search

database64128 / swgp-go

🐉 Simple WireGuard proxy with minimal overhead for WireGuard traffic.
GNU Affero General Public License v3.0
225 stars 23 forks source link

sendmmsg: address family not supported by protocol #53

Closed sp41mer closed 1 week ago

sp41mer commented 1 month ago

I've tried to deploy swgp-go and encountered the following issue:

WARN Failed to write swgpPacket to proxyConn {"client": "client", "listenAddress": ":20222", "clientAddress": "<home ip v4>:51820", "proxyAddress": "<remote ip v4>:20220", "error": "sendmmsg: address family not supported by protocol"}

My client config is:

{
"clients": [
        {
            "name": "client",
            "wgListenNetwork": "",
            "wgListen": ":20222",
            "wgFwmark": 0,
            "wgTrafficClass": 0,
            "proxyEndpointNetwork": "",
            "proxyEndpoint": "<remote-ip-v4>:20220",
            "proxyConnListenNetwork": "",
            "proxyConnListenAddress": "",
            "proxyMode": "zero-overhead",
            "proxyPSK": "sAe5RvzLJ3Q0Ll88QRM1N01dYk83Q4y0rXMP1i4rDmI=",
            "proxyFwmark": 0,
            "proxyTrafficClass": 0,
            "mtu": 1500,
            "batchMode": "",
            "relayBatchSize": 0,
            "mainRecvBatchSize": 0,
            "sendChannelCapacity": 0
        }
    ]
}

My server config is:

{
  "servers": [
      {
          "proxyListen": ":20220",
          "proxyMode": "zero-overhead",
          "proxyPSK": "sAe5RvzLJ3Q0Ll88QRM1N01dYk83Q4y0rXMP1i4rDmI=",
          "wgEndpoint": "<remote-ip-v4>:51820",
          "wgFwmark": 0,
          "mtu": 1500,
          "proxyFwmark": 0
      }
  ]
}
database64128 commented 1 month ago
  1. What's the version of your Linux kernel?
  2. What's the net.ipv6.bindv6only sysctl value on your system?
  3. Does changing "proxyConnListenNetwork" to "udp4" fix the issue for you?
sp41mer commented 1 month ago

  1. What's the version of your Linux kernel?

    I have Ubuntu 22.04 x64 with 5.15.0-60-generic kernel version

    ~/wgp# uname -r
5.15.0-60-generic

I've also tried the same for Debian 12 x64 with 6.1.0-9-amd64 kernel version

  1. What's the net.ipv6.bindv6only sysctl value on your system?

    I couldn't find this value, there is the only thing related to IPv6 I was able to find on my machine:

    CONFIG_IPV6=y
CONFIG_IPV6_ROUTER_PREF=y
CONFIG_IPV6_ROUTE_INFO=y
# CONFIG_IPV6_OPTIMISTIC_DAD is not set
CONFIG_IPV6_MIP6=m
CONFIG_IPV6_ILA=m
CONFIG_IPV6_VTI=m
CONFIG_IPV6_SIT=m
CONFIG_IPV6_SIT_6RD=y
CONFIG_IPV6_NDISC_NODETYPE=y
CONFIG_IPV6_TUNNEL=m
CONFIG_IPV6_GRE=m
CONFIG_IPV6_FOU=m
CONFIG_IPV6_FOU_TUNNEL=m
CONFIG_IPV6_MULTIPLE_TABLES=y
CONFIG_IPV6_SUBTREES=y
CONFIG_IPV6_MROUTE=y
CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y
CONFIG_IPV6_PIMSM_V2=y
CONFIG_IPV6_SEG6_LWTUNNEL=y
CONFIG_IPV6_SEG6_HMAC=y
CONFIG_IPV6_SEG6_BPF=y
# CONFIG_IPV6_RPL_LWTUNNEL is not set
CONFIG_IPV6_IOAM6_LWTUNNEL=y
CONFIG_MPTCP_IPV6=y
CONFIG_IP_VS_IPV6=y
CONFIG_NF_SOCKET_IPV6=m
CONFIG_NF_TPROXY_IPV6=m
CONFIG_NF_TABLES_IPV6=y
CONFIG_NFT_REJECT_IPV6=m
CONFIG_NFT_DUP_IPV6=m
CONFIG_NFT_FIB_IPV6=m
CONFIG_NF_FLOW_TABLE_IPV6=m
CONFIG_NF_DUP_IPV6=m
CONFIG_NF_REJECT_IPV6=m
CONFIG_NF_LOG_IPV6=m
CONFIG_IP6_NF_MATCH_IPV6HEADER=m
CONFIG_NF_DEFRAG_IPV6=m
CONFIG_6LOWPAN_NHC_IPV6=m
CONFIG_AF_RXRPC_IPV6=y

  2. Does changing "proxyConnListenNetwork" to "udp4" fix the issue for you?

    Nope, it didn't work for me

database64128 commented 1 month ago

Interesting. I tried to mimic your config as much as possible, and it just won't reproduce. My kernel version is 6.9.9-arch1-1.

Did you build from the latest commit on the master branch? Can you try changing "batchMode" to "no"?

I couldn't find this value

Run sysctl net.ipv6.bindv6only. On my system, it returns:

net.ipv6.bindv6only = 0
sp41mer commented 1 week ago

Thank you! Setting "batchMode" to "no" resolved the issue

database64128 commented 1 week ago

Glad to hear it helped, but I wouldn't say it's "resolved". The sendmmsg path, which is the default batchMode on Linux, currently does not work on systems with dual-stack IPv6 sockets disabled. That's why I asked you to check the sysctl value. IPv4-mapped IPv6 is enabled by default on Linux, and there really isn't any reason to disable it.