From nobody Tue Feb 08 12:01:56 2022
X-Original-To: bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id D97D519B7AC7
	for <bugs@mlmmj.nyi.freebsd.org>; Tue,  8 Feb 2022 12:01:56 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4JtM7S2jLYz3t5V
	for <bugs@FreeBSD.org>; Tue,  8 Feb 2022 12:01:56 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3CE5E19192
	for <bugs@FreeBSD.org>; Tue,  8 Feb 2022 12:01:56 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 218C1uNO048343
	for <bugs@FreeBSD.org>; Tue, 8 Feb 2022 12:01:56 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 218C1u7Z048342
	for bugs@FreeBSD.org; Tue, 8 Feb 2022 12:01:56 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 261711] VXLAN over wireguqard
Date: Tue, 08 Feb 2022 12:01:56 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: misc
X-Bugzilla-Version: 13.0-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: worker@cksn.tk
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-261711-227-KwgpBDhp6p@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-261711-227@https.bugs.freebsd.org/bugzilla/>
References: <bug-261711-227@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-bugs
List-Help: <mailto:freebsd-bugs+help@freebsd.org>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Subscribe: <mailto:freebsd-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-bugs+unsubscribe@freebsd.org>
Sender: owner-freebsd-bugs@freebsd.org
MIME-Version: 1.0
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1644321716;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=G4iu9Em347AehbEGIZsLOh3VOnsZl4rmgkI9UiYvtII=;
	b=Bm9xtoVUisK4U4c7BUUximR80eA7hEZz3/CYN56BxM8EMujv1+JBaXVzQgg+mUR69lKbmP
	P5wHUEpOMMqxkDoGMgRJVorT1BcQA10R987xIPBVe1IekDivCw5NmutyK1AiGb5JCk0KVB
	hHffIpA8L9BQJqg5Gi5OKZGo/Y6cjl5L78faRrQaXowHXKjCyvvtBSNTSSmtmqsoX0FHYb
	NyvL0NbeAQKg7PVZL4TdCmRUMMJX52Adai/ywuR+mqeUJnghQriThuhfkuyw9j7J9Hba+A
	vZbANWmk1aaQ55LVlEzLQfHa7FuPuyq+uwf5mrUgODt7+xsCqZS++cSzfDsL1w==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1644321716; a=rsa-sha256; cv=none;
	b=VuL7jsxMuobbLSgRJE2cDbjSqCJ4rxpI5Bo1qht4FnHimXRoBqR/lhRehLybtd4WYE2Z8q
	Eqnodwxcxs8LDPa/x2sFKz8owvIiWS6ue+MZGSVGveVvQfZ3izPkh5tWFt27bJfmTgph3m
	DmehU+YTrbU3ZUicN6V2NEJ2DuBjYJcxNkbSAxZRHUDngePoOq7SkmYvxGrz3IQOX/PvaN
	2soDZCBRRsTMRHHD/mS3TrsY1Lq2DUC4xLwO+TcuYKQLV7olEAOO3oC44gIqrDbV5Uac2V
	IrStQVIluShj9Mm4/nSH0GoOly+OkrsZVvD7AB8/zJtA586UXJxG3wzwOBzkKQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D261711

--- Comment #2 from Volker <worker@cksn.tk> ---
okay, sorry for the delay but now i have tested with an plain freeBSD
13-release (no opnsense offset). same result, VXLAN over wireguard isnt wor=
king
now. here is my test environment config:

system1:

- network interface vtnet0 is in DHCP mode for internet uplink and ssh acce=
ss
- network interface vtnet1 is a dedicated network between the VMs (10GBit w=
ith
9000 MTU):
# ifconfig vtnet1 inet 10.0.0.1 netmask 255.255.255.0 mtu 9000
# pkg install wireguard

wireguard config: /usr/local/etc/wireguard/wg0.conf
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
[Interface]
PrivateKey =3D ODK5skFPghxdo41XWG9Way6fIKHfhvKxeMDVxkeE610=3D
Address =3D 10.10.0.1/24
ListenPort =3D 51820

[Peer]
PublicKey =3D 4jyrPvDJUPAe/Lvqa6XUuqDX1SzzMiFVADh56jSPAWU=3D
AllowedIPs =3D 10.10.0.2/32
Endpoint =3D 10.0.0.2:51820
PersistentKeepalive =3D 15
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

# service wireguard start
# ifconfig vxlan create vxlanid 42 vxlanlocal 10.10.0.1 vxlanremote 10.10.0=
.2
inet 10.10.10.1/24




system 2:

- network interface vtnet0 is in DHCP mode for internet uplink and ssh acce=
ss
- network interface vtnet1 is a dedicated network between the VMs (10GBit w=
ith
9000 MTU):
# ifconfig vtnet1 inet 10.0.0.2 netmask 255.255.255.0 mtu 9000
# pkg install wireguard

wireguard config: /usr/local/etc/wireguard/wg0.conf
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
[Interface]
PrivateKey =3D ODK5skFPghxdo41XWG9Way6fIKHfhvKxeMDVxkeE610=3D
Address =3D 10.10.0.2/24
ListenPort =3D 51820

