Development discussion of WireGuard
 help / color / mirror / Atom feed
From: Daniele Orlandi <daniele@orlandi.com>
To: WireGuard@lists.zx2c4.com
Subject: Tunnel traffic in VRF
Date: Fri, 24 Jan 2020 01:03:33 +0100	[thread overview]
Message-ID: <9420fa01-61b9-73cb-21f4-681bf8015b7b@orlandi.com> (raw)


Hello,

I'm attempting to route the WG tunnel traffic (not the inside traffic)
on a VRF.

I was able to use an ip rule + fwmark to route outgoing packets to the
proper VRF, however the incoming traffic *seems* to be rejected due to
the UDP socket not being bound to an interface in the VRF.

00:56:35.606766 IP 172.16.16.32.5180 > 45.66.80.144.5180: UDP, length 148
00:56:35.922547 IP 45.66.80.144.5180 > 172.16.16.32.5180: UDP, length 92
00:56:35.922680 IP 172.16.16.32 > 45.66.80.144: ICMP 172.16.16.32 udp
port 5180 unreachable, length 128


Is there any workaround you know of? Would you consider implementing
binding to an interface like other tunnel interfaces do?


(The infrastructure is already present by using the bind_ifindex field
of udp_port_cfg passed to udp_sock_create)

Thank you,
regards,

-- 
  Daniele Orlandi
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

             reply	other threads:[~2020-01-24  0:04 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-01-24  0:03 Daniele Orlandi [this message]
2020-01-25  6:55 ` Steven Honson
2020-01-25  9:13   ` Toke Høiland-Jørgensen
2020-01-25 14:10   ` Daniele Orlandi
2020-01-25 16:03     ` b13253
2020-01-26 19:46     ` Serge

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=9420fa01-61b9-73cb-21f4-681bf8015b7b@orlandi.com \
    --to=daniele@orlandi.com \
    --cc=WireGuard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).