OSPF wireguard fallback
Toke Høiland-Jørgensen
toke at toke.dk
Thu May 3 15:51:11 CEST 2018
chrono <chrono at open-resource.org> writes:
>> [ ... ]
>>
>> just to be sure that not wireguard is the problem here, how looks your
>> AllowedIPs within the wireguard config?
>>
>> Maybe it does not allow traffic of the routers?
>
> That may be so, currently I only have each opposite site in there
>
> AllowedIPs = 172.23.3.1/32 (on 172.23.3.2)
> AllowedIPs = 172.23.3.2/32 (on 172.23.3.1)
>
> During my prior tests it started to try to route
> everything down via wg0 when I tried to add
> 192.168.148.0/24 or 192.168.184.0/24 as soon
> as the tunnel got up.
>
> How should wg config be set up for this, so that it
> doesn't interfere with BIRD routing?
> I've tried to find any working example with
> BIRD and WG on the net but there was nothing really :/
You need to set AllowedIPs to 0.0.0.0/0 on both sides. That way
wireguard will pass all traffic through (that only works for p2p links
with only two peers, obviously). In your current setup, wireguard won't
pass the OSPF multicast traffic, so you will see no neighbour
associations. And even if you did, bird doesn't know how to amend
AllowedIPs for wireguard, so it won't work.
However, with the p2p config and 0.0.0.0/0 in AllowedIPs things should
work.
There is a Wireguard GSOC project to add AllowedIP awareness to Bird,
BTW, so in the future things may be easier :)
-Toke
More information about the Bird-users
mailing list