Hi Jochen,
On Tue, Mar 14, 2023 at 09:28:48AM +0100, Jochen Demmer wrote:
> > What do you mean? If your AllowedIPs set is empty wireguard will just
> > act as a big useless black hole.
>
> Well there were several blog posts and texts that said running
> wireguard without a filter to IPs was a
Hi Daniel,
Am Dienstag, dem 14.03.2023 um 06:53 +0100 schrieb Daniel Gröber:
> Hi Jochen,
>
> On Mon, Mar 13, 2023 at 10:43:02PM +0100, Jochen Demmer wrote:
> > Yet I cannot communicate. Is it possible that the wireguard tunnel
> > itself doesn't have the prefix in its allowed IPs? I always
Hi Jochen,
On Mon, Mar 13, 2023 at 10:43:02PM +0100, Jochen Demmer wrote:
> Yet I cannot communicate. Is it possible that the wireguard tunnel
> itself doesn't have the prefix in its allowed IPs? I always thought
> this allowed_ips parameter is only for seting up the routing, even if
> the name
allright I figured it out.
On both sides I needed to set allowed-ips to 0.0.0.0/0 and ::/0.
Then set route_allowed_ips to 0.
This seems to work, yet it is generally recommended not to allow any in
a wireguard tunnel. I don't see another way right now thogh.
So I believe my setup is save, thank
Thank you for that detailed description.
It seems to be working. I simulate a prefix change at my home site by
adding a prefix to the redistribute:
config filter
option type "redistribute"
option ip "2a03:fe3:fe3::/48"
I then add an ip from that prefix to an interface and very
> There is one gotcha that I'd like to point out. babeld fucks with a number
> of ip sysctls which you might not expect if your routers are already setup
> as you want them. You can disable this using `skip-kernel-setup true`. Grep
> the source for skip_kernel_setup to see the sysctls it touches.
On Mon, Mar 13, 2023 at 10:51:52AM +0100, Daniel Gröber wrote:
> So that's a good start and then you just need to add filters to get the
> prefixes in:
>
> redistribute local deny
> redistribute ip fd5e:ef07:ec1a::/48 #< Site A ULA prefix
> redistribute ip 2000::/3#< Site
Hi Jochen,
On Mon, Mar 13, 2023 at 09:50:31AM +0100, Jochen Demmer wrote:
> I though I could use babeld to just fill that gap and always have a
> route to the prefix I get at home. So even when there is a disconnect
> and a new prefix, I thought babeld will just fetch it and push it over
> to
