[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wireguard
Subject:    Re: Source IP for multihomed peer
From:       Chriztoffer Hansen <ch () ntrv ! dk>
Date:       2021-10-15 11:14:45
Message-ID: CA+cYV6vZsbkKyPGvkEF+WbJgi5KQhS46X0yvB3ExfXzr8g4i3Q () mail ! gmail ! com
[Download RAW message or body]

On Fri, 15 Oct 2021 at 12:14, Toke H=C3=B8iland-J=C3=B8rgensen <toke@toke.d=
k> wrote:
> > 2) Is there any way to force the source ip of the connection from boxA
> > to always use address boxA1 ?
>
> In theory this should be possible to enforce via policy routing. Just
> tried this on a simple veth setup:
>
> # ip a add 10.11.1.1/24 dev veth0
> # ip a add 10.11.2.1/24 dev veth0
> # ping 10.11.1.2 -c 1
> 12:09:22.385888 IP 10.11.1.1 > 10.11.1.2: ICMP echo request, id 15, seq 1=
, length 64
> 12:09:22.385903 IP 10.11.1.2 > 10.11.1.1: ICMP echo reply, id 15, seq 1, =
length 64
>
> # ip r add 10.11.1.2 src 10.11.2.1 dev veth0
> # ping 10.11.1.2 -c 1
> 12:09:53.251386 IP 10.11.2.1 > 10.11.1.2: ICMP echo request, id 16, seq 1=
, length 64
> 12:09:53.251403 IP 10.11.1.2 > 10.11.2.1: ICMP echo reply, id 16, seq 1, =
length 64
>
> I think this ought to work for wireguard's source selection as well. If
> you don't have a particular destination, you should be able to do
> something similar based on sports with ip-rule using the wireguard
> source port:
>
> # ip rule add sport 1234 lookup 100
> # ip route add table 100 default via 1.2.3.4 src 3.4.5.6
>
> That last bit I didn't test, though...

Will have to test this later.

If this works. This suggestion would be a great enhancement to wireguard-to=
ols?

[prev in list] [next in list] [prev in thread] [next in thread]