> On 29 May 2024, at 18:50, Hrvoje Popovski <hrv...@srce.hr> wrote: > > On 29.5.2024. 12:48, Radek wrote: >> Thank you, that explains everything. >> Does wireguard support replication? Will it work properly in my CARP setup? >> > > Hi, > > I have wg listen on carp interface for redundancy and it's working > without admins or clients needs to do anything when primary carp > firewall shuts down or even reboot. People will notice something > happened but wg vpn would start to work after cca 20 seconds. >
He wants replication. This means both wireguard "servers" know the client state. No client reconnection at failure, no delay, seamless migration from failed node to the backup. Something like sasyncd(8), but for npppd(8) or wg(4). > root@pc-hrvoje:~# ping 10.2.0.1 > PING 10.2.0.1 (10.2.0.1) 56(84) bytes of data. > 64 bytes from 10.2.0.1: icmp_seq=1 ttl=254 time=1.46 ms > 64 bytes from 10.2.0.1: icmp_seq=2 ttl=254 time=1.48 ms > 64 bytes from 10.2.0.1: icmp_seq=3 ttl=254 time=2.24 ms > 64 bytes from 10.2.0.1: icmp_seq=4 ttl=254 time=8.62 ms > 64 bytes from 10.2.0.1: icmp_seq=5 ttl=254 time=1.33 ms > 64 bytes from 10.2.0.1: icmp_seq=6 ttl=254 time=2.03 ms > 64 bytes from 10.2.0.1: icmp_seq=7 ttl=254 time=5.79 ms > 64 bytes from 10.2.0.1: icmp_seq=8 ttl=254 time=7.35 ms > 64 bytes from 10.2.0.1: icmp_seq=9 ttl=254 time=2.05 ms > 64 bytes from 10.2.0.1: icmp_seq=10 ttl=254 time=1.50 ms > 64 bytes from 10.2.0.1: icmp_seq=11 ttl=254 time=2.34 ms > 64 bytes from 10.2.0.1: icmp_seq=12 ttl=254 time=2.55 ms > 64 bytes from 10.2.0.1: icmp_seq=28 ttl=254 time=7.69 ms > 64 bytes from 10.2.0.1: icmp_seq=29 ttl=254 time=1.32 ms > 64 bytes from 10.2.0.1: icmp_seq=30 ttl=254 time=3.37 ms > 64 bytes from 10.2.0.1: icmp_seq=31 ttl=254 time=6.52 ms > 64 bytes from 10.2.0.1: icmp_seq=32 ttl=254 time=11.0 ms > 64 bytes from 10.2.0.1: icmp_seq=33 ttl=254 time=1.88 ms > ^C > > > why not use iked as vpn solution ? i'm not sure but i think that iked is > working with sasyncd ... >
