Re: Policy-based routing
Hi Jason, Thanks for your input. I agree with you. But I could have the peers based on table routing and marking packets, were all the traffic (0.0.0.0/0) would be routed based on the prior conditions (tables and marking). I'm doing one interface per peer right now, but I thought it could be possible to achieve the same results with just one interface. Bruno On 04/13/2018 11:09 PM, Jason A. Donenfeld wrote: Hi Bruno, You can't set multiple peers to use 0.0.0.0/0 at the same time on the same interface. How would it be able to choose which peer to send traffic to then? Instead, if you want some kind of redundancy or bonding, you can try using multiple interfaces, and then use whatever traditional routing or load balancing tools that you ordinarily would. Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Policy-based routing
Hi Bruno, You can't set multiple peers to use 0.0.0.0/0 at the same time on the same interface. How would it be able to choose which peer to send traffic to then? Instead, if you want some kind of redundancy or bonding, you can try using multiple interfaces, and then use whatever traditional routing or load balancing tools that you ordinarily would. Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Policy-based routing
Hi, > Is it possible to achieve that with wireguard? You need to set up multiple wireguard interfaces (on different ports of course). Then you can use traditional Linux routing techniques. -- -- Matthias Urlichs ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Policy-based routing
Hello, I'm trying to set up a policy-based routing on a wireguard instance. I didn't want to call it server, because it acts more like a proxy. Let's say I have 6 peers plus this wireguard server. Peer 2 Peer 3 Peer 4 \/ \/ \/ __ | | | Wireguard "server" | | | |_| \/ \/ \/ Peer 5 Peer 6 Peer 7 Wireguard "server" Address = 10.0.0.1/24 Peers 2-7 Address = 10.0.0.2-7/24, respectively. So, what I'm trying to do is route traffic to Peer 7, for example, if it is coming from Peer 2. I can do it doing some `ip rule` and `ip route` commands. However, wireguard seems to be blocking that traffic. So, I want peers 5-7 act as gateways to the internet and I would choose it via Linux environment. Peers 5-7 would be wireguard servers that would route all traffic to the internet. So, on the wireguard instance (10.0.0.1/24, "server"), I have to set allowed IPs to peers 5-7 as "0.0.0.0/0", correct? Does wireguard accept that? On my tests it would just pick one as allowed IPs as 0.0.0.0/0 and set others to (none). Then, I couldn't reach traffic neither from nor to that others peers. On the wireguard "server" I would set allowed-IPs to peers 2-4 as 10.0.0.2/32-10.0.0.4/32 as I don't need traffic going through it, just coming from it. Is it possible to achieve that with wireguard? Thanks! ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard