secondary IP on wg0 fails
lejeczek
peljasz at yahoo.co.uk
Sat May 8 18:49:06 UTC 2021
On 08/05/2021 17:50, Roman Mamedov wrote:
> On Sat, 8 May 2021 17:31:58 +0100
> lejeczek <peljasz at yahoo.co.uk> wrote:
>
>> I'm experiencing a pretty weird wireguard, or perhaps
>> kernel/OS stack bits behavior.
>>
>> I have three nodes which all can ping each other on wg0's
>> IPs but when I add a secondary IP:
>>
>> -> $ ip addr add 10.0.0.226/24 dev wg0
>>
>> it gets weird, namely, say when that sec IP is on
>> A -> B ping returns; C ping waits, no errors, no return
>> B -> both C & A pings return
>> C -> neither A nor B ping returns
>>
>> I'm on CentOS with 4.18.0-301.1.el8.x86_64.
>> All three nodes are virtually identical kvm VMs.
>>
>> any suggestions as to what is not working here or how to
>> troubleshoot are vey appreciated.
>> many thanks, L.
> Did you add the new IP to AllowedIPs of that node on all the other nodes?
>
> Also remember that sets of AllowedIPs should be unique within the network,
> i.e. can't have the same AllowedIPs or ranges listed for multiple nodes at the
> same time. Setting it to the same /24 on all nodes will not work.
>
> If still not clear, better post your complete config (without keys).
>
It's the same single subnet 10.0.0.0/24 and to reiterate -
wg0's "primary" IPs can all ping each other.
All nodes have, respectively:
eg. node-B
[peer]
...
AllowedIPs = 10.0.0.1/32, 10.0.0.226/32
Endpoint = 10.1.1.223:51851
[peer]
...
AllowedIPs = 10.0.0.3/32, 10.0.0.226/32
Endpoint = 10.1.1.225:51853
More information about the WireGuard
mailing list