On 2018-05-03 15:37, chrono wrote:
$ wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip address add 172.23.3.2/29 dev wg0
[#] ip link set mtu 1420 dev wg0
[#] ip link set wg0 up
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#]
$ wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip address add 172.23.3.2/29 dev wg0
[#] ip link set mtu 1420 dev wg0
[#] ip link set wg0 up
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 tabl
chrono writes:
>> You need to set AllowedIPs to 0.0.0.0/0 on both sides. That way
>> wireguard will pass all traffic through (that only works for p2p links
>> with only two peers, obviously). In your current setup, wireguard won't
>> pass the OSPF multicast traffic, so you will see no neighbour
>
That may also indicate AllowedIP issue, if I'm not mistaken?
Yes, that seems like a wireguard issue. Perhaps wireguard has problems
with multicast dst because it does not know which key to use? Just
guessing, i do not know wireguard.
Possible workaround would be to configure OSPF on that iface
You need to set AllowedIPs to 0.0.0.0/0 on both sides. That way
wireguard will pass all traffic through (that only works for p2p links
with only two peers, obviously). In your current setup, wireguard won't
pass the OSPF multicast traffic, so you will see no neighbour
associations. And even if you
On Thu, May 03, 2018 at 01:39:31PM +, chrono wrote:
> > Also i saw that your config files do not have 'log' option, so you have
> > no logging. You should enable logging and see if there are no error
> > messages.
>
> Ah, interesting:
>
> 2018-05-03 15:37:32 MyOSPF: HELLO packet sent via wg0
chrono writes:
>> [ ... ]
>>
>> just to be sure that not wireguard is the problem here, how looks your
>> AllowedIPs within the wireguard config?
>>
>> Maybe it does not allow traffic of the routers?
>
> That may be so, currently I only have each opposite site in there
>
> AllowedIPs = 172.23.3
Also i saw that your config files do not have 'log' option, so you have
no logging. You should enable logging and see if there are no error
messages.
Ah, interesting:
2018-05-03 15:37:32 MyOSPF: HELLO packet sent via wg0
2018-05-03 15:37:32 MyOSPF: Socket error on wg0: Required key not
avail
PtP should be correct, but it is possible that as wireguard is a new
thing,
it has broken multicast handling. Generally, PtP tunnels should have no
problems to use multicast - just send everything to the other side.
But as the tcpdump on one side shows periodic hellos from both sides,
then it is
[ ... ]
just to be sure that not wireguard is the problem here, how looks your
AllowedIPs within the wireguard config?
Maybe it does not allow traffic of the routers?
That may be so, currently I only have each opposite site in there
AllowedIPs = 172.23.3.1/32 (on 172.23.3.2)
AllowedIPs = 172.
On Thu, May 03, 2018 at 12:43:23PM +, chrono wrote:
> Hi Ondrej,
>
> thanks for the quick reply.
>
> > > What makes me wonder is why wg0 is coming up as stubnet here,
> > > while the MPLS links come up as network (stubnet 172.23.3.0/29
> > > metric 10)
> > > and 172.23.3.0/29 (wg0 net) not be
chrono writes:
> Hi Ondrej,
>
> thanks for the quick reply.
>
>>> What makes me wonder is why wg0 is coming up as stubnet here,
>>> while the MPLS links come up as network (stubnet 172.23.3.0/29 metric
>>> 10)
>>> and 172.23.3.0/29 (wg0 net) not being listed.
>
>> You don't see 172.23.3.0/29 as
On Thu, May 03, 2018 at 02:54:41PM +0200, Ondrej Zajicek wrote:
> On Thu, May 03, 2018 at 08:47:31AM +, chrono wrote:
> > Ahoy all,
> >
> > I'm struggling a little to set wireguard as a fallback link
> > in conjunction with two MPLS links. In my tests BIRD would
> > not route traffic through w
On Thu, May 03, 2018 at 08:47:31AM +, chrono wrote:
> Ahoy all,
>
> I'm struggling a little to set wireguard as a fallback link
> in conjunction with two MPLS links. In my tests BIRD would
> not route traffic through wg0 when I took the other two
> interfaces down. The setup is rather simple,
Hi,
On Thu, May 03, 2018 at 08:47:31AM +, chrono wrote:
> Ahoy all,
>
> I'm struggling a little to set wireguard as a fallback link
> in conjunction with two MPLS links. In my tests BIRD would
> not route traffic through wg0 when I took the other two
> interfaces down. The setup is rather s
Hi Ondrej,
thanks for the quick reply.
What makes me wonder is why wg0 is coming up as stubnet here,
while the MPLS links come up as network (stubnet 172.23.3.0/29 metric
10)
and 172.23.3.0/29 (wg0 net) not being listed.
You don't see 172.23.3.0/29 as network, because these ifaces are
conf
On Thu, May 03, 2018 at 08:47:31AM +, chrono wrote:
> Ahoy all,
>
> I'm struggling a little to set wireguard as a fallback link
> in conjunction with two MPLS links. In my tests BIRD would
> not route traffic through wg0 when I took the other two
> interfaces down. The setup is rather simple,
Ahoy all,
I'm struggling a little to set wireguard as a fallback link
in conjunction with two MPLS links. In my tests BIRD would
not route traffic through wg0 when I took the other two
interfaces down. The setup is rather simple, two DCs, each
side has a gw running BIRD.
Config DC1
ro
18 matches
Mail list logo
