Tunnel traffic in VRF
Daniele Orlandi
daniele at orlandi.com
Fri Jan 24 01:03:33 CET 2020
Hello,
I'm attempting to route the WG tunnel traffic (not the inside traffic)
on a VRF.
I was able to use an ip rule + fwmark to route outgoing packets to the
proper VRF, however the incoming traffic *seems* to be rejected due to
the UDP socket not being bound to an interface in the VRF.
00:56:35.606766 IP 172.16.16.32.5180 > 45.66.80.144.5180: UDP, length 148
00:56:35.922547 IP 45.66.80.144.5180 > 172.16.16.32.5180: UDP, length 92
00:56:35.922680 IP 172.16.16.32 > 45.66.80.144: ICMP 172.16.16.32 udp
port 5180 unreachable, length 128
Is there any workaround you know of? Would you consider implementing
binding to an interface like other tunnel interfaces do?
(The infrastructure is already present by using the bind_ifindex field
of udp_port_cfg passed to udp_sock_create)
Thank you,
regards,
--
Daniele Orlandi
More information about the WireGuard
mailing list