Dynamic routing for wireguard tunnels
Julian Zielke
julian.zielke84 at gmail.com
Sat Jan 20 15:58:34 CET 2024
Hi,
I have an issue with two machines connected via GRE exchanging routes via OSPF.
Both server have wireguard tunnels to the same external endpoints, so a request from an endpoint may come in through tunnel 1 to server A, forwarded to wan and the reply may enter through server B and tunnel 2 back to the endpoint.
All routes are exported to a custom kernel routing table by bird2.
For example:
* Server A’s wireguard network is: 10.100.0.0/24
* GRE IP of server A is 10.0.1.1
* GRE IP of server B is 10.0.1.2
The problem I’m facing is, that bird2 respects the local interface route of server A but on server B, while the wireguard interface also having the same subnet (10.100.0.0/24), bird2 adds a route which says the nexthop for this subnet is through 10.0.1.1 (the GRE tunnel).
I only managed to solve this by excluding the wireguard subnet with an export filter. What I am expecting (or actually want) is bird respecting the local interface route on both servers and only, if a tunnel goes offline (no peer connected), changes the route through the GRE tunnel. I’m not sure, whether a part of this solution can be done solely by using bird. I know that wireguard tunnels do not have states, so post-up/post-down stuff is out of the question.
Any solutions?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20240120/31fbdbdb/attachment.htm>
More information about the Bird-users
mailing list