meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux:vpn:wireguard [2024/12/20 18:44] niziaklinux:vpn:wireguard [2025/01/07 20:42] (current) niziak
Line 1: Line 1:
 ====== Wireguard ====== ====== Wireguard ======
 +
 +  * [[https://www.wireguard.com/netns/]]
 +  * [[https://www.procustodibus.com/blog/2021/10/ha-wireguard-site-to-site/|High Availability WireGuard Site to Site]]
 +
 +===== routing =====
 +
 +  * sending: list of allowed IPs behaves as routing table
 +  * receiving: list of allowed IPs behaves as ACL
 +
 +==== mesh ====
 +
 +Duplicated peer IPS (allowed IPs):
 +  * not allowed
 +  * technically wg is working but traffic is directed only to last connected peer ???
 +
 +The same peer IP (allowed IPs) on 2 or more wg interfaces:
 +  * allowed
 +  * kernel routing makes decision
 +
 +Best and clear option:
 +  * P2P wg links
 +  * OSPF or other dynamic routing protocol
 +
 +==== working example ====
 +
 +''/24'' subnet routing:
 +  * Kernel: traffic to ''/24'' subnet will be directed to WG interface by Kernel
 +  * WG: if routed IP is in ''AllowedIPs'' in WG, WG will accept this traffic.
 +  * WG: if routed IP belongs to one of known peers, it will route it automatically
 +Tested on ''star'' topology, where one peer with external IP accepts connection from others peers.
 +All peers were in one ''/24'' subnet.
 +
 +NOTE: trying to ''MESH'' with ''/24'' doesn't work. When additional P2P connection between two "client" peers was added, connection to "server" peer stop working.
 +
  
 ===== Setup ===== ===== Setup =====