Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wireguard between two WSL2 instances and mirrored network mode does not work #10841

Closed
1 of 2 tasks
wizpresso-steve-cy-fan opened this issue Nov 29, 2023 · 2 comments
Closed
1 of 2 tasks

Wireguard between two WSL2 instances and mirrored network mode does not work #10841

wizpresso-steve-cy-fan opened this issue Nov 29, 2023 · 2 comments

Comments

@wizpresso-steve-cy-fan
Copy link

Windows Version

Microsoft Windows [Version 10.0.22621.2428]

WSL Version

2.0.9.0

Are you using WSL 1 or WSL 2?

  • WSL 2
  • WSL 1

Kernel Version

6.1.21.2-microsoft-standard-WSL2

Distro Version

Ubuntu 22.04

Other Software

No response

Repro Steps

  1. Find two distinct machines that runs WSL2 and mirrored mode
  2. Build your own kernel that supports Wireguard with the needed kernel features (minimal requirements: Wireguard Support through WSL Kernel #7547 (comment))
  3. Use your custom kernel on the two distinct machines
  4. Install Wireguard on both machines, make peering pairs of public key and private keys, listen and configure on their mirrored network address respectively
  5. inter-ping their internal wireguard address

Expected Behavior

Wireguard should work out of the box.

Actual Behavior

I have two machines on 172.30.0.2 and 172.30.0.6, here is their respective log:
172.30.0.2:

[   11.871179] wireguard: wg0: Interface created
[   11.911926] wireguard: wg0: Peer 1 created
[   49.380952] hv_balloon: Max. dynamic memory size: 32726 MB
[  278.436624] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.6:51820)
[  284.079595] wireguard: wg0: Handshake for peer 1 (172.30.0.6:51820) did not complete after 5 seconds, retrying (try 2)
[  284.079651] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.6:51820)
[  289.200183] wireguard: wg0: Handshake for peer 1 (172.30.0.6:51820) did not complete after 5 seconds, retrying (try 3)
[  289.200233] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.6:51820)
[  294.960660] wireguard: wg0: Handshake for peer 1 (172.30.0.6:51820) did not complete after 5 seconds, retrying (try 4)
[  294.960800] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.6:51820)
[  300.721187] wireguard: wg0: Handshake for peer 1 (172.30.0.6:51820) did not complete after 5 seconds, retrying (try 5)
[  300.721317] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.6:51820)
[  306.481822] wireguard: wg0: Handshake for peer 1 (172.30.0.6:51820) did not complete after 5 seconds, retrying (try 6)
[  306.481927] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.6:51820)
[  311.522200] wireguard: wg0: Handshake for peer 1 (172.30.0.6:51820) did not complete after 5 seconds, retrying (try 7)
[  311.522300] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.6:51820)
[  317.362763] wireguard: wg0: Handshake for peer 1 (172.30.0.6:51820) did not complete after 5 seconds, retrying (try 8)
[  317.362877] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.6:51820)
[  323.123409] wireguard: wg0: Handshake for peer 1 (172.30.0.6:51820) did not complete after 5 seconds, retrying (try 9)
[  323.123508] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.6:51820)
[  328.883899] wireguard: wg0: Handshake for peer 1 (172.30.0.6:51820) did not complete after 5 seconds, retrying (try 10)
[  328.884003] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.6:51820)
[  334.644435] wireguard: wg0: Handshake for peer 1 (172.30.0.6:51820) did not complete after 5 seconds, retrying (try 11)
[  334.644546] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.6:51820)
[  340.405072] wireguard: wg0: Handshake for peer 1 (172.30.0.6:51820) did not complete after 5 seconds, retrying (try 12)
[  340.405178] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.6:51820)
[  346.165605] wireguard: wg0: Handshake for peer 1 (172.30.0.6:51820) did not complete after 5 seconds, retrying (try 13)
[  346.165654] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.6:51820)
[  351.286079] wireguard: wg0: Handshake for peer 1 (172.30.0.6:51820) did not complete after 5 seconds, retrying (try 14)
[  351.286188] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.6:51820)
[  357.046644] wireguard: wg0: Handshake for peer 1 (172.30.0.6:51820) did not complete after 5 seconds, retrying (try 15)
[  357.046693] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.6:51820)
[  362.087072] wireguard: wg0: Handshake for peer 1 (172.30.0.6:51820) did not complete after 5 seconds, retrying (try 16)
[  362.087273] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.6:51820)
[  367.287528] wireguard: wg0: Handshake for peer 1 (172.30.0.6:51820) did not complete after 5 seconds, retrying (try 17)
[  367.287625] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.6:51820)
[  372.328072] wireguard: wg0: Handshake for peer 1 (172.30.0.6:51820) did not complete after 5 seconds, retrying (try 18)
[  372.328124] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.6:51820)
[  377.528541] wireguard: wg0: Handshake for peer 1 (172.30.0.6:51820) did not complete after 5 seconds, retrying (try 19)
[  377.528592] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.6:51820)
[  382.649037] wireguard: wg0: Handshake for peer 1 (172.30.0.6:51820) did not complete after 5 seconds, retrying (try 20)
[  382.649088] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.6:51820)
[  388.409638] wireguard: wg0: Handshake for peer 1 (172.30.0.6:51820) did not complete after 20 attempts, giving up

