On 08/05/2021 17:31, lejeczek wrote:
Hi guys.
I'm experiencing a pretty weird wireguard, or perhaps
kernel/OS stack bits behavior.
I have three nodes which all can ping each other on wg0's
IPs but when I add a secondary IP:
-> $ ip addr add 10.0.0.226/24 dev wg0
it gets weird, namely, say when that sec IP is on
A -> B ping returns; C ping waits, no errors, no return
B -> both C & A pings return
C -> neither A nor B ping returns
I'm on CentOS with 4.18.0-301.1.el8.x86_64.
All three nodes are virtually identical kvm VMs.
any suggestions as to what is not working here or how to
troubleshoot are vey appreciated.
many thanks, L.
What I've just noticed for the first time is, config eg.:
..
[Peer]
..
AllowedIPs = 10.0.0.2/32, 10.0.0.226/32
Endpoint = 10.1.1.224:51852
[Peer]
..
AllowedIPs = 10.0.0.3/32, 10.0.0.226/32
Endpoint = 10.1.1.225:51853
> $ wg
interface: wg0
public key: c+gJArxYd8+=
private key: (hidden)
listening port: 51851
peer: K/=
preshared key: (hidden)
endpoint: 10.1.1.225:51853
allowed ips: 10.0.0.3/32, 10.0.0.226/32
latest handshake: 16 seconds ago
transfer: 124 B received, 2.14 KiB sent
peer: /KidNfhqgP/+c3A=
preshared key: (hidden)
endpoint: 10.1.1.224:51852
allowed ips: 10.0.0.2/32 # !! no
10.0.0.226/32 ?
latest handshake: 3 minutes, 15 seconds ago
transfer: 180 B received, 92 B sent
That is probably why only 10.0.0.3 with secondary IP is
"reachable". Right?
If that is by design and expected - why is that and how to
make a "floating" IP work if that is by design?
thanks, L.