Development discussion of WireGuard
 help / color / mirror / Atom feed
From: Justin Kilpatrick <justin@altheamesh.com>
To: wireguard@lists.zx2c4.com
Subject: [WireGuard] Nesting WireGuard tunnels
Date: Mon, 05 Feb 2018 16:00:06 -0500	[thread overview]
Message-ID: <1517864406.3150045.1260465240.2EC06D52@webmail.messagingengine.com> (raw)

I won't bore you with the details but I'm working on a project where nesting Wireguard tunnels is an attractive solution to a thorny problem. 

It looks like this. 

A <--Tunnel A on port 51821--> B <--Tunnel B on port 51820--> C 

Where A is sending packets addressed to the internal endpoint of  Tunnel B on port 51821 and B forwards them along. 

I see the correct packets come out of the Tunnel B interface at the destination, but they never seem to go into the Tunnel A endpoint on Device C. If I had to make a guess I'd say that since WireGuard is in-kernel it will never listen on devices that aren't physical nics. 

For the short term I've solved this problem by having Device C use a keepalive to Device A, which has only a single tunnel. The NAT traversal code then figures out how to navigate the nested tunnels on Device C to form a bi-directional connection.

My questions are. 

1) Is capability for nesting a feature that the community is interested in?
2) Can it be implemented in a sane way?
3) If the above two points are true, I'd appreciate some pointers about how to get started on a patch.  

-- 
  Justin Kilpatrick
  justin@altheamesh.com

             reply	other threads:[~2018-02-05 20:54 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-02-05 21:00 Justin Kilpatrick [this message]
2018-04-16 17:11 ` Jason A. Donenfeld

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1517864406.3150045.1260465240.2EC06D52@webmail.messagingengine.com \
    --to=justin@altheamesh.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).