On the other side, 172.30.0.6:

[   15.753760] wireguard: wg0: Interface created
[   15.814079] wireguard: wg0: Peer 1 created
[   20.030663] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.2:51820)
[   25.508606] wireguard: wg0: Handshake for peer 1 (172.30.0.2:51820) did not complete after 5 seconds, retrying (try 2)
[   25.508983] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.2:51820)
[   30.628727] wireguard: wg0: Handshake for peer 1 (172.30.0.2:51820) did not complete after 5 seconds, retrying (try 3)
[   30.628883] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.2:51820)
[   36.387981] wireguard: wg0: Handshake for peer 1 (172.30.0.2:51820) did not complete after 5 seconds, retrying (try 4)
[   36.388107] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.2:51820)
[   42.147793] wireguard: wg0: Handshake for peer 1 (172.30.0.2:51820) did not complete after 5 seconds, retrying (try 5)
[   42.148399] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.2:51820)
[   43.813636] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[   43.813673] IPv6: ADDRCONF(NETDEV_CHANGE): cali7279c1d028a: link becomes ready
[   44.810865] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[   44.810904] IPv6: ADDRCONF(NETDEV_CHANGE): calic8a8403715b: link becomes ready
[   47.907724] wireguard: wg0: Handshake for peer 1 (172.30.0.2:51820) did not complete after 5 seconds, retrying (try 6)
[   47.908282] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.2:51820)
[   50.038581] hv_balloon: Max. dynamic memory size: 131018 MB
[   52.947544] wireguard: wg0: Handshake for peer 1 (172.30.0.2:51820) did not complete after 5 seconds, retrying (try 7)
[   52.947690] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.2:51820)
[   57.624063] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[   57.624104] IPv6: ADDRCONF(NETDEV_CHANGE): cali00a35de4f7d: link becomes ready
[   58.147483] wireguard: wg0: Handshake for peer 1 (172.30.0.2:51820) did not complete after 5 seconds, retrying (try 8)
[   58.147637] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.2:51820)
[   63.907332] wireguard: wg0: Handshake for peer 1 (172.30.0.2:51820) did not complete after 5 seconds, retrying (try 9)
[   63.907466] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.2:51820)
[   69.667233] wireguard: wg0: Handshake for peer 1 (172.30.0.2:51820) did not complete after 5 seconds, retrying (try 10)
[   69.667385] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.2:51820)
[   75.427101] wireguard: wg0: Handshake for peer 1 (172.30.0.2:51820) did not complete after 5 seconds, retrying (try 11)
[   75.427217] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.2:51820)
[   81.186947] wireguard: wg0: Handshake for peer 1 (172.30.0.2:51820) did not complete after 5 seconds, retrying (try 12)
[   81.187059] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.2:51820)
[   86.306870] wireguard: wg0: Handshake for peer 1 (172.30.0.2:51820) did not complete after 5 seconds, retrying (try 13)
[   86.307000] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.2:51820)
[   92.076754] wireguard: wg0: Handshake for peer 1 (172.30.0.2:51820) did not complete after 5 seconds, retrying (try 14)
[   92.076776] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.2:51820)
[   97.186611] wireguard: wg0: Handshake for peer 1 (172.30.0.2:51820) did not complete after 5 seconds, retrying (try 15)
[   97.186727] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.2:51820)
[   99.615135] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[   99.615169] IPv6: ADDRCONF(NETDEV_CHANGE): cali8bc063b2c27: link becomes ready
[  102.946525] wireguard: wg0: Handshake for peer 1 (172.30.0.2:51820) did not complete after 5 seconds, retrying (try 16)
[  102.946588] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.2:51820)
[  108.706393] wireguard: wg0: Handshake for peer 1 (172.30.0.2:51820) did not complete after 5 seconds, retrying (try 17)
[  108.706901] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.2:51820)
[  113.826254] wireguard: wg0: Handshake for peer 1 (172.30.0.2:51820) did not complete after 5 seconds, retrying (try 18)
[  113.826404] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.2:51820)
[  118.946147] wireguard: wg0: Handshake for peer 1 (172.30.0.2:51820) did not complete after 5 seconds, retrying (try 19)
[  118.946196] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.2:51820)
[  124.066035] wireguard: wg0: Handshake for peer 1 (172.30.0.2:51820) did not complete after 5 seconds, retrying (try 20)
[  124.066205] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.2:51820)
[  129.825927] wireguard: wg0: Handshake for peer 1 (172.30.0.2:51820) did not complete after 20 attempts, giving up
[  640.038522] wireguard: wg0: Sending handshake initiation to peer 1 (172.30.0.2:51820)

