Hi, All: I just upgraded the vpp from 21.10 branch to 22.02 rc5, and found that the wireguard was break: the wg interface could not ping each other. (This is ok on 21.10 branch)
1) vpp on ubuntu 20,04 public ip <-------> ubuntu 20.04 client (behind nat). The two wg0 interfaces could not ping through on 22.02 rc. 2) Also, this wireguard plugin lacks the feature as linux implementation that the peer could be specified without the endpoint ip. In my case, the vpp as wireguard "server", the clients always behind nat. So after the client init the connection, the server should auto fill the client endpoint instead of have to found the client public ip beforehind. This is true on the linux implementation, but not here. I think this feature is a must since client's endpoint could be changed pretty easily, but the wg address and cert key will not.) I am wondering if this is on the plate or not? P.S. The configuration for testing case 1 above. ping 10.0.0.1 from the client will fail for 22.02 rc branch. The vpp config: set interface state GigabitEthernet5/0/0 up set interface ip address GigabitEthernet5/0/0 76.196.80.236/29 set interface state GigabitEthernet5/0/1 up set interface ip address GigabitEthernet5/0/1 192.168.211.200/24 wireguard create listen-port 51820 private-key xxxx src 76.196.80.236 set interface state wg0 up set interface ip address wg0 10.0.0.1/24 wireguard peer add wg0 public-key yyyy endpoint 76.196.80.233 allowed-ip 10.0.0.2/32 port 51820 persistent-keepalive 25 The linux wireguard config wg0.conf [Interface] Address = 10.0.0.2/24 ListenPort = 51820 PrivateKey = xxxxxxxxxxxx MTU = 1280 [Peer] PublicKey = y6KfnURjOviTu2SYtI9AK8PWQt40OZybnicTyDfyd2w= AllowedIPs = 10.0.0.0/24, 192.168.230.0/24 PersistentKeepalive = 50 Endpoint = 76.196.80.236:51820
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#20800): https://lists.fd.io/g/vpp-dev/message/20800 Mute This Topic: https://lists.fd.io/mt/88754149/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
