Source IP incorrect on multi homed systems
Mikma
mikma.wg at lists.m7n.se
Sun Feb 19 09:19:39 UTC 2023
Have you tried setting the preferred src address of the route(s) to the addresses you desire?
From "man ip":
> src ADDRESS the source address to prefer when sending to the destinations covered by the route prefix.
On 19 February 2023 09:01:31 CET, Nico Schottelius <nico.schottelius at ungleich.ch> wrote:
>
>Let me rephrase the problem statement:
>
> - ping and http calls to the multi homed machine work correctly:
> I can ping 147.78.195.254 and the reply contains the same address.
> I can ping 195.141.200.73 and the reply contains the same address.
> I can curl 147.78.195.254 and the reply contains the same address.
> I can curl 195.141.200.73 and the reply contains the same address.
>
> - wireguard does NOT work because it changes the reply address:
> A packet sent to 147.78.195.254 is being replied with 195.141.200.73
>
>In general, processes reply with the IP address that was used to contact
>them and not with the outgoing interface address, which would also break
>adding IP addresses to the loopback interface.
>
>For full detail, see ip addresses [0] and routing below [1] and tests
>executed [2].
>
>I believe that this is a bug in wireguard.
More information about the WireGuard
mailing list