Diagnostic Logs

No response
@github-actions GitHub Actions
Copy link

Hi I'm an AI powered bot that finds similar issues based off the issue title.

Please view the issues below to see if they solve your problem, and if the issue describes your problem please consider closing this one and thumbs upping the other issue to help us prioritize it. Thank you!

Open similar issues:

Closed similar issues:

Note: You can give me feedback by thumbs upping or thumbs downing this comment.

@wizpresso-steve-cy-fan
Copy link
Author

wizpresso-steve-cy-fan commented Nov 29, 2023
edited
Loading

A workaround has been found for this issue, but it comes at a great cost.

  1. Install wireguard-go. This can be done by sudo apt install wireguard-go -y in Ubuntu/Debian
  2. If you have Wireguard kernel support, patch /usr/bin/wg-quick with the following patchset:
90c90
<       if ! cmd ip link add "$INTERFACE" type wireguard; then
---
>       # if ! cmd ip link add "$INTERFACE" type wireguard; then
92c92
<               [[ -e /sys/module/wireguard ]] || ! command -v "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" >/dev/null && exit $ret
---
>               # [[ -e /sys/module/wireguard ]] || ! command -v "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" >/dev/null && exit $ret
95c95
<       fi
---
>       # fi

This effectively disables the kernel level Wireguard, forcing to use userspace implementations
3. Run wireguard with wireguard-go. Example: sudo WG_QUICK_USERSPACE_IMPLEMENTATION=wireguard WG_SUDO=1 wg-quick.patched up wg0
4. Both side should ping now

I realized there might be something missing with mirrored network mode, especially regarding kernel level support. This will be a new feature request for this.

Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wizpresso-steve-cy-fan