Ahoy all, I'm struggling a little to set wireguard as a fallback link in conjunction with two MPLS links. In my tests BIRD would not route traffic through wg0 when I took the other two interfaces down. The setup is rather simple, two DCs, each side has a gw running BIRD. ---- Config DC1 ---- router id 192.168.184.1; ### Kernel ##################################################################### protocol kernel { scan time 15; # Scan kernel routing table every 15 seconds export all; # Default is export none } ### Device Monitor ############################################################# protocol device { scan time 10; # Scan interfaces every 10 seconds } ### OSPF ####################################################################### protocol ospf MyOSPF { tick 2; ecmp yes; rfc1583compat yes; area 0.0.0.0 { # Advertise DC1 prod net stubnet 192.168.184.0/24; # MPLS1 interface interface "macsec.2335" { cost 5; ecmp weight 1; bfd yes; authentication cryptographic; password "testtesttest" { id 1; algorithm hmac sha256; }; }; # MPLS2 interface interface "macsec.2334" { cost 5; ecmp weight 1; bfd yes; authentication cryptographic; password "testtesttest" { id 2; algorithm hmac sha256; }; }; # WireGuard Fallback interface "wg0" { cost 10; bfd yes; type pointopoint; authentication cryptographic; password "testtesttest" { id 3; algorithm hmac sha256; }; }; }; }; ### BFD ######################################################################## protocol bfd PCrewBFD { # BFD on DTAG interface interface "macsec.2335" { min rx interval 20 ms; min tx interval 50 ms; idle tx interval 300 ms; }; # BFD on Console-Networks interface interface "macsec.2334" { min rx interval 20 ms; min tx interval 50 ms; idle tx interval 300 ms; }; # BFD on WireGuard interface interface "wg0" { min rx interval 200 ms; min tx interval 500 ms; idle tx interval 3000 ms; }; # WTF is multihop?? multihop { interval 200 ms; multiplier 10; }; }; ---- Config DC2 ---- router id 192.168.148.1; ### Kernel ##################################################################### protocol kernel { scan time 15; # Scan kernel routing table every 20 seconds export all; # Default is export none } ### Device Monitor ############################################################# protocol device { scan time 10; # Scan interfaces every 10 seconds } ### OSPF ####################################################################### protocol ospf MyOSPF { tick 2; ecmp yes; rfc1583compat yes; area 0.0.0.0 { # Advertise MUC prod net stubnet 192.168.148.0/24; # MPLS1 interface interface "macsec.2335" { cost 5; ecmp weight 1; bfd yes; authentication cryptographic; password "testtesttest" { id 1; algorithm hmac sha256; }; }; # MPLS2 interface interface "macsec.2334" { cost 5; ecmp weight 1; bfd yes; authentication cryptographic; password "testtesttest" { id 2; algorithm hmac sha256; }; }; # WireGuard Fallback interface "wg0" { cost 10; bfd yes; type pointopoint; authentication cryptographic; password "testtesttest" { id 3; algorithm hmac sha256; }; }; }; }; ---- BIRD states ---- bird> show route 172.23.1.0/29 dev macsec.2335 [MyOSPF 09:26:22] * I (150/5) [192.168.184.1] 172.23.2.0/29 dev macsec.2334 [MyOSPF 09:26:22] * I (150/5) [192.168.184.1] 192.168.148.0/24 multipath [MyOSPF 09:27:26] * I (150/15) [192.168.148.1] via 172.23.1.2 on macsec.2335 weight 1 via 172.23.2.2 on macsec.2334 weight 1 172.23.3.0/29 dev wg0 [MyOSPF 09:26:22] * I (150/10) [192.168.184.1] bird> show ospf state all area 0.0.0.0 router 192.168.148.1 distance 5 network 172.23.2.0/29 metric 5 network 172.23.1.0/29 metric 5 stubnet 172.23.3.0/29 metric 10 stubnet 192.168.148.0/24 metric 10 router 192.168.164.1 distance 0 network 172.23.2.0/29 metric 5 network 172.23.1.0/29 metric 5 stubnet 172.23.3.0/29 metric 10 stubnet 192.168.184.0/24 metric 10 network 172.23.1.0/29 dr 192.168.164.1 distance 5 router 192.168.184.1 router 192.168.148.1 network 172.23.2.0/29 dr 192.168.164.1 distance 5 router 192.168.184.1 router 192.168.148.1 What makes me wonder is why wg0 is coming up as stubnet here, while the MPLS links come up as network (stubnet 172.23.3.0/29 metric 10) and 172.23.3.0/29 (wg0 net) not being listed. Any hints or corrections of my config to get this to work with wireguard would be very much appreciated.