On 29.5.2024. 12:48, Radek wrote: > Thank you, that explains everything. > Does wireguard support replication? Will it work properly in my CARP setup? >
Hi, I have wg listen on carp interface for redundancy and it's working without admins or clients needs to do anything when primary carp firewall shuts down or even reboot. People will notice something happened but wg vpn would start to work after cca 20 seconds. root@pc-hrvoje:~# ping 10.2.0.1 PING 10.2.0.1 (10.2.0.1) 56(84) bytes of data. 64 bytes from 10.2.0.1: icmp_seq=1 ttl=254 time=1.46 ms 64 bytes from 10.2.0.1: icmp_seq=2 ttl=254 time=1.48 ms 64 bytes from 10.2.0.1: icmp_seq=3 ttl=254 time=2.24 ms 64 bytes from 10.2.0.1: icmp_seq=4 ttl=254 time=8.62 ms 64 bytes from 10.2.0.1: icmp_seq=5 ttl=254 time=1.33 ms 64 bytes from 10.2.0.1: icmp_seq=6 ttl=254 time=2.03 ms 64 bytes from 10.2.0.1: icmp_seq=7 ttl=254 time=5.79 ms 64 bytes from 10.2.0.1: icmp_seq=8 ttl=254 time=7.35 ms 64 bytes from 10.2.0.1: icmp_seq=9 ttl=254 time=2.05 ms 64 bytes from 10.2.0.1: icmp_seq=10 ttl=254 time=1.50 ms 64 bytes from 10.2.0.1: icmp_seq=11 ttl=254 time=2.34 ms 64 bytes from 10.2.0.1: icmp_seq=12 ttl=254 time=2.55 ms 64 bytes from 10.2.0.1: icmp_seq=28 ttl=254 time=7.69 ms 64 bytes from 10.2.0.1: icmp_seq=29 ttl=254 time=1.32 ms 64 bytes from 10.2.0.1: icmp_seq=30 ttl=254 time=3.37 ms 64 bytes from 10.2.0.1: icmp_seq=31 ttl=254 time=6.52 ms 64 bytes from 10.2.0.1: icmp_seq=32 ttl=254 time=11.0 ms 64 bytes from 10.2.0.1: icmp_seq=33 ttl=254 time=1.88 ms ^C why not use iked as vpn solution ? i'm not sure but i think that iked is working with sasyncd ...
