linux: bridging/bonding not possible

linux: bridging/bonding not possible

[uxDWzco-wg]

hi.

as I understand, linux needs the ability to change hardware-addresses on
netdevs to put them into a bridge or bond, but wireguard-netdevs on
linux don't support hw-addresses at all (at least in kernel 5.10).

is it possible (or even planned) to add hw-addresses to the
wireguard-netdevs or does this interfere with the concept of wireguard?

regards

j.

Re: linux: bridging/bonding not possible

[Benda Xu]

Hi uxDWzco,

uxDWzco-wg@moenia.de writes:

> as I understand, linux needs the ability to change hardware-addresses
> on netdevs to put them into a bridge or bond, but wireguard-netdevs on
> linux don't support hw-addresses at all (at least in kernel 5.10).
>
> is it possible (or even planned) to add hw-addresses to the
> wireguard-netdevs or does this interfere with the concept of
> wireguard?

Bridging is an layer 2 network concept. But wireguard is a layer 3
connection.

For more information on OSI layer model, refer to,

  https://en.wikipedia.org/wiki/OSI_model

Cheers,
Benda

Re: linux: bridging/bonding not possible

[Roman Mamedov]

On Thu, 14 Oct 2021 04:45:32 +0200
uxDWzco-wg@moenia.de wrote:

> as I understand, linux needs the ability to change hardware-addresses on
> netdevs to put them into a bridge or bond, but wireguard-netdevs on
> linux don't support hw-addresses at all (at least in kernel 5.10).
> 
> is it possible (or even planned) to add hw-addresses to the
> wireguard-netdevs or does this interfere with the concept of wireguard?

Hello,

It is not a matter of hw-addresses;

Wireguard is L3 interface, transferring IPv4 and IPv6 packets.

For bridging you would need an L2 interface, which transfers Ethernet frames.

It is possible to do a bridge with WG, by using an L2-over-L3 tunnel such as
VXLAN or GRETAP over WG, and bridging that. Of course this leads to additional
overhead and MTU reduction.

If you would prefer to have an L2 VPN directly, there are other solutions such
as Tinc and OpenVPN.

-- 
With respect,
Roman

Re: linux: bridging/bonding not possible

[wireguard]

Hi,

 >> is it possible (or even planned) to add hw-addresses to the
 >> wireguard-netdevs or does this interfere with the concept of wireguard?

I hope I say nothing wrong, but its not (directly) possible and probably 
not plant.

Wireguard is a so called Layer-3 VPN, bridging is a Layer-2 thing. So it 
will no work together.
But you could use an (un)secure Layer-2-VPN (like L2TP) and transport it 
through wireguard. (similar to the often used L2TP over IPsec).
You could also take a look to softether vpn 
(https://www.softether.org/), which also includes a Layer-2 VPN. But I 
have no clue about the security quality.