Jump to content
  • 0
vasek00

36A15 wireguard и Cloudflare warp

Question

После не продолжительной работы wireguard на роутере с Cloudflare warp c начала декабря 2020 и ПО 3.6.А.10 по 3.6.А.14 работало (как бы) но после обновления 3.6.А.15 перестал но не сразу. Так де не получилось днем ранее на 3.6.А.15 KN1010 поднять вообще (ошибка нет приема). Месяц удачного использования, как то странно.

На ПК при установленном ПО пока работает (дата установки такая же как и на роутере) сервис Cloudflare warp или же обычный WG на ПК с сервисом Cloudflare warp.

По логам

Скрытый текст

Янв 11 09:42:06 kernel wireguard: Wireguard2: handshake for peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" (4) (162.159.192.1:2408) did not complete after 5 seconds, retrying (try 6)
Янв 11 09:42:11 kernel wireguard: Wireguard2: handshake for peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" (4) (162.159.192.1:2408) did not complete after 5 seconds, retrying (try 7)
Янв 11 09:42:16 kernel wireguard: Wireguard2: handshake for peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" (4) (162.159.192.1:2408) did not complete after 5 seconds, retrying (try 8)
Янв 11 09:42:22 kernel wireguard: Wireguard2: handshake for peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" (4) (162.159.192.1:2408) did not complete after 5 seconds, retrying (try 9)
Янв 11 09:42:27 kernel wireguard: Wireguard2: handshake for peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" (4) (162.159.192.1:2408) did not complete after 5 seconds, retrying (try 10)
Янв 11 09:42:32 kernel wireguard: Wireguard2: handshake for peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" (4) (162.159.192.1:2408) did not complete after 5 seconds, retrying (try 11)
Янв 11 09:42:38 kernel wireguard: Wireguard2: handshake for peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" (4) (162.159.192.1:2408) did not complete after 5 seconds, retrying (try 12)
Янв 11 09:42:43 kernel wireguard: Wireguard2: handshake for peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" (4) (162.159.192.1:2408) did not complete after 5 seconds, retrying (try 13)
Янв 11 09:42:48 kernel wireguard: Wireguard2: handshake for peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" (4) (162.159.192.1:2408) did not complete after 5 seconds, retrying (try 14)
Янв 11 09:42:53 kernel wireguard: Wireguard2: handshake for peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" (4) (162.159.192.1:2408) did not complete after 5 seconds, retrying (try 15)
Янв 11 09:42:59 kernel wireguard: Wireguard2: handshake for peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" (4) (162.159.192.1:2408) did not complete after 5 seconds, retrying (try 16)
Янв 11 09:43:04 kernel wireguard: Wireguard2: handshake for peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" (4) (162.159.192.1:2408) did not complete after 5 seconds, retrying (try 17)
Янв 11 09:43:09 kernel wireguard: Wireguard2: handshake for peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" (4) (162.159.192.1:2408) did not complete after 5 seconds, retrying (try 18)
Янв 11 09:43:14 kernel wireguard: Wireguard2: handshake for peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" (4) (162.159.192.1:2408) did not complete after 5 seconds, retrying (try 19)
Янв 11 09:43:20 kernel wireguard: Wireguard2: handshake for peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" (4) (162.159.192.1:2408) did not complete after 5 seconds, retrying (try 20)
Янв 11 09:43:25 kernel wireguard: Wireguard2: handshake for peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" (4) (162.159.192.1:2408) did not complete after 20 attempts, giving up
Янв 11 09:44:37 ndm Wireguard::Interface: "Wireguard2": peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" went offline, update configuration.
Янв 11 09:45:45 kernel wireguard: Wireguard2: zeroing out all keys for peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" (4) (162.159.192.1:2408), since we haven't received a new one in 540 seconds
Янв 11 09:47:42 ndm Wireguard::Interface: "Wireguard2": peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" went offline, update configuration.
Янв 11 09:48:34 kernel wireguard: Wireguard2: handshake for peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" (4) (162.159.192.1:2408) did not complete after 5 seconds, retrying (try 2)
Янв 11 09:48:40 kernel wireguard: Wireguard2: handshake for peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" (4) (162.159.192.1:2408) did not complete after 5 seconds, retrying (try 3)
Янв 11 09:48:45 kernel wireguard: Wireguard2: handshake for peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" (4) (162.159.192.1:2408) did not complete after 5 seconds, retrying (try 4)
Янв 11 09:48:50 kernel wireguard: Wireguard2: handshake for peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" (4) (162.159.192.1:2408) did not complete after 5 seconds, retrying (try 5)
Янв 11 09:48:56 kernel wireguard: Wireguard2: handshake for peer "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" (4) (162.159.192.1:2408) did not complete after 5 seconds, retrying (try 6)

по конф файлу который с самого начала


! 
access-list _WEBADMIN_Wireguard2
    permit ip 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
    permit description Cloud-local

isolate-private

interface Wireguard2
    description warp
    security-level public
    ip address 10.16.132.97 255.255.255.255
    ip mtu 1324
    ip access-group _WEBADMIN_Wireguard2 in
    ip global 7178
    ip tcp adjust-mss pmtu
    wireguard peer bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo= !cloudwarp
        endpoint engage.cloudflareclient.com:2408
        keepalive-interval 300
        allow-ips 0.0.0.0 0.0.0.0
        allow-ips 10.16.132.0 255.255.255.0
    !
    up

ip name-server 192.168.130.97 "" on Home
ip name-server 192.168.130.97 "" on Wireguard2

ip policy Policy0
    description Inet-2
    permit global Wireguard2
    no permit global PPPoE0

 

 

Скрытый текст

857718625_-1.thumb.jpg.2df2692e2dd98a51bf887c89f67adfe4.jpg

 

Share this post


Link to post
Share on other sites

5 answers to this question

Recommended Posts

  • 0

Решил вопрос пересозданием ключа заново, только не в WEB роутера а из https://github.com/ViRb3/wgcf/releases

для wgcf_2.1.4_linux_mipsle_softfloat

Скрытый текст



/opt/home/Warp # ls
wgcf-account.toml                  wgcf-profile.conf                  wgcf_2.1.4_linux_mips_softfloat    wgcf_2.1.4_linux_mipsle_softfloat
/opt/home/Warp # ./wgcf_2.1.4_linux_mipsle_softfloat
2021/01/11 09:17:58 Using config file: wgcf-account.toml
wgcf is a utility for Cloudflare Warp that allows you to create and manage accounts, assign license keys, and generate WireGuard profiles. Made by Victor (@ViRb3). Project website: https://github.com/ViRb3/wgcf

Usage:
  wgcf [flags]
  wgcf [command]

Available Commands:
  generate    Generates a WireGuard profile from the current Cloudflare Warp account
  help        Help about any command
  register    Registers a new Cloudflare Warp device and creates a new account, preparing it for connection
  status      Prints the status of the current Cloudflare Warp device
  trace       Prints trace information about the current internet connection
  update      Updates the current Cloudflare Warp account, preparing it for connection

Flags:
      --config string   Configuration file (default "wgcf-account.toml")
  -h, --help            help for wgcf

Use "wgcf [command] --help" for more information about a command.
/opt/home/Warp #

/opt/home/Warp # ./wgcf_2.1.4_linux_mipsle_softfloat generate
2021/01/11 09:18:46 Using config file: wgcf-account.toml
2021/01/11 09:18:48 =======================================
2021/01/11 09:18:48 Device name   : 157874
2021/01/11 09:18:48 Device model  : PC
2021/01/11 09:18:48 Device active : true
2021/01/11 09:18:48 Account type  : free
2021/01/11 09:18:48 Role          : child
2021/01/11 09:18:48 Premium data  : 0.000000
2021/01/11 09:18:48 Quota         : 0.000000
2021/01/11 09:18:48 =======================================
2021/01/11 09:18:48 Successfully generated WireGuard profile: wgcf-profile.conf
/opt/home/Warp #

