From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Feedback on WG Date: Tue, 27 Aug 2024 11:19:48 +0100 Message-ID: <937303A2-EDA0-4207-B553-D7BC01B5550C@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2799192739467330686==" List-Id: --===============2799192739467330686== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Could you show me the route tables of both systems, please? -Michael > On 26 Aug 2024, at 13:13, Adolf Belka wrote: >=20 > I tried out netcat to send some traffic through the tunnel. That confirmed = that the tunnel is only working in one direction. >=20 > If I put the laptop in listening mode and from a vm on the IPFire green lan= sent some data from /dev/zero through the tunnel, it was received at the oth= er end. >=20 >=20 > Setting the vm on the IPFire green lan into listening mode and sending the = data from the laptop resulted in nothing being sent from the laptop and obvio= usly nothing received at the green vm. >=20 > So it is not just a ping issue. >=20 > Regards, >=20 > Adolf. >=20 > On 26/08/2024 13:17, Adolf Belka wrote: >> Hi Michael, >>=20 >> Getting back to testing out the WG. >>=20 >> On 21/08/2024 16:23, Michael Tremer wrote: >>> Hello Adolf, >>>=20 >>>> On 19 Aug 2024, at 12:04, Adolf Belka wrote: >>>>=20 >>>> Hi Michael, >>>>=20 >>>> Sorry for the delay with feedback on the WG testing. I was a bit tied up= with DIY stuff in the house. >>>=20 >>> No problem... >>>=20 >>>> By manually importing the WG config file created I was able to successfu= lly connect from my laptop to my IPFire vm system. The WUI showed connected. = The config file had my allowed subnets set as 192.168.200.0/255.255.255.0 whi= ch is the green subnet on my vm system. However trying ping over the WG tunne= l gave failures for the IP of the vm machine, green1, and also for the green = interface of the vm IPFire. >>>=20 >>> Okay, connecting should be nice and easy. However, you *should* be able t= o transfer some data... >>>=20 >>>> Trying to ping with the FQDN for the green1 system resulted in no resolv= ing of green1's FQDN to a local IP but tried to send it to my main red interf= ace with my ISP. >>>=20 >>> Can you try to ping from either side? The client the firewall and the fir= ewall the client? That should work if the tunnel is up. >>=20 >> Tried again to ping from laptop to IPFire green lan, both the IPFire green= interface and a vm PC on the green lan. In both cases 100% packet loss. >>=20 >> I then tried doing the ping from the vm machine on the green IPFire lan to= the laptop, as you suggested and in this case I got 100% packet transmission. >>=20 >> In all above tests I used IP's to remove any question about DNS resolving. >>=20 >> So the ping seems to only be working in one direction. Let me know if ther= e are any other tests or checks I should do based on this result. >>=20 >> Regards, >> Adolf. >>=20 >>>=20 >>>> So something appears to be missing or incorrect with the routing but not= sure what. >>>>=20 >>>> Minor points on the WUI. >>>=20 >>> I would like to have the thing working first before we spend any time on = making the UI look nice, but you are raising very good points. >>>=20 >>>> When disconnected the status section that is coloured red is huge and th= e space for the remark is very small but when connected then the status space= is large enough to have the connected status word, giving much more room for= the remark. >>>=20 >>> That should not be. No idea why that is, but I am sure that is not too ha= rd to fix. >>>=20 >>>> When the WG config file is created and you have the page with the QR cod= e, there is also a message about the WG config file only being shown this one= time as it contains private key material. The message is fine but the headin= g for the message is "Oops, something went wrong...". It should really be som= ething like "Information Note" or equivalent as it is not an actual error mes= sage. >>>=20 >>> I think I created a little widget which I used somewhere else too and the= n added the headline. It certainly does not fit here. >>>=20 >>> -Michael >>>=20 >>>>=20 >>>> See the screenshots attached. >>>>=20 >>>> Regards, >>>>=20 >>>> Adolf. >>>> >>>=20 --===============2799192739467330686==--