You need to set AllowedIPs to 0.0.0.0/0 on both sides. That way
wireguard will pass all traffic through (that only works for p2p links
with only two peers, obviously). In your current setup, wireguard won't
pass the OSPF multicast traffic, so you will see no neighbour
associations. And even if you did, bird doesn't know how to amend
AllowedIPs for wireguard, so it won't work.
However, with the p2p config and 0.0.0.0/0 in AllowedIPs things should
work.
Toke, thanks for the details, weird things are happening with 0.0.0.0/0
DC1 (CentOS Linux release 7.4.1708 (Core))
$ wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip address add 172.23.3.2/29 dev wg0
[#] ip link set mtu 1420 dev wg0
[#] ip link set wg0 up
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
Error: argument "suppress_prefixlength" is wrong: Failed to parse rule
type
[#] ip -4 rule delete table 51820
[#] ip link delete dev wg0
wg0 simply not coming up
DC2 (Ubuntu 16.04.4 LTS)
$ wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip address add 172.23.3.1/29 dev wg0
[#] ip link set mtu 1420 dev wg0
[#] ip link set wg0 up
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] iptables -A FORWARD -i wg0 -j ACCEPT;
but afterwards no more traffic is going through the default gw
and all boxes behind the gw are offline.
There is a Wireguard GSOC project to add AllowedIP awareness to Bird,
BTW, so in the future things may be easier :)
Sweet, looking forward to that.