[Peer]
PublicKey =3D 4jyrPvDJUPAe/Lvqa6XUuqDX1SzzMiFVADh56jSPAWU=3D
AllowedIPs =3D 10.10.0.1/32
Endpoint =3D 10.0.0.1:51820
PersistentKeepalive =3D 15
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

# service wireguard start
# ifconfig vxlan create vxlanid 42 vxlanlocal 10.10.0.2 vxlanremote 10.10.0=
.1
inet 10.10.10.2/24




so all interfaces are up and running, so from system 1 i start to ping the
interfaces:


root@freebsd:~ # ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2): 56 data bytes
64 bytes from 10.0.0.2: icmp_seq=3D0 ttl=3D64 time=3D0.581 ms
64 bytes from 10.0.0.2: icmp_seq=3D1 ttl=3D64 time=3D0.614 ms
...

so ping between the native interfaces are fine

root@freebsd:~ # ping 10.10.0.2
PING 10.10.0.2 (10.10.0.2): 56 data bytes
64 bytes from 10.10.0.2: icmp_seq=3D0 ttl=3D64 time=3D0.824 ms
64 bytes from 10.10.0.2: icmp_seq=3D1 ttl=3D64 time=3D0.879 ms
...

ping via wireguard are also fine

root@freebsd:~ # ping 10.10.10.2
PING 10.10.10.2 (10.10.10.2): 56 data bytes
ping: sendto: Host is down
ping: sendto: Host is down
...

ping over the VXLAN is not working :( an check to the arp-table shows the
problem:

root@freebsd:~ # arp -a
? (10.10.10.2) at (incomplete) on vxlan0 expired [ethernet]
...

the initial arp request isnt responded by the opposite VXLAN interface.

here is the ifconfig from system 1:
root@freebsd:~ # ifconfig
vtnet0: flags=3D8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1=
500
=20=20=20=20=20=20=20
options=3D4c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSU=
M,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6>
        ether 4a:78:ef:c5:db:28
        inet6 fe80::4878:efff:fec5:db28%vtnet0 prefixlen 64 scopeid 0x1
        inet 10.50.0.240 netmask 0xffffff00 broadcast 10.50.0.255
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=3D23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3D680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=3D23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
vtnet1: flags=3D8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 9=
000
=20=20=20=20=20=20=20
options=3D4c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSU=
M,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6>
        ether c6:77:27:a1:fd:3e
        inet6 fe80::c477:27ff:fea1:fd3e%vtnet1 prefixlen 64 scopeid 0x3
        inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=3D23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
vxlan0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1=
500
        options=3D80020<JUMBO_MTU,LINKSTATE>
        ether 58:9c:fc:10:ff:c5
        inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255
        inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
        groups: vxlan
        vxlan vni 42 local 10.10.0.1:4789 remote 10.10.0.2:4789
        media: Ethernet autoselect (autoselect <full-duplex>)
        status: active
        nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
wg0: flags=3D80c1<UP,RUNNING,NOARP,MULTICAST> metric 0 mtu 8920
        options=3D80000<LINKSTATE>
        inet 10.10.0.1 netmask 0xffffff00
        groups: wg
        nd6 options=3D103<PERFORMNUD,ACCEPT_RTADV,NO_DAD>



and here from system 2:
root@freebsd:/usr/local/etc/wireguard # ifconfig
vtnet0: flags=3D8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1=
500
=20=20=20=20=20=20=20
options=3D4c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSU=
M,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6>
        ether 2e:c0:6b:ff:3b:79
        inet6 fe80::2cc0:6bff:feff:3b79%vtnet0 prefixlen 64 scopeid 0x1
        inet 10.50.0.241 netmask 0xffffff00 broadcast 10.50.0.255
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=3D23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
vtnet1: flags=3D8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 9=
000
=20=20=20=20=20=20=20
options=3D4c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSU=
M,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6>
        ether 52:10:64:d2:31:bf
        inet6 fe80::5010:64ff:fed2:31bf%vtnet1 prefixlen 64 scopeid 0x2
        inet 10.0.0.2 netmask 0xffffff00 broadcast 10.0.0.255
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=3D23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3D680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=3D23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
wg0: flags=3D80c1<UP,RUNNING,NOARP,MULTICAST> metric 0 mtu 1420
        options=3D80000<LINKSTATE>
        inet 10.10.0.2 netmask 0xffffff00
        groups: wg
        nd6 options=3D103<PERFORMNUD,ACCEPT_RTADV,NO_DAD>
vxlan0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1=
500
        options=3D80020<JUMBO_MTU,LINKSTATE>
        ether 58:9c:fc:10:ff:c5
        inet 10.10.10.2 netmask 0xffffff00 broadcast 10.10.10.255
        inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
        groups: vxlan
        vxlan vni 42 local 10.10.0.2:4789 remote 10.10.0.1:4789
        media: Ethernet autoselect (autoselect <full-duplex>)
        status: active
        nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>



so, this my input, maybe someone can have a look and can help to solve this
problem??? i know, the VXLAN MTU value isnt optimized but this shouldnt the
problem...

--=20
You are receiving this mail because:
You are the assignee for the bug.=