From: "Toke Høiland-Jørgensen" <toke@toke.dk>
To: Svenne Krap <svenne@kracon.dk>, wireguard@lists.zx2c4.com
Subject: Re: Source IP for multihomed peer
Date: Fri, 15 Oct 2021 12:14:31 +0200 [thread overview]
Message-ID: <87ee8m1to8.fsf@toke.dk> (raw)
In-Reply-To: <d0e1773d-80d5-7676-7943-2eff8d57beaa@kracon.dk>
> 2) Is there any way to force the source ip of the connection from boxA
> to always use address boxA1 ?
In theory this should be possible to enforce via policy routing. Just
tried this on a simple veth setup:
# ip a add 10.11.1.1/24 dev veth0
# ip a add 10.11.2.1/24 dev veth0
# ping 10.11.1.2 -c 1
12:09:22.385888 IP 10.11.1.1 > 10.11.1.2: ICMP echo request, id 15, seq 1, length 64
12:09:22.385903 IP 10.11.1.2 > 10.11.1.1: ICMP echo reply, id 15, seq 1, length 64
# ip r add 10.11.1.2 src 10.11.2.1 dev veth0
# ping 10.11.1.2 -c 1
12:09:53.251386 IP 10.11.2.1 > 10.11.1.2: ICMP echo request, id 16, seq 1, length 64
12:09:53.251403 IP 10.11.1.2 > 10.11.2.1: ICMP echo reply, id 16, seq 1, length 64
I think this ought to work for wireguard's source selection as well. If
you don't have a particular destination, you should be able to do
something similar based on sports with ip-rule using the wireguard
source port:
# ip rule add sport 1234 lookup 100
# ip route add table 100 default via 1.2.3.4 src 3.4.5.6
That last bit I didn't test, though...
-Toke
next prev parent reply other threads:[~2021-10-15 10:14 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-14 8:30 Source IP for multihomed peer Svenne Krap
2021-10-15 2:39 ` Benda Xu
2021-10-15 7:57 ` Chriztoffer Hansen
2021-10-15 8:25 ` Benda Xu
2021-10-15 8:54 ` Svenne Krap
2021-10-15 10:14 ` Toke Høiland-Jørgensen [this message]
2021-10-15 11:14 ` Chriztoffer Hansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ee8m1to8.fsf@toke.dk \
--to=toke@toke.dk \
--cc=svenne@kracon.dk \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).