New WireGuard kernel module does not work with mullvad VPN

Vasily Postnicov shamaz.mazum at gmail.com
Thu Jan 21 16:20:25 UTC 2021 

Aha!

My Public key derived from the private key does not match the key
mullvad VPN derives (they give me my generated private key):

root at vonbraun:~ # ifconfig wg0 create private-key
94krUfNiNdUwZoPwek2PlCDB92h1nbvmavggQbgrfM0= listen-port 5423
root at vonbraun:~ # ifconfig wg0
wg0: flags=8080a0<NOARP,MULTICAST> metric 0 mtu 1420
    options=880000<LINKSTATE>
    groups: wg
    listen-port: 5423
    private-key: 8IkrUfNiNdUwZoPwek2PlCDB92h1nbvmavggQbgrfE0=
    public-key:  FpuxfigYTk73RE4VwFV/2zbAc6sWxQkQWnShccOvvSc=
    media: Ethernet autoselect (25GBase-ACC <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

Mullvad thinks the public key is izjBq6I7GRVaNOvO…
I delete this key from my account now)

wireguard-go always displays the correct public key (corresponding
with what mullvad thinks)

чт, 21 янв. 2021 г. в 18:38, Vasily Postnicov <shamaz.mazum at gmail.com>:
>
> Hello. I try the new module and it does not seem to work for me. I use
> mullvad VPN and wireguard-go but want to replace wireguard-go with
> kernelspace implementation.
>
> A have the following configuration:
> [Interface]
> PrivateKey = <private-key>
> Address = 10.66.116.246/32,fc00:bbbb:bbbb:bb01::3:74f5/128
> DNS = 193.138.218.74
>
> [Peer]
> PublicKey = jJVG/lv7RikDG0FMsV3WJgfot5XecPm9aHDrYvU+NAM=
> AllowedIPs = 0.0.0.0/0,::0/0
> Endpoint = 86.107.21.34:51820
>
> So I try this (12345 is just a random port, I do not have it in the
> configuration):
> ifconfig wg0 create private-key <private-key> listen-port 12345
> ifconfig wg0 peer public-key <public-key> allowed-ips 0.0.0.0/0
> allowed-ips ::0/0 endpoint 86.107.21.34:51820
> ifconfig wg0 inet 10.66.116.246/32
> ifconfig wg0 inet6 fc00:bbbb:bbbb:bb01::3:74f5/128
>
> The interface goes up after "ifconfig wg0 inet" command.
> Then I add new routes just like wireguard-go does:
> route -q -n add -inet6 ::/1 -interface wg0
> route -q -n add -inet6 8000::/1 -interface wg0
> route -q -n add -inet 0.0.0.0/1 -interface wg0
> route -q -n add -inet 128.0.0.0/1 -interface wg0
> route -q -n add -inet 86.107.21.34 -gateway 192.168.20.1
>
> 192.168.20.1 is just my default gateway.
>
> I also set sysctl net.inet.ip.forwarding = 1 (some manual told so).
> Nothing works in the result, I can ping my gateway and the endpoint,
> but nothing else. Wireshark says there are "WireGuard Handshake
> Initiation" packages from re0 (my interface connected to the internet)
> to the endpoint, but no responses.
>
> What can be wrong?

More information about the freebsd-net mailing list