On 2024-06-08, Kirill A Korinsky <kir...@korins.ky> wrote: > On Fri, 07 Jun 2024 16:25:48 +0100, > Stuart Henderson <s...@spacehopper.org> wrote: >> >> I think you'll need proxy ARP then. >> > > After a few attempts to make it works, I think I need help. > > My setup. > > Server: where em0 is uplink with routed 1.2.3.4/24 and 1.2.4.5/24 with > expected gateway 1.2.3.1 and 1.2.4.1, em0 is included into bridge0 and > 1.2.3.4/24 is configured as input point at route domain 0. > > To make things simpler each IP is associeted with it's own MAC address and > switch expects that 1.2.4.5 with 00:50:56:01:1d:40. So, I have: > > $ cat /etc/hostname.vether1 > > lladdr 00:50:56:01:1d:40 > rdomain 2 > up > !arp -s 1.2.4.5 00:50:56:01:1d:40 pub > > $ cat /etc/hostname.wg0 > rdomain 2 > wgkey ... > wgpeer ... \ > wgaip 1.2.4.5/32 \ > wgpka 25 > wgport 51820 > wgrtable 0 > up > $
rdomains will at least complicate things as you then need a way to "leak" routes between rdomains, plus I don't think you need them. I don't think the vether is doing anything useful either, and I think the separate MAC is working against you > when I run ping from client to 1.2.4.1 I see traffic on wg0 on the server, > but I can't figure out how to redirect it to vether1 and send to the switch. > > I feel that I miss some pice. I see route-to in pf.conf which probably the > missed pice but I can't figure out how to use it. I think this should be possible with the standard route table, without route-to. Essentially you need: 1. your machine to answer arp for the wg ip so other hosts will send ethernet packets to it 2. your machine to not be configured with the wg ip itself 3. route entries such that those packets end up sent out the wg interface (you may possibly need a route command with -ifp wg0) > -- > wbr, Kirill > > -- Please keep replies on the mailing list.
