buzzmarshall has quit [Remote host closed the connection]
tsal_ has quit [Ping timeout: 256 seconds]
tsal has joined #libreelec
_abbenormal has quit [Read error: Connection reset by peer]
TomTom has joined #libreelec
RaphGro has joined #libreelec
ponyofdeath has quit [Ping timeout: 250 seconds]
_abbenormal has joined #libreelec
andy-burns has joined #libreelec
gouchi has joined #libreelec
Gittun has joined #libreelec
lacrimosa has joined #libreelec
lacrimosa has quit [Quit: Konversation terminated!]
<sopparus>
vpeter, yes curl in console from same server using https
<sopparus>
https is just as broke as webdavs, doesnt make a difference for me
<sopparus>
allthough plugins using https works
<sopparus>
ive played around with server and use everything default (nginx) no help
<sopparus>
this also happens in lan without NAT
<sopparus>
mostly libreelec hangs when I play in kodi with cable, I cant ssh to it or nothing
<sopparus>
same with odroid c2 btw
<sopparus>
no problem with x86
chewitt_ is now known as chewitt
lacrimosa has joined #libreelec
svetlemodry has joined #libreelec
Kostenko has quit [Remote host closed the connection]
lacrimosa has quit [Quit: Konversation terminated!]
andy-burns has quit [Ping timeout: 265 seconds]
Kostenko has joined #libreelec
andy-burns has joined #libreelec
RaphGro has quit [Quit: Please remember your own message. It'll be read as soon as possible.]
TomTom has quit [Quit: Connection closed for inactivity]
gavlee has quit [Excess Flood]
adhux0x0f0x3f has quit [Remote host closed the connection]
adhux0x0f0x3f has joined #libreelec
chbmb has quit [Ping timeout: 240 seconds]
TomTom has joined #libreelec
pauljw has joined #libreelec
buzzmarshall has joined #libreelec
kivutar has quit [Ping timeout: 265 seconds]
rouxdo has joined #libreelec
<rouxdo>
Hi guys, I have a problem with my wireguard configuration. I followed the instructions from the wiki. The connection works (I can see the connection with `wg` at the server and client) but ping does not work
<rouxdo>
the firewall is open
<rouxdo>
the configuration on the server works properly (verified with my notebook)
lacrimosa has joined #libreelec
<rouxdo>
if I do the set-up directly via the command line (not using connmanctl) it works..
<oblikoamorale>
any difference in routing table/interface config when it 'works' and it doesn't?
makije has quit [Ping timeout: 240 seconds]
makije has joined #libreelec
<rouxdo>
hmm.. Yes, if I do the setup by hand, the default route is not set to the wg0 interface (since I don't need this). If I use the connmanctl the default route is set to the wg0 iface
<rouxdo>
and I'm not able to change the default route by hand.. (ip r set default via xxx simply doesn't change anything)
<rouxdo>
sorry, I meant: If I remove the default route, nothing happens, and if I try to add the default route, I get `ip: RTNETLINK answers: File exists`
<oblikoamorale>
this is probably the point where you have to pastebin connman wireguard conf (censor the endpoint ip/private key)
<rouxdo>
ok I found something: If I change the default route (ip r change default via ...) to use the wireguard tunnel, the connection fails. If I change the default route to use the wlan interface, it works (both setups, e.g. by hand and connmanctl)
shibboleth has joined #libreelec
held has quit []
rouxdo has quit [Ping timeout: 265 seconds]
tuxiano_ has joined #libreelec
tuxiano has quit [Ping timeout: 265 seconds]
tuxiano_ is now known as tuxiano
chbmb has joined #libreelec
rouxdo has joined #libreelec
<chewitt>
connman is a "client" oriented network manager, and it currently assumes the client will want to route traffic down the tunnel
<chewitt>
that's the use case that both myself and the connman dev who coded support have
<chewitt>
if you want mesh network config, you might be best off creating your own tunnel setup script, and driving that from a systemd service
<chewitt>
actually.. that's not true
<chewitt>
(the routing bit)
<chewitt>
but the config in the wiki (written by me) shows "WireGuard.AllowedIPs = 0.0.0.0/0" which will result in all traffic being routed down the tunnel
<rouxdo>
Hmm.. Then why is there a "WireGuard.AllowedIPs" configuration option?
