Skip to content

Instantly share code, notes, and snippets.

@catvec

catvec/client.out

Last active March 8, 2019 07:51
Show Gist options
  • Save catvec/45f211bb4630310a9a07a8d65bd4ea28 to your computer and use it in GitHub Desktop.
Save catvec/45f211bb4630310a9a07a8d65bd4ea28 to your computer and use it in GitHub Desktop.
Download ZIP
Wireguard general vpn debug
Raw
client.out
On client
########################
===== START RUN ip route show table all
0.0.0.0/1 dev wg0 scope link
default via 72.19.92.1 dev wlan0
10.0.0.0/24 dev wg0 proto kernel scope link src 10.0.0.2
72.19.92.0/22 dev wlan0 proto kernel scope link src 72.19.93.98
72.19.92.1 dev wlan0 scope link
128.119.101.1 via 72.19.92.1 dev wlan0
128.119.101.2 via 72.19.92.1 dev wlan0
broadcast 10.0.0.0 dev wg0 table local proto kernel scope link src 10.0.0.2
local 10.0.0.2 dev wg0 table local proto kernel scope host src 10.0.0.2
broadcast 10.0.0.255 dev wg0 table local proto kernel scope link src 10.0.0.2
broadcast 72.19.92.0 dev wlan0 table local proto kernel scope link src 72.19.93.98
local 72.19.93.98 dev wlan0 table local proto kernel scope host src 72.19.93.98
broadcast 72.19.95.255 dev wlan0 table local proto kernel scope link src 72.19.93.98
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
fe80::/64 dev wlan0 proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
local fe80::3252:cbff:fe82:3a67 dev wlan0 table local proto kernel metric 0 pref medium
ff00::/8 dev wlan0 table local metric 256 pref medium
ff00::/8 dev wg0 table local metric 256 pref medium
===== END RUN ip route show table all
===== START RUN ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,DYNAMIC> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:6f:92:05:3c brd ff:ff:ff:ff:ff:ff
42: wlan0: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 30:52:cb:82:3a:67 brd ff:ff:ff:ff:ff:ff
inet 72.19.93.98/22 brd 72.19.95.255 scope global wlan0
valid_lft forever preferred_lft forever
inet6 fe80::3252:cbff:fe82:3a67/64 scope link
valid_lft forever preferred_lft forever
46: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.0.0.2/24 scope global wg0
valid_lft forever preferred_lft forever
===== END RUN ip addr show
===== START RUN ip rule show
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
===== END RUN ip rule show
===== START RUN iptables-save
# Generated by iptables-save v1.8.2 on Fri Mar 8 02:45:33 2019
*mangle
:PREROUTING ACCEPT [11109402:9424765991]
:INPUT ACCEPT [11109365:9424754030]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6471838:385216522]
:POSTROUTING ACCEPT [6472533:385274588]
COMMIT
# Completed on Fri Mar 8 02:45:33 2019
# Generated by iptables-save v1.8.2 on Fri Mar 8 02:45:33 2019
*nat
:PREROUTING ACCEPT [13967:637035]
:INPUT ACCEPT [13930:625074]
:OUTPUT ACCEPT [2195127:131786245]
:POSTROUTING ACCEPT [2195127:131786245]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
COMMIT
# Completed on Fri Mar 8 02:45:33 2019
# Generated by iptables-save v1.8.2 on Fri Mar 8 02:45:33 2019
*filter
:INPUT ACCEPT [11109365:9424754030]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [6471838:385216522]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
COMMIT
# Completed on Fri Mar 8 02:45:33 2019
===== END RUN iptables-save
===== START RUN ip netconf
inet lo forwarding on rp_filter off mc_forwarding off proxy_neigh off ignore_routes_with_linkdown off
inet docker0 forwarding on rp_filter off mc_forwarding off proxy_neigh off ignore_routes_with_linkdown off
inet wlan0 forwarding on rp_filter off mc_forwarding off proxy_neigh off ignore_routes_with_linkdown off
inet wg0 forwarding on rp_filter off mc_forwarding off proxy_neigh off ignore_routes_with_linkdown off
inet all forwarding on rp_filter loose mc_forwarding off proxy_neigh off ignore_routes_with_linkdown off
inet default forwarding on rp_filter off mc_forwarding off proxy_neigh off ignore_routes_with_linkdown off
inet6 lo forwarding off mc_forwarding off proxy_neigh off ignore_routes_with_linkdown off
