[Freedombox-discuss] Wireguard: Packet has unallowed src IP (...) from peer 1 (...)
A. F. Cano
afc54 at comcast.net
Mon Feb 24 02:02:51 GMT 2025
On Sat, Feb 15, 2025 at 04:45:29PM -0500, I wrote:
> ...
> After
>
> $ echo "module wireguard +p" | sudo tee /sys/kernel/debug/dynamic_debug/control
>
> I see this when running "sudo dmesg -wT" at the FreedomBox:
>
> [Sat Feb 15 15:13:46 2025] wireguard: wg0: Packet has unallowed src IP (192.168.200.28) from peer 1 (73.178.216.92:42585)
>
> ...
The search for a fix continues. At the FreedomBox:
$ sudo wg show
interface: wg0
public key: SE8DY0zzZNlx+cKoJ23nAwx0b92YrWLPBYvTII6vegs=
private key: (hidden)
listening port: 51820
peer: FmCLauSZe8HwxVwjekP2/M76y3SX2qYmNw2EcTtwAQQ=
endpoint: 73.178.216.92:49625
allowed ips: 10.84.0.2/32
latest handshake: 6 days, 1 hour, 32 minutes, 4 seconds ago
transfer: 14.27 KiB received, 15.34 MiB sent
persistent keepalive: every 25 seconds
Since the client I want to connect is not in the allowed IPs, created
this /etc/wireguard/wg0.conf
[Peer]
PublicKey = "FmCLauSZe8HwxVwjekP2/M76y3SX2qYmNw2EcTtwAQQ="
AllowedIPs = 10.84.0.2/32,192.168.200.28
Then wg-quick strip wg0 apparently reads this, so tried:
$ sudo wg syncconf wg0 <(wg-quick strip wg0)
fopen: No such file or directory
The expected result was that the new "AllowedIPs", that includes the
client I want to make known to the FreedomBox would now be incorporated
in the running system, but I get this fopen error.
I have a hard time believing that I'm the only one who has trouble with
wireguard, or that I'm the only one who has tried to use it on a
FreedomBox. Someone please tell me what I'm doing wrong. How does the
FreedomBox differ from a standard wireguard implementation? How do I
tell it to add 192.168.200.28 to the list of allowedIPs? In the server
configuration page, "Allowed IPs" is read-only and only contains
10.84.0.2.
Thanks.
Augustine
More information about the Freedombox-discuss
mailing list