OSPF wireguard fallback
Toke Høiland-Jørgensen
toke at toke.dk
Thu May 3 16:27:47 CEST 2018
chrono <chrono at open-resource.org> writes:
>> You need to set AllowedIPs to 0.0.0.0/0 on both sides. That way
>> wireguard will pass all traffic through (that only works for p2p links
>> with only two peers, obviously). In your current setup, wireguard won't
>> pass the OSPF multicast traffic, so you will see no neighbour
>> associations. And even if you did, bird doesn't know how to amend
>> AllowedIPs for wireguard, so it won't work.
>>
>> However, with the p2p config and 0.0.0.0/0 in AllowedIPs things should
>> work.
>
> Toke, thanks for the details, weird things are happening with 0.0.0.0/0
>
> DC1 (CentOS Linux release 7.4.1708 (Core))
>
> $ wg-quick up wg0
> [#] ip link add wg0 type wireguard
> [#] wg setconf wg0 /dev/fd/63
> [#] ip address add 172.23.3.2/29 dev wg0
> [#] ip link set mtu 1420 dev wg0
> [#] ip link set wg0 up
> [#] wg set wg0 fwmark 51820
> [#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
> [#] ip -4 rule add not fwmark 51820 table 51820
> [#] ip -4 rule add table main suppress_prefixlength 0
> Error: argument "suppress_prefixlength" is wrong: Failed to parse rule
> type
> [#] ip -4 rule delete table 51820
> [#] ip link delete dev wg0
>
> wg0 simply not coming up
Ah, this is because wg-quick tries to also set a kernel route for
0.0.0.0/0 over the interface. That is not what you want here. I think
you may have to stop using wg-quick for this setup, and set up the
wireguard interface in a different way... You can remove the options
that the normal wg binary doesn't understand from the config file (DNS
and IP address configuration, mainly), and set it up with that, then
configure the IP addresses manually (or with a script). Alternatively,
you can use systemd to setup the whole thing...
-Toke
More information about the Bird-users
mailing list