inet6 docker0 forwarding off mc_forwarding off proxy_neigh off ignore_routes_with_linkdown off
inet6 wlan0 forwarding off mc_forwarding off proxy_neigh off ignore_routes_with_linkdown off
inet6 wg0 forwarding off mc_forwarding off proxy_neigh off ignore_routes_with_linkdown off
inet6 all forwarding off mc_forwarding off proxy_neigh off ignore_routes_with_linkdown off
inet6 default forwarding off mc_forwarding off proxy_neigh off ignore_routes_with_linkdown off
===== END RUN ip netconf
===== START RUN wg
interface: wg0
public key: oG+lPVEZl2Gs4KOs2HxOC2Z+5XFhZmwIc3TU5s8B9ns=
private key: (hidden)
listening port: 38609
peer: 7wQ1mXzgFDan86NOSNHgMisL9GfUJQabyhVWzj6w2jw=
endpoint: 157.230.218.126:51820
allowed ips: 0.0.0.0/1, 10.0.0.0/24
latest handshake: 1 minute, 32 seconds ago
transfer: 1.46 KiB received, 151.82 KiB sent
persistent keepalive: every 25 seconds
===== END RUN wg
Raw
script-which-makes-those-outputs.sh
#!/usr/bin/env bash
if [ -z "$1" ]; then
echo "\$1 required" >&2
exit 1
fi
cmds=("ip route show table all" "ip addr show" "ip rule show" "iptables-save" "ip netconf" "wg")
echo "On $1"
echo "########################"
for cmd in "${cmds[@]}"; do
echo "===== START RUN $cmd"
$cmd
echo "===== END RUN $cmd"
done
Raw
server.out
On server
########################
===== START RUN ip route show table all
default via 157.230.208.1 dev eth0 proto dhcp src 157.230.218.126 metric 202 mtu 1500
10.0.0.0/24 dev wg0 proto kernel scope link src 10.0.0.1
157.230.208.0/20 dev eth0 proto dhcp scope link src 157.230.218.126 metric 202 mtu 1500
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
broadcast 10.0.0.0 dev wg0 table local proto kernel scope link src 10.0.0.1
local 10.0.0.1 dev wg0 table local proto kernel scope host src 10.0.0.1
broadcast 10.0.0.255 dev wg0 table local proto kernel scope link src 10.0.0.1
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 157.230.208.0 dev eth0 table local proto kernel scope link src 157.230.218.126
local 157.230.218.126 dev eth0 table local proto kernel scope host src 157.230.218.126
broadcast 157.230.223.255 dev eth0 table local proto kernel scope link src 157.230.218.126
broadcast 172.17.0.0 dev docker0 table local proto kernel scope link src 172.17.0.1 linkdown
local 172.17.0.1 dev docker0 table local proto kernel scope host src 172.17.0.1
broadcast 172.17.255.255 dev docker0 table local proto kernel scope link src 172.17.0.1 linkdown
fe80::/64 dev eth0 proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
local fe80::c68d:ed6:a598:985f dev eth0 table local proto kernel metric 0 pref medium
ff00::/8 dev eth0 table local metric 256 pref medium
ff00::/8 dev wg0 table local metric 256 pref medium
===== END RUN ip route show table all
===== START RUN ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether be:41:5b:fa:b6:cc brd ff:ff:ff:ff:ff:ff
inet 157.230.218.126/20 brd 157.230.223.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::c68d:ed6:a598:985f/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:5f:86:a9:45 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
9: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.0.0.1/24 scope global wg0
valid_lft forever preferred_lft forever
===== END RUN ip addr show
===== START RUN ip rule show
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
===== END RUN ip rule show
===== START RUN iptables-save
# Generated by iptables-save v1.8.2 on Fri Mar 8 02:44:36 2019
*nat
:PREROUTING ACCEPT [25705:1536099]
:INPUT ACCEPT [16764:1005098]
:OUTPUT ACCEPT [5915:246596]
:POSTROUTING ACCEPT [5917:246764]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
COMMIT
# Completed on Fri Mar 8 02:44:36 2019
# Generated by iptables-save v1.8.2 on Fri Mar 8 02:44:36 2019
*filter
:INPUT DROP [3602:192378]
:FORWARD DROP [3103:186180]
:OUTPUT ACCEPT [10:552]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
:ufw-after-forward - [0:0]
:ufw-after-input - [0:0]
:ufw-after-logging-forward - [0:0]
:ufw-after-logging-input - [0:0]
:ufw-after-logging-output - [0:0]
