smcroutectl doesn't send joins through wireguard

troglobit / smcroute

Static multicast routing for UNIX

https://troglobit.com/projects/smcroute/

GNU General Public License v2.0

244 stars 64 forks source link

smcroutectl doesn't send joins through wireguard #152

Closed lucdig closed 3 years ago

lucdig commented 3 years ago

On Linux Ubuntu:

ip link set dev wg1 multicast on
ip link set dev lo multicast on

/etc/smcroute.conf:

phyint lo enable
phyint eth0 enable
phyint wg1 enable

With smcroutectl join wg1 239.255.1.1, I don't see any udp packet of the wireguards interface. Nothing appears with the command tcpdump -n -i eth0 udp and port 444 (444 is the UDP port of the wg1 server)

ufw is disabled
no iptables filters

Am I missing anything? Thanks, regards

troglobit commented 3 years ago

This is not a problem with SMCRoute. When you join a group wtth SMCRoute it only asks the kernel for the group. The kernel creates the IGMP frame that is sent on the (pseudo) wire. Wireguard forwards packets by matching its AllowedIPs setting.

I tested by using a AllowedIPs = 0.0.0.0/0 on both ends of a wg1 tunnel, with multicast enabled like you did, and then IGMP packets are forwarded.

lucdig commented 3 years ago

I don't know how your Ubuntu works, but I cannot set AllowedIPs = 0.0.0.0/0 on mine.

In fact, my Ubuntu sets as many routes via wg1 as many nets it finds in AllowedIP. So, if route to 0.0.0.0/0 is set to wg1, the system is totally unreachable via ssh/vnc/..., and I have to open a console.

Anyway, I resolved adding 224.0.0.0/4 in the list of allowed IPs: AllowedIPs = <internal-wg1-subnet>, 224.0.0.0/4, and now I see the igmp join's flowing through wg1.

Everything works as I expected.

Thanks a lot, regards

troglobit commented 3 years ago

So then we can close this, right?

lucdig commented 3 years ago

Yes, sure. Thanks

goldsoft8888 commented 4 days ago

The wg0 interface can send and receive multicast packets, but the eth0 interface cannot send or receive multicast packets. Both wg0 and eth0 have multicast functionality enabled.

Configuration: bash 复制代码 iptables -t mangle -A PREROUTING -i eth0 -d 239.255.255.250 -j TTL --ttl-inc 2 ip link set dev wg0 multicast on ip link set dev wg0 multicast on /etc/smcroute.conf: bash 复制代码 phyint eth0 enable phyint wg0 enable

mgroup from eth0 group 239.255.255.250 mroute from eth0 group 239.255.255.250 to wg0

mgroup from wg0 group 239.255.255.250 mroute from wg0 group 239.255.255.250 to eth0 Output from smcrouted -n: less 复制代码 smcroute[6339]: SMCRoute v2.5.6 smcroute[6339]: IPv4 multicast routing API already in use: Address already in use smcroute[6339]: /etc/smcroute.conf line 5: mroute: inbound eth0 is not a known phyint smcroute[6339]: /etc/smcroute.conf line 8: mroute: inbound wg0 is not a known phyint smcroute[6339]: Parse error in /etc/smcroute.conf smcroute[6339]: Ready, waiting for client request or kernel event.

troglobit commented 3 days ago

@goldsoft8888 this is a closed issue. Please do not report new issues on closed ones. Also, when reporting a problem you need to state what you expected to happen and what did happen. Thank you