Summary: | net/wireguard: WG don't use CARP IP as source | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Michael Muenz <m.muenz> | ||||
Component: | Individual Port(s) | Assignee: | Bernhard Froehlich <decke> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Only Me | CC: | franco, grehan, jason, kp, m.muenz, vvd | ||||
Priority: | --- | Flags: | bugzilla:
maintainer-feedback?
(decke) |
||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
Michael Muenz
2021-01-25 10:29:40 UTC
Created attachment 221902 [details]
Untested patch
From a very brief look at the WireGuard code (in kernel and ifconfig) I think that what's needed is to configure the local endpoint address (e_local in wg_endpoint in the kernel).
Ifconfig doesn't support that (yet), so that needs to be added too.
It doesn't actually look very hard to do. Here's a totally untested patch with what I think is needed. (Seriously, I've not even tried to compile this. Use at your own risk, etc, etc, rivers of fire, etc, etc)
Wow, thank you Kristof, really appreciated. Never expected a patch already. I'll test it and use as a base for discussion with wg-devs :) Dear Kristov, Sorry for coming back so late. On the same day I had a quick chat with Jason about the patch, but he was "not enthusiastic about knobs" :) I saw that pfsense guys added a patch for the kernel implementation of wireguard: https://redmine.pfsense.org/issues/11354 Maybe they will prepare the patch upstream (if not already). Again, thanks for your (super-quick) work! Best, Michael This should be fixed as part of the pfSense wg import (D28962, 95331c228a39) Let us know how it goes. I suspect this bug can now be closed as resolved? Hi Jason, sorry for the delay. I tested it with an alias on the latest -kmod version. Packets from client to server main IP are replied correctly, packets initiated to client are sent via main IP. Same to alias IP. Great job Jason! :) |