From: lejeczek <peljasz@yahoo.co.uk>
Cc: wireguard@lists.zx2c4.com
Subject: Re: secondary IP on wg0 fails
Date: Sat, 8 May 2021 19:49:06 +0100 [thread overview]
Message-ID: <eb229853-cc10-88bd-06bb-82bbab73cfe1@yahoo.co.uk> (raw)
In-Reply-To: <20210508215039.31f32aae@natsu>
On 08/05/2021 17:50, Roman Mamedov wrote:
> On Sat, 8 May 2021 17:31:58 +0100
> lejeczek <peljasz@yahoo.co.uk> wrote:
>
>> I'm experiencing a pretty weird wireguard, or perhaps
>> kernel/OS stack bits behavior.
>>
>> I have three nodes which all can ping each other on wg0's
>> IPs but when I add a secondary IP:
>>
>> -> $ ip addr add 10.0.0.226/24 dev wg0
>>
>> it gets weird, namely, say when that sec IP is on
>> A -> B ping returns; C ping waits, no errors, no return
>> B -> both C & A pings return
>> C -> neither A nor B ping returns
>>
>> I'm on CentOS with 4.18.0-301.1.el8.x86_64.
>> All three nodes are virtually identical kvm VMs.
>>
>> any suggestions as to what is not working here or how to
>> troubleshoot are vey appreciated.
>> many thanks, L.
> Did you add the new IP to AllowedIPs of that node on all the other nodes?
>
> Also remember that sets of AllowedIPs should be unique within the network,
> i.e. can't have the same AllowedIPs or ranges listed for multiple nodes at the
> same time. Setting it to the same /24 on all nodes will not work.
>
> If still not clear, better post your complete config (without keys).
>
It's the same single subnet 10.0.0.0/24 and to reiterate -
wg0's "primary" IPs can all ping each other.
All nodes have, respectively:
eg. node-B
[peer]
...
AllowedIPs = 10.0.0.1/32, 10.0.0.226/32
Endpoint = 10.1.1.223:51851
[peer]
...
AllowedIPs = 10.0.0.3/32, 10.0.0.226/32
Endpoint = 10.1.1.225:51853
next prev parent reply other threads:[~2021-05-08 18:49 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <204f6e7b-d594-c2c0-5242-1643055065c3.ref@yahoo.co.uk>
2021-05-08 16:31 ` lejeczek
2021-05-08 16:50 ` Roman Mamedov
2021-05-08 18:49 ` lejeczek [this message]
2021-05-09 7:52 ` Roman Mamedov
2021-05-09 6:17 ` lejeczek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=eb229853-cc10-88bd-06bb-82bbab73cfe1@yahoo.co.uk \
--to=peljasz@yahoo.co.uk \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).