wireguard.lists.zx2c4.com archive mirror
 help / color / mirror / Atom feed
From: Chriztoffer Hansen <ch@ntrv.dk>
To: "Toke Høiland-Jørgensen" <toke@toke.dk>
Cc: Svenne Krap <svenne@kracon.dk>,
	 "WireGuard List (wireguard@lists.zx2c4.com)"
	<wireguard@lists.zx2c4.com>
Subject: Re: Source IP for multihomed peer
Date: Fri, 15 Oct 2021 13:14:45 +0200	[thread overview]
Message-ID: <CA+cYV6vZsbkKyPGvkEF+WbJgi5KQhS46X0yvB3ExfXzr8g4i3Q@mail.gmail.com> (raw)
In-Reply-To: <87ee8m1to8.fsf@toke.dk>

On Fri, 15 Oct 2021 at 12:14, Toke Høiland-Jørgensen <toke@toke.dk> wrote:
> > 2) Is there any way to force the source ip of the connection from boxA
> > to always use address boxA1 ?
>
> In theory this should be possible to enforce via policy routing. Just
> tried this on a simple veth setup:
>
> # ip a add 10.11.1.1/24 dev veth0
> # ip a add 10.11.2.1/24 dev veth0
> # ping 10.11.1.2 -c 1
> 12:09:22.385888 IP 10.11.1.1 > 10.11.1.2: ICMP echo request, id 15, seq 1, length 64
> 12:09:22.385903 IP 10.11.1.2 > 10.11.1.1: ICMP echo reply, id 15, seq 1, length 64
>
> # ip r add 10.11.1.2 src 10.11.2.1 dev veth0
> # ping 10.11.1.2 -c 1
> 12:09:53.251386 IP 10.11.2.1 > 10.11.1.2: ICMP echo request, id 16, seq 1, length 64
> 12:09:53.251403 IP 10.11.1.2 > 10.11.2.1: ICMP echo reply, id 16, seq 1, length 64
>
> I think this ought to work for wireguard's source selection as well. If
> you don't have a particular destination, you should be able to do
> something similar based on sports with ip-rule using the wireguard
> source port:
>
> # ip rule add sport 1234 lookup 100
> # ip route add table 100 default via 1.2.3.4 src 3.4.5.6
>
> That last bit I didn't test, though...

Will have to test this later.

If this works. This suggestion would be a great enhancement to wireguard-tools?


      reply	other threads:[~2021-10-15 11:16 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-14  8:30 Svenne Krap
2021-10-15  2:39 ` Benda Xu
2021-10-15  7:57   ` Chriztoffer Hansen
2021-10-15  8:25     ` Benda Xu
2021-10-15  8:54   ` Svenne Krap
2021-10-15 10:14 ` Toke Høiland-Jørgensen
2021-10-15 11:14   ` Chriztoffer Hansen [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CA+cYV6vZsbkKyPGvkEF+WbJgi5KQhS46X0yvB3ExfXzr8g4i3Q@mail.gmail.com \
    --to=ch@ntrv.dk \
    --cc=svenne@kracon.dk \
    --cc=toke@toke.dk \
    --cc=wireguard@lists.zx2c4.com \
    --subject='Re: Source IP for multihomed peer' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).