Файл wgcf-profile.conf, нужный параметр "PrivateKey" подставил в WEB





[Interface]
PrivateKey = mOe........UU=
Address = 172.16.0.2/32
Address = fd01:5ca1:ab1e:856b:cb0e:178a:ae79:f716/128
DNS = 1.1.1.1
MTU = 1280
[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
AllowedIPs = 0.0.0.0/0
AllowedIPs = ::/0
Endpoint = engage.cloudflareclient.com:2408

параметры Adress и DNS подставил свои.

 

Так же запустилось и на втором роутере при установке ключа "PrivateKey" из "wgcf_2.1.4_linux_mipsle_softfloat generate" файл "wgcf-profile.conf"

Edited by vasek00

Share this post


Link to post
Share on other sites
  • 0
В 11.01.2021 в 12:29, vasek00 сказал:

Решил вопрос пересозданием ключа заново, только не в WEB роутера а из https://github.com/ViRb3/wgcf/releases

Мне не разу не удалось запустить CF Warp при помощи Web Privat Key  Поэтому меня удивил ваш пост , однако у вас работало.

 

Share this post


Link to post
Share on other sites
  • 0
2 часа назад, r777ay сказал:

Мне не разу не удалось запустить CF Warp при помощи Web Privat Key  Поэтому меня удивил ваш пост , однако у вас работало.

 

И сейчас работает, перенос  ключа "PrivateKey" из "wgcf_2.1.4_linux_mipsle_softfloat generate" в Web.

Share this post


Link to post
Share on other sites
  • 0
18 минут назад, vasek00 сказал:

И сейчас работает, перенос  ключа "PrivateKey" из "wgcf_2.1.4_linux_mipsle_softfloat generate" в Web.

Через wgcf_2.1.4_linux_mipsle_softfloat generate у меня тоже работает ,  а если генерить PrivateKey в Web то нет 

Share this post


Link to post
Share on other sites
  • 0

Схема

Интернет---KN1---LAN---KN2---LAN---ПК

KN2 в режиме основного роутера соединен с KN1 через LAN порты, на нем на KN2 поднят WG Cloudflare warp, на клиенте установлен IP шлюза KN2 в итоге все запустилось, да и странно было бы если бы не запустилось.

Скрытый текст

1789383958_-1.thumb.jpg.5d1564c3613260388840eb7b0ce67b75.jpg

Speedtest на клиенте ПК




    <file name="proc:net/dev">
        <![CDATA[
Inter-|   Receive                                                |  Transmit
 face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
...
    lo:  506651   10078    0    0    0     0          0         0   506651   10078    0    0    0     0       0          0
apcli0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
  eth2: 416040199  860757    0    0    0     0          0     92926 453206989  836736    0    0    0     0       0          0
eth2.3:       0       0    0    0    0     0          0         0      738       7    0    0    0     0       0          0
...
  eth3:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
  nwg0: 175624841  189601    0    0    0     0          0         0 175697452  225425    0    0    0     0       0          0
eth2.1: 396663317  786079    0    4    0     0          0     92926 440251357  789510    0    0    0     0       0          0
   br0: 396629625  785898    0    0    0     0          0     92787 429197769  789505    0    0    0     0       0          0
...

Hosts:
idx: 28, addr: 10.16.132.98, mask: 255.255.255.0, subnet: 10.16.132.0, seclevel: 3, local: 0
idx: 25, addr: 192.168.130.98, mask: 0.0.0.0, subnet: 0.0.0.0, seclevel: 1, local: 1
idx: 24, addr: 0.0.0.0, mask: 0.0.0.0, subnet: 0.0.0.0, seclevel: 2, local: 0
idx: 23, addr: 0.0.0.0, mask: 0.0.0.0, subnet: 0.0.0.0, seclevel: 1, local: 0

 

 

Edited by vasek00

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...