<chewitt>
it's the only config that i've tested tho :)
<rouxdo>
where do I find the connman script which uses the wireguard config?
<rouxdo>
and therefore, the "WireGuard.AllowedIPs = 0.0.0.0/0" config at least should work, am I right?
<chewitt>
"SERVER-ENDPOINT" needs to be an IP address
<rouxdo>
dns name does not work?
<rouxdo>
(like it works for wireguard)
held has joined #libreelec
aphirst has joined #libreelec
<oblikoamorale>
endpoint domain name is resolved only on interface creation by both wg and wg-quick, so it's up to you to update it if ip behind domain name changes. moreover if there's no internet on interface creation, it will fail.
<oblikoamorale>
put ip there to save you from trouble.
<chewitt>
dns name does not appear to work currently
<chewitt>
or I forget .. I need to go back on conversations in the forum
<chewitt>
test with an IP and see if that works
<oblikoamorale>
oh, okay - I was just commenting about core wg, don't know about connman
<chewitt>
"ConnMan resolves the FQDN on start of the VPN service and hands over
<chewitt>
the IP address to the wg device. The wg kernel code doesn't do any
<chewitt>
resolving."
<chewitt>
^ from the guy who wrote the connman code
<rouxdo>
I mean if I use the domain name, it "works" in the sense of: I have to change the route by hand
<chewitt>
it's all new code (in connman) and my testing has been limited to my personal use case
<rouxdo>
.... and something (I suspect connman) changes the route back to wg0 after some time...
<rouxdo>
I would like to help here (if I'm able to) :-)
<rouxdo>
I would just need to know where to look at :), like which scripts are used etc.
<chewitt>
stop connman-vpn service and restart it with -d to put it in debug mode
<chewitt>
there are no scripts
<chewitt>
there were in early iterations of support, but then connman added support, and I redid the plumbing around that
<chewitt>
^ this is an earlier iteration of support (before connman)
<chewitt>
have a look at the wg-quick script there
<oblikoamorale>
I was just about to ask why wg-quick was not included
<chewitt>
but .. if there's a bug, ping wagi in #connman
<oblikoamorale>
but decided not to since connman policy
<chewitt>
last time I looked the default wg-quick script made lots of assumptions about having full-fat binaries and didn't play nice with busybox iproute2
<chewitt>
and wouldn't run in LE anyway
<oblikoamorale>
ah figures
<oblikoamorale>
it's even more 'sophisticated' nowadays
<chewitt>
connman code for WireGuard is all new 1.0 code so there's bound to be some bugs
<oblikoamorale>
thanks for insights
<chewitt>
wagi is quite responsive, esp. right now since half his projects are in go-slow mode
<mack->
then you would need to update from 8. And as Jeroen suggested, if your media sources are clean, it would be best and very little work to just install a fresh updated version of LE.
FriskyKat has quit [Read error: Connection reset by peer]
FriskyKat has joined #libreelec
tigermann has quit [Remote host closed the connection]
tigermann has joined #libreelec
|Jeroen| has quit [Quit: dada]
lacrimosa has quit [Quit: Konversation terminated!]
gouchi has quit [Remote host closed the connection]
shibboleth has quit [Quit: shibboleth]
psymin has quit [Remote host closed the connection]
psymin has joined #libreelec
zedfreak has joined #libreelec
_abbenormal has quit [Read error: Connection reset by peer]
_abbenormal has joined #libreelec
Gittun has quit [Quit: UPP]
andy-burns has quit [Ping timeout: 256 seconds]
Tobbi has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]