Open utterances-bot opened 1 year ago
When I followed your instructions, I substituted tun0 with wg0. Otherwise, I followed them to the letter, but I don't believe the wg0 is working. There's no traffic flowing.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 7: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 10.2.0.2/32 scope global wg0 valid_lft forever preferred_lft forever
The wg0.conf file from my VPN provider (some information reducted):
[Interface] PrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Address = 10.2.0.2/32 DNS = 10.2.0.1
[Peer] PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX AllowedIPs = 0.0.0.0/0
Thank you
P.S. When I use the same wg0.conf file on another machine with wg-quick up wg0 it works.
Hey, did it just get missed in your copy / paste above or are you missing the Endpoint
directive under the [Peer]
heading?
Hiya, I am using Proton VPN. I've only redacted the keys. It works under Debian 12: nmcli connection import type wireguard file wg0.conf
[Interface]
# Key for wg0
# Bouncing = 1
# NAT-PMP (Port Forwarding) = off
# VPN Accelerator = on
PrivateKey = XXX
Address = 10.2.0.2/32
DNS = 10.2.0.1
[Peer]
# NL-FREE#216012
PublicKey = XXX
AllowedIPs = 0.0.0.0/0
ip netns exec wireguard wg setconf wg0 <(wg-quick strip /etc/wireguard/wg0.conf)
Thanks, moismailzai
Jeez, I did forget to copy/paste the endpoint: Endpoint = 138.199.7.159:51820
Thank you for your work. Your explanation and the code in your repository are awesome and helped me a lot 👍
Hello, thanks for the work. Have you tried running the code without socat part? According to the wireguard documentation here, the reason the code in this blog post works is moving a wg tun from one namespace to the other, not the socat part. Hence, the socat part seems incorrect and totally redundant. What's the port number 8080 for anyway.
I agree that such feature of wireguard isn't apparent.
nnWhisperer: I appreciate your insights. The socat
component serves a practical purpose distinct from the WireGuard namespace transfer capabilities. While WireGuard ensures that the VPN tunnel's encrypted packets correctly navigate between namespaces, socat
enables external access to services within the VPN-protected namespace, which is useful for scenarios where direct interaction with services isolated in a network namespace is desired.
Creating WireGuard jails with Linux network namespaces | Mo Ismailzai
The network namespace is a powerful Linux kernel feature that enables the creation of isolated network environments within a single logical host. In this blog post, we will explore the concept of network namespaces, how to use them with WireGuard, and how to isolate processes with this combination.
https://www.ismailzai.com/blog/creating-wireguard-jails-with-linux-network-namespaces