Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    add wireguard bgp route mode

    WireGuard
    3
    8
    369
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • yon 0
      yon 0 last edited by

      i want to use wireguard creat p2p vpn for run bgp router. so this need supported. need add Table = off and set static route.

      like:

      link text

      link text

      link text

      1 Reply Last reply Reply Quote 0
      • stephenw10
        stephenw10 Netgate Administrator last edited by

        As far as I know we don't use wg-quick. Until recently it didn't add routes at all, or a gateway.

        Since it now only adds routes to the local interface IP they would not conflict. At that level at least.

        What problem are you actually seeing here?

        Steve

        yon 0 1 Reply Last reply Reply Quote 0
        • yon 0
          yon 0 @stephenw10 last edited by yon 0

          @stephenw10 said in add wireguard bgp route mode:

          As far as I know we don't use wg-quick. Until recently it didn't add routes at all, or a gateway.

          Since it now only adds routes to the local interface IP they would not conflict. At that level at least.

          What problem are you actually seeing here?

          Steve

          p2p mode. use AllowedIPs = 0.0.0.0/0 or AllowedIPs = ::/0 but it isn't add system route. so it is use bgp for route.

          a common pattern for DN42 tunnels is to use AllowedIPs = 0.0.0.0/0 or AllowedIPs = ::/0 then use firewall rules to limit source and destination addresses. If you do not add 'Table = off' this could cause you to route clearnet traffic via your peer and potentially lose connectivity to your node!
          

          Should add a P2P mode option eg: for ipv4 i am need use proxy mode, but ipv6 use p2p+bgp mode. so i have ipv6 space.

          stephenw10 1 Reply Last reply Reply Quote 0
          • stephenw10
            stephenw10 Netgate Administrator @yon 0 last edited by

            Have you actually tried this?

            As far as I can see that is already the default behaviour. A default route is not added is you have 0/0 as allowed-ips.

            Steve

            yon 0 1 Reply Last reply Reply Quote 0
            • yon 0
              yon 0 @stephenw10 last edited by

              @stephenw10

              i had try it. when setup allow =0.0.0.0/0,2000::/3 then system all route via wg0.

              1 Reply Last reply Reply Quote 0
              • jimp
                jimp Rebel Alliance Developer Netgate last edited by

                This works fine without changing anything.

                If you have only one peer per tunnel, leave Allowed IPs empty. WireGuard behaves as if it's set to route anything that reaches the WireGuard interface, and no routes are added to the OS routing table. BGP can setup its own routes.

                yon 0 1 Reply Last reply Reply Quote 0
                • yon 0
                  yon 0 @jimp last edited by yon 0

                  It is found that the interface will be confused.

                  i config two wg tunnel, when i deleted wg0 tunnel, then update wg1 tunnel data, it will auto change interface name to wg0.
                  the route gateway will use old deleted wg0 data for wg1.

                  and i had deleted wg0 name still show interface list.

                  Can we choose to configure the interface name?

                  1.png

                  and i had deleted wg tunnel and interface, but use ifconfig command still show all old wg0 wg1 .. in interface.

                  yon 0 1 Reply Last reply Reply Quote 0
                  • yon 0
                    yon 0 @yon 0 last edited by

                    wg interface config ipv4 and ipv6 address,
                    eg: 10.0.0.102/32, 2a0d:2400:12:c::102/128
                    but the interface only has ipv4.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post

                    Products

                    • Platform Overview
                    • TNSR
                    • pfSense
                    • Appliances

                    Services

                    • Training
                    • Professional Services

                    Support

                    • Subscription Plans
                    • Contact Support
                    • Product Lifecycle
                    • Documentation

                    News

                    • Media Coverage
                    • Press
                    • Events

                    Resources

                    • Blog
                    • FAQ
                    • Find a Partner
                    • Resource Library
                    • Security Information

                    Company

                    • About Us
                    • Careers
                    • Partners
                    • Contact Us
                    • Legal
                    Our Mission

                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                    Subscribe to our Newsletter

                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                    © 2021 Rubicon Communications, LLC | Privacy Policy