wireguard.lists.zx2c4.com archive mirror
 help / color / mirror / Atom feed
From: Roman Mamedov <rm@romanrm.net>
To: lejeczek <peljasz@yahoo.co.uk>
Cc: wireguard@lists.zx2c4.com
Subject: Re: secondary IP on wg0 fails
Date: Sat, 8 May 2021 21:50:39 +0500	[thread overview]
Message-ID: <20210508215039.31f32aae@natsu> (raw)
In-Reply-To: <204f6e7b-d594-c2c0-5242-1643055065c3@yahoo.co.uk>

On Sat, 8 May 2021 17:31:58 +0100
lejeczek <peljasz@yahoo.co.uk> wrote:

> I'm experiencing a pretty weird wireguard, or perhaps 
> kernel/OS stack bits behavior.
> 
> I have three nodes which all can ping each other on wg0's 
> IPs but when I add a secondary IP:
> 
> -> $ ip addr add 10.0.0.226/24 dev wg0
> 
> it gets weird, namely, say when that sec IP is on
> A -> B ping returns; C ping waits, no errors, no return
> B -> both C & A pings return
> C -> neither A nor B ping returns
> 
> I'm on CentOS with 4.18.0-301.1.el8.x86_64.
> All three nodes are virtually identical kvm VMs.
> 
> any suggestions as to what is not working here or how to 
> troubleshoot are vey appreciated.
> many thanks, L.

Did you add the new IP to AllowedIPs of that node on all the other nodes?

Also remember that sets of AllowedIPs should be unique within the network,
i.e. can't have the same AllowedIPs or ranges listed for multiple nodes at the
same time. Setting it to the same /24 on all nodes will not work.

If still not clear, better post your complete config (without keys).

-- 
With respect,
Roman

  reply	other threads:[~2021-05-08 16:50 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <204f6e7b-d594-c2c0-5242-1643055065c3.ref@yahoo.co.uk>
2021-05-08 16:31 ` secondary IP on wg0 fails lejeczek
2021-05-08 16:50   ` Roman Mamedov [this message]
2021-05-08 18:49     ` lejeczek
2021-05-09  7:52       ` Roman Mamedov
2021-05-09  6:17   ` lejeczek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210508215039.31f32aae@natsu \
    --to=rm@romanrm.net \
    --cc=peljasz@yahoo.co.uk \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).