Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WireGuard Maybe Functional With High Availability? (well sort of, possibly, maybe, not sure)

    Scheduled Pinned Locked Moved
    WireGuard
    1
    1
    325
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • planedropP
      planedrop
      last edited by

      Been doing some testing in my lab to see if I could get WG working in a HA setup, as this is something I'd personally like to use. As we all know WG has no XLMRPC sync or any other syncing between HA nodes, hopefully we do get that in the future.

      But, I setup a WG tunnel on both HA nodes with identical settings (keys and all), and then connected using the CARP VIP between the two nodes. Connection was successful as expected, WG worked and speed was great.

      But what happens when failover occurs/maintenance mode is entered? The WG connection drops, which is what I thought would happen, but in a matter of about 10 seconds (sometimes less sometimes a few more) WG reconnected, the status page on the failover node showed handshakes being successful, and pings started working again.

      However, when I tried to configure something similar with WG assigned to an actual interface, I couldn't manage to get it to work. Seems like a small limitation though as just using the default WG interface rules instead seem to work fine.

      I will do some more testing on this, possibly even in a psuedo production environment to see how quick the failover is in a non-lab scenario.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post