net-2-host configuration
Mail Mail
snakker at mail.com
Sat Aug 5 18:04:06 CEST 2017
Hi,
Trying to wrap my head around how this is supposed to work, more used to tinc/softether.
I got the follow network setup (https://pastebin.com/kjn0GRzM):
+-------------------+ +--------------------+
| Internal Server 1 | | Main FW Site A |
| VLAN 101 | | |
| 10.90.1.10/24 | | Eth0 = Ext Pub IP |-\ +---------------------+
| |\ | VLAN 100 | -\ | Remote Site B |
+-------------------+ -\ | | --| Eth0 = Ext Pub IP |
-\| Eth1 = Internal IP | | |
- VLAN 101 | | wg0 |
+-------------------+ -/| 10.90.1.2/24 | | 10.90.1.100/24 |
| Internal Server 2 | -/ | | | |
- VLAN 101 |/ | wg0 | +---------------------+
| 10.90.1.11/24 | | 10.90.1.1/24 |
| | | |
+-------------------+ +--------------------+
Say I have a Site A, that has two or more internal servers only on VLAN 101 / 10.90.1.0/24, that are connected to the FW in Site A on a physical interface (eth1).
Site B needs to be able to access the internal servers in Site A, so i created wg0 with wireguard between the two sites, they can both see each other / 10.90.1.100 can ping 10.90.1.1 and the other way around just fine, but how do i get access to internal servers in Site A, that are connected to the FW at Site A, if i add the 10.90.1.2 ip to eth1 in the FW at Site A, wireguard refuses to come up:
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip address add 10.90.1.1/24 dev wg0
[#] ip link set mtu 1420 dev wg0
[#] ip link set wg0 up
[#] ip route add 10.90.1.0/24 dev wg0
RTNETLINK answers: File exists
[#] ip link delete dev wg0
Then i tried just bridging wg0 and eth1, but that doesn't work either:
brctl addif br0 eth1 wg0
can't add wg0 to bridge br0: Invalid argument
If eth1 and wg0 could just coexist, I could probably fix it with some static routes, but when they can't I'm a bit lost.
I'm probably missing something obvious, but I have stared myself blind on this, any pointers or help would be very appreciated :)
More information about the WireGuard
mailing list