Hi Group I would like to bring this up again as I have begun development of a transit switch for my customers (using Astlinux). The architecture will be both a primary and secondary server for the transit switch with regular synchronisation from Primary to Secondary. Both will have trunks to my upstream SIP provider with active/active redundancy. All customer Astlinux boxes will connect via Wireguard VPN as a client to 3 servers being Primary Transit, Secondary Transit and a Management server (I would rather not manage through the Transit servers). The customer Astlinux box could also be a VPN server for other satellite sites and user Remote Peers. Should this config work?
-- Management Server -- gui.wireguard.conf: WIREGUARD_IP="172.29.200.254" WIREGUARD_NM="255.255.255.0" wg0.peer: [Peer] # Peer 1 PublicKey = ### AllowedIPs = 172.29.200.1/32 [Peer] # Peer 2 PublicKey = ### AllowedIPs = 172.29.200.2/32 ........> [Peer] # Peer 200 PublicKey = ### AllowedIPs = 172.29.200.200/32 -- Primary Server -- gui.wireguard.conf: WIREGUARD_IP="172.29.201.254" WIREGUARD_NM="255.255.255.0" wg0.peer: [Peer] # Peer 1 PublicKey = ### AllowedIPs = 172.29.201.1/32 [Peer] # Peer 2 PublicKey = ### AllowedIPs = 172.29.201.2/32 ........> [Peer] # Peer 200 PublicKey = ### AllowedIPs = 172.29.201.200/32 -- Secondary Server -- gui.wireguard.conf: WIREGUARD_IP="172.29.202.254" WIREGUARD_NM="255.255.255.0" wg0.peer: [Peer] # Peer 1 PublicKey = ### AllowedIPs = 172.29.202.1/32 [Peer] # Peer 2 PublicKey = ### AllowedIPs = 172.29.202.2/32. ........> [Peer] # Peer 200 PublicKey = ### AllowedIPs = 172.29.202.200/32 -- Client -- gui.wireguard.conf: # This range is used for peers to us that we are a server e.g. satellite sites and users WIREGUARD_IP="172.29.253.1" WIREGUARD_NM="255.255.255.0" rc.elocal: # Add Secondary IP Addresses to wg0 ip addr add 172.29.200.1/24 dev wg0 ip addr add 172.29.201.1/24 dev wg0 ip addr add 172.29.202.1/24 dev wg0 wg0.peer: [Peer] # Management Server PublicKey = ### Endpoint = management01.ipcaccess.net AllowedIPs = 172.29.200.254/32 PersistentKeepalive = 25 [Peer] # Primary Server PublicKey = ### Endpoint = primary01.ipcaccess.net AllowedIPs = 172.29.201.254/32 # No keepalive required as SIP Options ping will keep it up [Peer] # Secondary Server PublicKey = ### Endpoint = secondary01.ipcaccess.net AllowedIPs = 172.29.202.254/32 # No keepalive required as SIP Options ping will keep it up [Peer] # Another Astlinux box peering to us PublicKey = ### AllowedIPs = 172.29.253.2/32,<other accessible routes at the satellite site> # No keepalive required as SIP Options ping will keep it up -- Can anyone see problems with this configuration? Regards Michael Knill From: David Kerr <da...@kerr.net> Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> Date: Tuesday, 1 January 2019 at 6:21 pm To: AstLinux List <astlinux-users@lists.sourceforge.net> Subject: Re: [Astlinux-users] Multiple wg interfaces Michael, A single wg interface can have multiple IP addresses. They can be different subnets too. You will have to manually edit the config files. David. On Tue, Jan 1, 2019 at 6:37 AM Michael Knill <michael.kn...@ipcsolutions.com.au<mailto:michael.kn...@ipcsolutions.com.au>> wrote: Hi group Here is my scenario. I have primary and backup Wireguard VPN Peers that multiple Astlinux boxes will be connecting to. I assume that I will need different wgx interfaces for this as I cant have the same IP Address. If so, just wondering how to set this up in Astlinux? Regards Michael Knill _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net<mailto:Astlinux-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org<mailto:pay...@krisk.org>. -- David Kerr Sent from Gmail Mobile
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
