If you are using an F5 LTM load balancer, Set a keepalive timeout on wireguard. Assign a UDP profile with a timeout greater than the wireguard keepalive Assign the Profile to the UDP VIP --John
On 16/01/2019 4:45 AM, pdub wrote: > Greetings, > > WireGuard is a really cool project! Thanks! > > With WireGuard's native roaming support, I have a question about just > how stateful/stateless the roaming is. Here's a hypothetical situation: > > Let's say WireGuard is being used to tunnel into a location and is > served behind a load balancer for high availability. If both nodes have > identical WireGuard config files at the start of WireGuard (and, for > simplicity, let's assume the configurations don't change). If one node > dies, the load balancer will automatically start sending packets to the > standby node running WireGuard (perhaps existing on the same subnet as > the other node, but with a different IP). > > In a sense, the server-side "peer" has just roamed from machine to > another, but the public/Internet IP address didn't change (because that > is assigned to the load balancer itself). Will this work with WireGuard > today? > > TIA > > _______________________________________________ > WireGuard mailing list > [email protected] > https://lists.zx2c4.com/mailman/listinfo/wireguard > _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
