On 08/05/2021 17:31, lejeczek wrote:
Hi guys.

I'm experiencing a pretty weird wireguard, or perhaps kernel/OS stack bits behavior.

I have three nodes which all can ping each other on wg0's IPs but when I add a secondary IP:

-> $ ip addr add 10.0.0.226/24 dev wg0

it gets weird, namely, say when that sec IP is on
A -> B ping returns; C ping waits, no errors, no return
B -> both C & A pings return
C -> neither A nor B ping returns

I'm on CentOS with 4.18.0-301.1.el8.x86_64.
All three nodes are virtually identical kvm VMs.

any suggestions as to what is not working here or how to troubleshoot are vey appreciated.
many thanks, L.




What I've just noticed for the first time is, config eg.:
..
[Peer]
..
AllowedIPs = 10.0.0.2/32, 10.0.0.226/32
Endpoint = 10.1.1.224:51852

[Peer]
..
AllowedIPs = 10.0.0.3/32, 10.0.0.226/32
Endpoint = 10.1.1.225:51853

> $ wg
interface: wg0
  public key: c+gJArxYd8+=
  private key: (hidden)
  listening port: 51851

peer: K/=
  preshared key: (hidden)
  endpoint: 10.1.1.225:51853
  allowed ips: 10.0.0.3/32, 10.0.0.226/32
  latest handshake: 16 seconds ago
  transfer: 124 B received, 2.14 KiB sent

peer: /KidNfhqgP/+c3A=
  preshared key: (hidden)
  endpoint: 10.1.1.224:51852
  allowed ips: 10.0.0.2/32                # !! no 10.0.0.226/32 ?
  latest handshake: 3 minutes, 15 seconds ago
  transfer: 180 B received, 92 B sent

That is probably why only 10.0.0.3 with secondary IP is "reachable". Right? If that is by design and expected - why is that and how to make a "floating" IP work if that is by design?

thanks, L.

Reply via email to