OSPF wireguard fallback
chrono
chrono at open-resource.org
Thu May 3 16:11:16 CEST 2018
> You need to set AllowedIPs to 0.0.0.0/0 on both sides. That way
> wireguard will pass all traffic through (that only works for p2p links
> with only two peers, obviously). In your current setup, wireguard won't
> pass the OSPF multicast traffic, so you will see no neighbour
> associations. And even if you did, bird doesn't know how to amend
> AllowedIPs for wireguard, so it won't work.
>
> However, with the p2p config and 0.0.0.0/0 in AllowedIPs things should
> work.
Toke, thanks for the details, weird things are happening with 0.0.0.0/0
DC1 (CentOS Linux release 7.4.1708 (Core))
$ wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip address add 172.23.3.2/29 dev wg0
[#] ip link set mtu 1420 dev wg0
[#] ip link set wg0 up
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
Error: argument "suppress_prefixlength" is wrong: Failed to parse rule
type
[#] ip -4 rule delete table 51820
[#] ip link delete dev wg0
wg0 simply not coming up
DC2 (Ubuntu 16.04.4 LTS)
$ wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip address add 172.23.3.1/29 dev wg0
[#] ip link set mtu 1420 dev wg0
[#] ip link set wg0 up
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] iptables -A FORWARD -i wg0 -j ACCEPT;
but afterwards no more traffic is going through the default gw
and all boxes behind the gw are offline.
> There is a Wireguard GSOC project to add AllowedIP awareness to Bird,
> BTW, so in the future things may be easier :)
Sweet, looking forward to that.
More information about the Bird-users
mailing list