Like Jason said, multiple wireguard interfaces are the way to go here. You can then set up your routing protocols on top.
On 2017-05-29 21:57, Ivan Leonardo wrote: > Hello > > Recently i have been experimenting with wireguard, and in fact the > performance in wg is better than the ipsec tunnels i have. In my ipsec > implementation i'm using vti interfaces(SAs 0.0.0.0/0) and i can select the > traffic flow with static/dynamic routing. > > Knowing that wg doesn't allow multiple tunnels with allowedip=0.0.0.0/0, i > tried to create a ipip tunnel using the wg endpoint tunnel ips. I don't have > problems with UDP/ICMP traffic, but with TCP when a host(192.168.1.110) in > lan1 tries to communicate with the ip of the ipip tunnel in server2, the > returning tcp traffic has bad tcp checksum and the packets are discarded. If > i try to send tcp packets with the source ip of the ipip tunnel of server2 to > host(192.168.1.110) in lan1 , in tcpdump in server2 i see the tcp packets, > but in the tcpdump in server1 i dont see the packets. > > Resuming, in this topology i only have problems with tcp traffic, udp and > icmp works fine. > > > I have search the web for this use case, but didn't find anyone using it, in > this topic > https://forum.freifunk.net/t/wireguard-0-0-20161230-linuxkernel-3-18-gluon-v2016-2-2/14122 > , they managed to get a gre/gretap tunnel functioning with wg. > > Does anyone have any ideia if its possible to use this topology? > > Topology: > > 172.16.17.2/30 172.16.17.1/30 > wg0(172.16.17.0/30) > Server2 <----------------------> Server1 <----> lan1 (192.168.1.0/24) > <---------------> > ipip0(172.18.0.0/30)(remote/local = wireguard tunnel endpoints) > 172.18.0.2/30 172.18.0.1/30 > > Servers specs: > > Server1/2 Ubuntu 16.04.02 (Kernel 4.4.0-78-generic) > WG version: 0.0.20170517-wg2~xenial > > > Best regards. > > > _______________________________________________ > WireGuard mailing list > [email protected] > https://lists.zx2c4.com/mailman/listinfo/wireguard _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
