]}, {:nerves_time, "~> 0.3", [hex: :nerves_time, repo: "hexpm", optional: false]}, {:ring_logger, "~> 0.8", [hex: :ring_logger, repo: "hexpm", optional: false]}, {:vintage_net, "~> 0.10", [hex: :vintage_net, repo: "hexpm", optional: false]}, {:vintage_net_direct, "~> 0.10", [hex: :vintage_net_direct, repo: "hexpm", optional: false]}, {:vintage_net_ethernet, "~> 0.10", [hex: :vintage_net_ethernet, repo: "hexpm", optional: false]}, {:vintage_net_wifi, "~> 0.10", [hex: :vintage_net_wifi, repo: "hexpm", optional: false]}], "hexpm", "65a43ea78c10938c87c72d6d42a82c05e831e9a95a0ea26fe8f9d848c009cc57"},
"nerves_runtime": {:hex, :nerves_runtime, "0.13.4", "cc0b600483bdca0534671fbf0d0e31f00f54616e1049b8e64c5b931573bde6ea", [:mix], [{:nerves_logging, "~> 0.2.0", [hex: :nerves_logging, repo: "hexpm", optional: false]}, {:nerves_uevent, "~> 0.1.0", [hex: :nerves_uevent, repo: "hexpm", optional: false]}, {:uboot_env, "~> 0.3.0 or ~> 1.0", [hex: :uboot_env, repo: "hexpm", optional: false]}], "hexpm", "8bf5374cfdbf9aee848f4b319af083216d0c6ac0540fd21291e12c6d8838cbba"},
"nerves_ssh": {:hex, :nerves_ssh, "0.4.3", "32540ad52a9781b7b1a1427ea1d282a9129f16b40f0a06de2074019ed455e760", [:mix], [{:nerves_runtime, "~> 0.11", [hex: :nerves_runtime, repo: "hexpm", optional: false]}, {:ssh_subsystem_fwup, "~> 0.5", [hex: :ssh_subsystem_fwup, repo: "hexpm", optional: false]}], "hexpm", "dfd079e4609d1d231dd29a9588534957a24c0baed1f434233dbfc2a679ea14d8"},
"nerves_system_br": {:hex, :nerves_system_br, "1.22.5", "56c514ed0f3e7ab00d070ad1946e58ccbad134711b8688c350ef9b3ce599e45d", [:mix], [], "hexpm", "ae5c0df668de14c4bfa0a965b0328ed2f96050e9ac14d94461e6dc97ac76eee2"},
"nerves_system_rpi3": {:hex, :nerves_system_rpi3, "1.22.2", "4170253d8b8478f8817b01470952accb2c52ee322b716c09dca56725688264aa", [:mix], [{:nerves, "~> 1.5.4 or ~> 1.6.0 or ~> 1.7.15 or ~> 1.8", [hex: :nerves, repo: "hexpm", optional: false]}, {:nerves_system_br, "1.22.5", [hex: :nerves_system_br, repo: "hexpm", optional: false]}, {:nerves_toolchain_armv7_nerves_linux_gnueabihf, "~> 1.8.0", [hex: :nerves_toolchain_armv7_nerves_linux_gnueabihf, repo: "hexpm", optional: false]}], "hexpm", "223179037bfa8c506e576fa3beca80f0f9be3ba0b574ce004e92f6cc60be7d8d"},
"nerves_time": {:hex, :nerves_time, "0.4.6", "f02e5e866149f3884a4b125104a5b677f7e61d271c1f7d87bc989197dc02dae5", [:make, :mix], [{:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}, {:muontrap, "~> 0.5 or ~> 1.0", [hex: :muontrap, repo: "hexpm", optional: false]}], "hexpm", "1fecb9e9dd098c0e93d35205a79e604831779f2d2313cfe7c31d181678e26ce6"},
"nerves_toolchain_armv7_nerves_linux_gnueabihf": {:hex, :nerves_toolchain_armv7_nerves_linux_gnueabihf, "1.8.0", "2286e6272c340c3f49a29632321ad1ff6d8d09ddf130669d42530430bf13b3a7", [:mix], [{:nerves, "~> 1.0", [hex: :nerves, repo: "hexpm", optional: false]}, {:nerves_toolchain_ctng, "~> 1.9.3", [hex: :nerves_toolchain_ctng, repo: "hexpm", optional: false]}], "hexpm", "099e109947165275d6050f561757827f2d10dd63fa6fd7cbbae5ed57b9f748ee"},
"nerves_toolchain_ctng": {:hex, :nerves_toolchain_ctng, "1.9.3", "60e87fde05988c4264babc8d68a9221c7b8fe5dc195b7d1526f29b8e626c735c", [:mix], [{:nerves, "~> 1.0", [hex: :nerves, repo: "hexpm", optional: false]}], "hexpm", "2b6edb0687b7f78d3fa49958d759f647e351b23c1f59f637c617a6dc179994ae"},
"nerves_uevent": {:hex, :nerves_uevent, "0.1.0", "651111a46be9a238560cbf7946989fc500e5f33d7035fd9ea7194d07a281bc19", [:make, :mix], [{:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}, {:property_table, "~> 0.2.0", [hex: :property_table, repo: "hexpm", optional: false]}], "hexpm", "cb0b1993c3ed3cefadbcdb534e910af0661f95c3445796ce8a7c8be3519a4e5f"},
"net_address": {:hex, :net_address, "0.3.0", "0fd8bdccdcb74986b7e808bc1f99a7cf4bbc8232bffd6958e18a963500adb541", [:mix], [], "hexpm", "678886a834e031009eda8a45f3e2cbda94a20a1e5fbc174e88e3f031eeb62c5f"},
"one_dhcpd": {:hex, :one_dhcpd, "2.0.2", "49ae0bc4ecc4bf958a2e3eb9c25149dbb37102b77163ed3f9ebadfe49090b44a", [:make, :mix], [{:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "f95de030d199c834dacacc8420881e21c27cec60371711bdffd2fc183234cbf8"},
"property_table": {:hex, :property_table, "0.2.4", "c53e3684b6da8cb77ceee89f8c7a980d6c626429a6653473db29c210b9d53103", [:mix], [], "hexpm", "feae0e06fee2740452dd8375eb2c3407ece12317525491345f141dcbe1b9442c"},
"ring_logger": {:hex, :ring_logger, "0.10.2", "f6bd562759d793ffcbe90c45713afd672ad7dc82204ac1ae190d1e35beb313a4", [:mix], [{:circular_buffer, "~> 0.4.0", [hex: :circular_buffer, repo: "hexpm", optional: false]}], "hexpm", "9cadb7960973a3f930ca67aa22d4dd89b8ab67f07d6b8970eeb18580669b0ffd"},
"shoehorn": {:hex, :shoehorn, "0.9.1", "8e12670024c2942e3c2fdd27cd5a034ee0337ee7c25c37b3ebc2ad482de67199", [:mix], [], "hexpm", "fccd040ac22de9b3cc111bbf78a363832c7210010a3fff4a550fbb2f10de0692"},
"ssh_subsystem_fwup": {:hex, :ssh_subsystem_fwup, "0.6.1", "628f8e3795de5f1d0e7b3b55de4248ab0a77ab4c47e3cd282f1dda89d6354a9f", [:mix], [], "hexpm", "babdae337f2dc011ab5478662b4ec850650d7acfb165662ae47f6f0ce8892499"},
"temp": {:hex, :temp, "0.4.7", "2c78482cc2294020a4bc0c95950b907ff386523367d4e63308a252feffbea9f2", [:mix], [], "hexpm", "6af19e7d6a85a427478be1021574d1ae2a1e1b90882586f06bde76c63cd03e0d"},
"toolshed": {:hex, :toolshed, "0.3.1", "9c7f90c015e8f6034eb43c4f5203ac6226d0db5f1a575ccf69af94b5d77cba64", [:mix], [{:nerves_runtime, "~> 0.8", [hex: :nerves_runtime, repo: "hexpm", optional: true]}], "hexpm", "92fc4a792cd1dbc4fd6963431b5c3511e88454c68e32a30cf17366905b43612e"},
"uboot_env": {:hex, :uboot_env, "1.0.1", "b0e136cf1a561412ff7db23ed2b6df18d7c7ce2fc59941afd851006788a67f3d", [:mix], [], "hexpm", "b6d4fe7c24123be57ed946c48116d23173e37944bc945b8b76fccc437909c60b"},
"vintage_net": {:hex, :vintage_net, "0.13.4", "70051ff598340cce034ca915fbd9a0fcb70da42f6d046c64cb4eff0a0bf60732", [:make, :mix], [{:beam_notify, "~> 0.2.0 or ~> 1.0", [hex: :beam_notify, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}, {:gen_state_machine, "~> 2.0.0 or ~> 2.1.0 or ~> 3.0.0", [hex: :gen_state_machine, repo: "hexpm", optional: false]}, {:muontrap, "~> 0.5.1 or ~> 0.6.0 or ~> 1.0", [hex: :muontrap, repo: "hexpm", optional: false]}, {:property_table, "~> 0.2.0", [hex: :property_table, repo: "hexpm", optional: false]}], "hexpm", "1b3f1a1320d27b0a49889f18882a437d2ec1566bf1cd9beb1ca0d07746b40c1e"},
"vintage_net_direct": {:hex, :vintage_net_direct, "0.10.7", "940561c375f04d6734ac78100ae1d8ef790ffd7e966f70efb525230fa1bc5774", [:mix], [{:one_dhcpd, "~> 0.2.3 or ~> 1.0 or ~> 2.0", [hex: :one_dhcpd, repo: "hexpm", optional: false]}, {:vintage_net, "~> 0.9.1 or ~> 0.10.0 or ~> 0.11.0 or ~> 0.12.0 or ~> 0.13.0", [hex: :vintage_net, repo: "hexpm", optional: false]}], "hexpm", "c040e9c33220495c28ba4464c5924da00bd4949627c4cb9c99ba1ed96f7b9429"},
"vintage_net_ethernet": {:hex, :vintage_net_ethernet, "0.11.2", "ef67db5ace9ad5ca5bf229a507247f9eb45b847dc0ff694a6e8a156ed9c5915d", [:mix], [{:vintage_net, "~> 0.12.0 or ~> 0.13.0", [hex: :vintage_net, repo: "hexpm", optional: false]}], "hexpm", "6915f9e15e1aa15e52d1948f318ce5109181d1ad7aaa50016bad5dd8e22df9ea"},
"vintage_net_wifi": {:hex, :vintage_net_wifi, "0.11.6", "f42f74543bb42a0acdc1dfe5bb1cd2ef5fe4bab8ffcf3064c7113ba9cda6c7e7", [:make, :mix], [{:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}, {:vintage_net, "~> 0.12.0 or ~> 0.13.0", [hex: :vintage_net, repo: "hexpm", optional: false]}], "hexpm", "48dd918f7eb88d970a12080a627b57309996e11ab2bb3630a9ed71a9a3414e48"},
"vintage_net_wireguard": {:hex, :vintage_net_wireguard, "0.1.0", "0363114f674f930a697a54792ec9a5b03ab6a5294a69926cef4b81400dfcf248", [:make, :mix], [{:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}, {:net_address, "~> 0.3", [hex: :net_address, repo: "hexpm", optional: false]}, {:temp, "~> 0.4", [hex: :temp, repo: "hexpm", optional: false]}, {:vintage_net, "~> 0.11", [hex: :vintage_net, repo: "hexpm", optional: false]}], "hexpm", "ed50781ab992ffa042d5b732854fdef000a84fc53e9ef2968374dc48f1e1a820"},
}
Another update:
I tried again with both OTP 25 and OTP 26, but connecting to Fly.io's Wireguard network - this time it worked flawlessly. No issues there, including no timeout. The only difference between the fly_wg.conf and the home_wg.conf file that I have set up is that there is a PresharedKey in my home_wg.conf file. Maybe the existence of a pre-shared key makes the Wireguard connection initialization take longer, which hits the timeout?
The home_wg.conf is generated by my router (Fritz!Box, stock firmware). It works just fine when connecting with the official wireguard software on my laptop. I don't think anything is wrong with the config (there's literally no settings to tweak for the VPN interface when setting it up), but it could still be an option
I'd be curious to know what debugging steps you are taking to diagnose the issue - particularly how are you getting more information about what commands/arguments are being passed to the wireguard executable?
A quick and completely untested theory: could the cleanup of temporary files (such as in the set_peer/2 function) before the network is finished initializing be at play here? For example, the set_peer/2 function will call the system command with System.cmd(wg(), ["set", ifname | peer_args], stderr_to_stdout: true), with one of the peer args being ["preshared-key", "tmp/path/to/key"]. There are several commands called after the set_peer/2 function is called during interface bring-up, including the maybe_add_dns/2 as well as {:run, "ip", ["link", "set", "mtu", "1420", "up", "dev", ifname]}.
If Wireguard tries to re-read the preshared key file after the temp has cleaned it up, it might exhibit this behavior. According to the man page:
If /dev/null or another empty file is specified as the filename for either private-key or preshared-key, the key is removed from the device
When I remove the PresharedKey from my .conf file, I get the same behavior (hanging, hitting timeout). So I'm wondering if Wireguard is trying to connect without the pre shared key, thus not being able to establish a connection.
Unfortunately, as I mentioned above, I don't think I have the ability to remove the preshared key from my router VPN configuration, otherwise I would be taking that option here. For some more context of what I am trying to do: I have a hardware prototype at my mechanical engineer's office. It has a Raspberry Pi on board, and I would like to connect to the Pi from my home office (in a different country) so I can update the firmware, control the device, etc. That's why I'm using my router VPN rather than Fly for example.
I was looking at the Temp file usage before and thinking that was a little suspicious. I'm betting if we remove the cleanup of the file, then things would probably be okay
Hi @jjcarstens,
I did some more digging on this today. I think the temp file stuff is fine. Rather, I noticed the call to wg set peer #{peer_args} is hanging. When I tried calling some of the commands manually, I found that Wireguard isn't able to resolve the DNS of the server, and goes into a retry-backoff loop. Which is weird, because before calling VintageNet.configure("wg0", wg_config) calling Toolshed.nslookup works just fine, but after configuring the Wireguard interface the nslookup fails. I had one instance where it wasn't having the DNS lookup issue, but instead I got something in the logs like ip:RTNETLINK: File exists and I'm not sure where that is coming from.
It makes me wonder if it is a configuration issue for my setup, but then again - my laptop can connect just fine, and I literally have no options to tweak on that side 🙁
Would it help if I set up a Wireguard server somewhere which reproduces this same issue for you to test with? I can email you the config file if that works
Also, I can split this into a separate issue if you'd like.
I think that might be helpful, yes. I also think it would be nice to split into a separate issue that is a little more specific to this case