secondary IP on wg0 fails
lejeczek
peljasz at yahoo.co.uk
Sun May 9 06:17:12 UTC 2021
On 08/05/2021 17:31, lejeczek wrote:
> Hi guys.
>
> I'm experiencing a pretty weird wireguard, or perhaps
> kernel/OS stack bits behavior.
>
> I have three nodes which all can ping each other on wg0's
> IPs but when I add a secondary IP:
>
> -> $ ip addr add 10.0.0.226/24 dev wg0
>
> it gets weird, namely, say when that sec IP is on
> A -> B ping returns; C ping waits, no errors, no return
> B -> both C & A pings return
> C -> neither A nor B ping returns
>
> I'm on CentOS with 4.18.0-301.1.el8.x86_64.
> All three nodes are virtually identical kvm VMs.
>
> any suggestions as to what is not working here or how to
> troubleshoot are vey appreciated.
> many thanks, L.
>
>
>
>
What I've just noticed for the first time is, config eg.:
..
[Peer]
..
AllowedIPs = 10.0.0.2/32, 10.0.0.226/32
Endpoint = 10.1.1.224:51852
[Peer]
..
AllowedIPs = 10.0.0.3/32, 10.0.0.226/32
Endpoint = 10.1.1.225:51853
> $ wg
interface: wg0
public key: c+gJArxYd8+=
private key: (hidden)
listening port: 51851
peer: K/=
preshared key: (hidden)
endpoint: 10.1.1.225:51853
allowed ips: 10.0.0.3/32, 10.0.0.226/32
latest handshake: 16 seconds ago
transfer: 124 B received, 2.14 KiB sent
peer: /KidNfhqgP/+c3A=
preshared key: (hidden)
endpoint: 10.1.1.224:51852
allowed ips: 10.0.0.2/32 # !! no
10.0.0.226/32 ?
latest handshake: 3 minutes, 15 seconds ago
transfer: 180 B received, 92 B sent
That is probably why only 10.0.0.3 with secondary IP is
"reachable". Right?
If that is by design and expected - why is that and how to
make a "floating" IP work if that is by design?
thanks, L.
More information about the WireGuard
mailing list