Differences

This shows you the differences between two versions of the page.

--- linux:vpn:wireguard [2024/12/20 21:08] – niziak
+++ linux:vpn:wireguard [2025/09/23 08:14] (current) – niziak
@@ Line 2: / Line 2: @@
   * [[https://www.wireguard.com/netns/]]
+  * [[https://www.procustodibus.com/blog/2021/10/ha-wireguard-site-to-site/|High Availability WireGuard Site to Site]]
+===== routing =====
+  * sending: list of allowed IPs behaves as routing table
+  * receiving: list of allowed IPs behaves as ACL
+==== mesh ====
+Duplicated peer IPS (allowed IPs):
+  * not allowed
+  * technically wg is working but traffic is directed only to last connected peer ???
+The same peer IP (allowed IPs) on 2 or more wg interfaces:
+  * allowed
+  * kernel routing makes decision
+Best and clear option:
+  * P2P wg links
+  * OSPF or other dynamic routing protocol
+==== working example ====
 ''/24'' subnet routing:
@@ Line 9: / Line 31: @@
 Tested on ''star'' topology, where one peer with external IP accepts connection from others peers.
 All peers were in one ''/24'' subnet.
+NOTE: trying to ''MESH'' with ''/24'' doesn't work. When additional P2P connection between two "client" peers was added, connection to "server" peer stop working.
 ===== Setup =====
@@ Line 66: / Line 91: @@
 # activate on boot
 auto wg0
 # interface configuration
 iface wg0 inet static
@@ Line 78: / Line 104: @@
 </file>
+==== using ifupdown + wgquick ====
+Usefull when client config is generated in ''wg-quick'' format.
+<file /etc/network/interfaces.d/user-tunnel>
+# activate on boot
+auto user-tunnel
+# interface configuration
+iface user-tunnel inet static
+    address 192.168.1.24/24
+    pre-up wg-quick up $IFACE
+    post-down wg-quick down $IFACE
+</file>

Tools

menus and quick search

quick search

site status

Page Tools

meta data for this page

Differences