wireguard.lists.zx2c4.com archive mirror
 help / color / mirror / Atom feed
From: "Toke Høiland-Jørgensen" <toke@toke.dk>
To: Svenne Krap <svenne@kracon.dk>, wireguard@lists.zx2c4.com
Subject: Re: Source IP for multihomed peer
Date: Fri, 15 Oct 2021 12:14:31 +0200	[thread overview]
Message-ID: <87ee8m1to8.fsf@toke.dk> (raw)
In-Reply-To: <d0e1773d-80d5-7676-7943-2eff8d57beaa@kracon.dk>

> 2) Is there any way to force the source ip of the connection from boxA 
> to always use address boxA1 ?

In theory this should be possible to enforce via policy routing. Just
tried this on a simple veth setup:

# ip a add dev veth0
# ip a add dev veth0
# ping -c 1
12:09:22.385888 IP > ICMP echo request, id 15, seq 1, length 64
12:09:22.385903 IP > ICMP echo reply, id 15, seq 1, length 64

# ip r add src dev veth0
# ping -c 1
12:09:53.251386 IP > ICMP echo request, id 16, seq 1, length 64
12:09:53.251403 IP > ICMP echo reply, id 16, seq 1, length 64

I think this ought to work for wireguard's source selection as well. If
you don't have a particular destination, you should be able to do
something similar based on sports with ip-rule using the wireguard
source port:

# ip rule add sport 1234 lookup 100
# ip route add table 100 default via src

That last bit I didn't test, though...


  parent reply	other threads:[~2021-10-15 10:14 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-14  8:30 Svenne Krap
2021-10-15  2:39 ` Benda Xu
2021-10-15  7:57   ` Chriztoffer Hansen
2021-10-15  8:25     ` Benda Xu
2021-10-15  8:54   ` Svenne Krap
2021-10-15 10:14 ` Toke Høiland-Jørgensen [this message]
2021-10-15 11:14   ` Chriztoffer Hansen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87ee8m1to8.fsf@toke.dk \
    --to=toke@toke.dk \
    --cc=svenne@kracon.dk \
    --cc=wireguard@lists.zx2c4.com \
    --subject='Re: Source IP for multihomed peer' \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).