:ufw-after-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-before-input - [0:0]
:ufw-before-logging-forward - [0:0]
:ufw-before-logging-input - [0:0]
:ufw-before-logging-output - [0:0]
:ufw-before-output - [0:0]
:ufw-logging-allow - [0:0]
:ufw-logging-deny - [0:0]
:ufw-not-local - [0:0]
:ufw-reject-forward - [0:0]
:ufw-reject-input - [0:0]
:ufw-reject-output - [0:0]
:ufw-skip-to-policy-forward - [0:0]
:ufw-skip-to-policy-input - [0:0]
:ufw-skip-to-policy-output - [0:0]
:ufw-track-forward - [0:0]
:ufw-track-input - [0:0]
:ufw-track-output - [0:0]
:ufw-user-forward - [0:0]
:ufw-user-input - [0:0]
:ufw-user-limit - [0:0]
:ufw-user-limit-accept - [0:0]
:ufw-user-logging-forward - [0:0]
:ufw-user-logging-input - [0:0]
:ufw-user-logging-output - [0:0]
:ufw-user-output - [0:0]
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A ufw-before-input -j ufw-not-local
-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
-A ufw-before-input -j ufw-user-input
-A ufw-before-output -o lo -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -j ufw-user-output
-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
-A ufw-skip-to-policy-forward -j DROP
-A ufw-skip-to-policy-input -j DROP
-A ufw-skip-to-policy-output -j ACCEPT
-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 22 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 80 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 80 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 443 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 443 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 51820 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 51820 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 6697 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 6697 -j DROP
-A ufw-user-input -p udp -m udp --dport 34197 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 34197 -j DROP
-A ufw-user-input -p tcp -m tcp --dport 27015 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 27015 -j DROP
-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-limit-accept -j ACCEPT
COMMIT
# Completed on Fri Mar 8 02:44:36 2019
===== END RUN iptables-save
===== START RUN ip netconf
ipv4 dev lo forwarding on rp_filter off mc_forwarding off proxy_neigh off ignore_routes_with_linkdown off
ipv4 dev eth0 forwarding on rp_filter strict mc_forwarding off proxy_neigh off ignore_routes_with_linkdown off
ipv4 dev docker0 forwarding on rp_filter strict mc_forwarding off proxy_neigh off ignore_routes_with_linkdown off
ipv4 dev wg0 forwarding on rp_filter strict mc_forwarding off proxy_neigh off ignore_routes_with_linkdown off
ipv4 all forwarding on rp_filter strict mc_forwarding off proxy_neigh off ignore_routes_with_linkdown off
ipv4 default forwarding on rp_filter strict mc_forwarding off proxy_neigh off ignore_routes_with_linkdown off
ipv6 dev lo forwarding off proxy_neigh off ignore_routes_with_linkdown off
ipv6 dev eth0 forwarding off proxy_neigh off ignore_routes_with_linkdown off
ipv6 dev docker0 forwarding off proxy_neigh off ignore_routes_with_linkdown off
ipv6 dev wg0 forwarding off proxy_neigh off ignore_routes_with_linkdown off
ipv6 all forwarding off proxy_neigh off ignore_routes_with_linkdown off
ipv6 default forwarding off proxy_neigh off ignore_routes_with_linkdown off
===== END RUN ip netconf
===== START RUN wg
interface: wg0
public key: 7wQ1mXzgFDan86NOSNHgMisL9GfUJQabyhVWzj6w2jw=
private key: (hidden)
listening port: 51820
peer: oG+lPVEZl2Gs4KOs2HxOC2Z+5XFhZmwIc3TU5s8B9ns=
endpoint: 72.19.93.98:38609
allowed ips: 10.0.0.0/24
latest handshake: 37 seconds ago
transfer: 35.57 KiB received, 764.89 KiB sent
persistent keepalive: every 25 seconds
===== END RUN wg
Raw
up.sh
#!/usr/bin/env bash
wg-quick up ./wg0.conf
Raw
wg0.conf
[Interface]
Address = 10.0.0.2/24
PrivateKey = shhh
[Peer]
PublicKey = 7wQ1mXzgFDan86NOSNHgMisL9GfUJQabyhVWzj6w2jw=
Endpoint = funkyboy.zone:51820
AllowedIPs = 0.0.0.0/1, 10.0.0.0/24
PersistentKeepalive = 25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment