Development discussion of WireGuard
 help / color / mirror / Atom feed
* BGP over multiple wireguard vpn link
@ 2020-01-17 10:53 Roberto 007
  2020-02-07 22:20 ` Inrin
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Roberto 007 @ 2020-01-17 10:53 UTC (permalink / raw)
  To: wireguard


[-- Attachment #1.1: Type: text/plain, Size: 498 bytes --]

Hello Wireguard team,

I would like to test multiple VPN links with BGP which is for controlling
traffic.
I have no problem to make BGP over multiple links but once I tried to ping
then I found a problem because I cannot set Allowed-IPs 0.0.0.0/0 to all
the wireguard links.

My question is that this kind of configuration is not supported wireguard?

I could make it with IPSec without any issues.

If you could give us some advice, it would be greatly appreciated.

Thanks and best regards,
Miki

[-- Attachment #1.2: Type: text/html, Size: 710 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: BGP over multiple wireguard vpn link
  2020-01-17 10:53 BGP over multiple wireguard vpn link Roberto 007
@ 2020-02-07 22:20 ` Inrin
  2020-02-08  7:07 ` Mikma
  2020-02-08 10:30 ` Mike O'Connor
  2 siblings, 0 replies; 4+ messages in thread
From: Inrin @ 2020-02-07 22:20 UTC (permalink / raw)
  To: wireguard

Hello Miki,

On Fri, Jan 17, 2020 at 05:53:57PM +0700, Roberto 007 wrote:
>I would like to test multiple VPN links with BGP which is for controlling
>traffic.
>I have no problem to make BGP over multiple links but once I tried to ping
>then I found a problem because I cannot set Allowed-IPs 0.0.0.0/0 to all
>the wireguard links.
Could you elaborate on how you're configuring your WG links?
E.g. wg+iproute2, wg-quick, systemd-networkd, …

Best regards,
Inrin
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: BGP over multiple wireguard vpn link
  2020-01-17 10:53 BGP over multiple wireguard vpn link Roberto 007
  2020-02-07 22:20 ` Inrin
@ 2020-02-08  7:07 ` Mikma
  2020-02-08 10:30 ` Mike O'Connor
  2 siblings, 0 replies; 4+ messages in thread
From: Mikma @ 2020-02-08  7:07 UTC (permalink / raw)
  To: wireguard, Roberto 007



On 17 January 2020 11:53:57 CET, Roberto 007 <mikit77777@gmail.com> wrote:
>Hello Wireguard team,
>
>I would like to test multiple VPN links with BGP which is for
>controlling
>traffic.
>I have no problem to make BGP over multiple links but once I tried to
>ping
>then I found a problem because I cannot set Allowed-IPs 0.0.0.0/0 to
>all
>the wireguard links.

I guess you are using wg-quick. Add "Table = off" to stop wg-quick from adding routes, and add the static routes you need (for the addresses used by the bgp connections) in your routing daemon or somewhere else.

/Mikma
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: BGP over multiple wireguard vpn link
  2020-01-17 10:53 BGP over multiple wireguard vpn link Roberto 007
  2020-02-07 22:20 ` Inrin
  2020-02-08  7:07 ` Mikma
@ 2020-02-08 10:30 ` Mike O'Connor
  2 siblings, 0 replies; 4+ messages in thread
From: Mike O'Connor @ 2020-02-08 10:30 UTC (permalink / raw)
  To: Roberto 007, wireguard


[-- Attachment #1.1: Type: text/plain, Size: 1567 bytes --]

Hi Miki

I'm doing basically what your talking about but with OSPF.

I do not use wg-quick, instead I configure the Wireguard in the network
interface file like /etc/network/interface on all the machines.

iface wg-p2p inet static
            address xxx.xxx.xxx/xxx
            pre-up ip link add $IFACE mtu 1500 type wireguard
            pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf
            post-down ip link del $IFACE

Central machines I'll list the allowed ip addresses from the individual
peers.

On the peers I'll have an allow all like
AllowedIPs = 0.0.0.0/0, ::/0

The allow all ip's on each peer does not add a route but does allow any
traffic to be sent to the central system.

From that point you can configure any dynamic routing system you want.

Mike


On 17/1/20 9:23 pm, Roberto 007 wrote:
> Hello Wireguard team,
>
> I would like to test multiple VPN links with BGP which is for
> controlling traffic.
> I have no problem to make BGP over multiple links but once I tried to
> ping then I found a problem because I cannot set Allowed-IPs 0.0.0.0/0
> <http://0.0.0.0/0> to all the wireguard links.
>
> My question is that this kind of configuration is not supported
> wireguard? 
>
> I could make it with IPSec without any issues.
>
> If you could give us some advice, it would be greatly appreciated.
>
> Thanks and best regards,
> Miki
>
>
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard



[-- Attachment #1.2: Type: text/html, Size: 3666 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-02-08 21:29 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-17 10:53 BGP over multiple wireguard vpn link Roberto 007
2020-02-07 22:20 ` Inrin
2020-02-08  7:07 ` Mikma
2020-02-08 10:30 ` Mike O'Connor

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).