Development discussion of WireGuard
 help / color / mirror / Atom feed
* net-2-host configuration
@ 2017-08-05 16:04 Mail Mail
  2017-08-05 23:20 ` Jason A. Donenfeld
  0 siblings, 1 reply; 2+ messages in thread
From: Mail Mail @ 2017-08-05 16:04 UTC (permalink / raw)
  To: wireguard

Hi,

Trying to wrap my head around how this is supposed to work, more used to tinc/softether.

I got the follow network setup (https://pastebin.com/kjn0GRzM):

+-------------------+     +--------------------+                             
| Internal Server 1 |     | Main FW Site A     |                             
| VLAN 101          |     |                    |                             
| 10.90.1.10/24     |     | Eth0 = Ext Pub IP  |-\    +---------------------+
|                   |\    | VLAN 100           |  -\  |  Remote Site B      |
+-------------------+ -\  |                    |    --|  Eth0 = Ext Pub IP  |
                        -\| Eth1 = Internal IP |      |                     |
                          - VLAN 101           |      |  wg0                |
+-------------------+   -/| 10.90.1.2/24       |      |  10.90.1.100/24     |
| Internal Server 2 | -/  |                    |      |                     |
- VLAN 101          |/    | wg0                |      +---------------------+
| 10.90.1.11/24     |     | 10.90.1.1/24       |                             
|                   |     |                    |                             
+-------------------+     +--------------------+                             

Say I have a Site A, that has two or more internal servers only on VLAN 101 / 10.90.1.0/24, that are connected to the FW in Site A on a physical interface (eth1). 
Site B needs to be able to access the internal servers in Site A, so i created wg0 with wireguard between the two sites, they can both see each other / 10.90.1.100 can ping 10.90.1.1 and the other way around just fine, but how do i get access to internal servers in Site A, that are connected to the FW at Site A, if i add the 10.90.1.2 ip to eth1 in the FW at Site A, wireguard refuses to come up:

[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip address add 10.90.1.1/24 dev wg0
[#] ip link set mtu 1420 dev wg0
[#] ip link set wg0 up
[#] ip route add 10.90.1.0/24 dev wg0
RTNETLINK answers: File exists
[#] ip link delete dev wg0

Then i tried just bridging wg0 and eth1, but that doesn't work either:
brctl addif br0 eth1 wg0
can't add wg0 to bridge br0: Invalid argument

If eth1 and wg0 could just coexist, I could probably fix it with some static routes, but when they can't I'm a bit lost.

I'm probably missing something obvious, but I have stared myself blind on this, any pointers or help would be very appreciated :)

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: net-2-host configuration
  2017-08-05 16:04 net-2-host configuration Mail Mail
@ 2017-08-05 23:20 ` Jason A. Donenfeld
  0 siblings, 0 replies; 2+ messages in thread
From: Jason A. Donenfeld @ 2017-08-05 23:20 UTC (permalink / raw)
  To: Mail Mail; +Cc: WireGuard mailing list

In site A, put wg0 on a different subnet as eth0, and then enable
packet forwarding.

Alternatively, if you'd like to keep it on the same subnet, assign the
B peer at site A an allowed IPs inside the subnet with a /32, and then
enable proxy_arp.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-08-05 22:58 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-08-05 16:04 net-2-host configuration Mail Mail
2017-08-05 23:20 ` Jason A. Donenfeld

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).