[Bug 266712] net/wireguard-kmod: Misleading error message when if_wg is not properly configured

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 30 Sep 2022 02:07:40 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266712

            Bug ID: 266712
           Summary: net/wireguard-kmod: Misleading error message when
                    if_wg is not properly configured
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: decke@FreeBSD.org
          Reporter: zlei.huang@gmail.com
             Flags: maintainer-feedback?(decke@FreeBSD.org)
          Assignee: decke@FreeBSD.org

I'm new to wireguard. While trying to repeat
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261711 I have ever made a
mistake and the wireguard interface did not come up properly but there was no
good prompt about that.

Environment: FreeBSD 13.1, wireguard-kmod-0.0.20220615,
wireguard-tools-1.0.20210914_1

The content of wg1.conf
```
[Interface]
PrivateKey = +Gu/JLpCpS5kG7tfHE1FYizocef+HlsebE/5djg+XUU=
Address = 192.168.100.1/24
ListenPort = 51820

[Peer]
PublicKey = ADTJlJuuTjUaAkPchD4Fk6nOiH1Kw3vqqzBiaKHScHE=
AllowedIPs = 0.0.0.0/0
Endpoint = 192.168.117.155:51820
PersistentKeepalive = 15
```

Be aware the peer's public key is same with the interface. I was trying to
reuse the same pair of private key and public key for different wireguard box.
```
root@:~ # echo "+Gu/JLpCpS5kG7tfHE1FYizocef+HlsebE/5djg+XUU=" | wg pubkey
ADTJlJuuTjUaAkPchD4Fk6nOiH1Kw3vqqzBiaKHScHE=
```

Steps to repeat:

```
root@:~ # wg-quick up ./wg1.conf
[#] ifconfig wg create name wg1
[#] wg setconf wg1 /dev/stdin
[#] ifconfig wg1 inet 192.168.100.1/24 alias
[#] ifconfig wg1 mtu 1420
[#] ifconfig wg1 up
[+] Backgrounding route monitor

root@:~ # wg show wg1
interface: wg1
  public key: ADTJlJuuTjUaAkPchD4Fk6nOiH1Kw3vqqzBiaKHScHE=
  private key: (hidden)
  listening port: 51820

root@:~ # ping -t 1 -c 1 192.168.100.2
PING 192.168.100.2 (192.168.100.2): 56 data bytes
ping: sendto: Capabilities insufficient
92 bytes from 127.0.0.1: Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 ada5   0 0000  40  01 83af 192.168.100.1  192.168.100.2 


--- 192.168.100.2 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
```

The error message "Capabilities insufficient" is misleading.

-- 
You are receiving this mail because:
You are the assignee for the bug.