Assigning addresses with avahi-autoipd

Assigning addresses with avahi-autoipd

[Christophe-Marie Duquesne]

Hi,

I have been using tinc in the past, and they had a super convenient
mode called "switch", which could be used to assign ip addresses with
avahi:

https://www.tinc-vpn.org/examples/zeroconf-ip-and-dns/

I was wondering if there was a way to do the same with wireguard.

Similarly, I was wondering if dns-sd (resolving ".local" hostnames) would work.

Has anyone attempted to do this?

Best,
Christophe-Marie

Re: Assigning addresses with avahi-autoipd

[Christophe-Marie Duquesne]

Hi,

The lack of answer suggested nobody was familiar enough with
avahi-autoipd, so I am giving more details.

According to the manpage, avahi-autoipd is an implementation of
https://tools.ietf.org/html/rfc3927.html. To achieve autoconfiguration
of their ip address, hosts randomly select an address "in the range
from 169.254.1.0 to 169.254.254.255 inclusive" (section 2.1), then
"test to see if the IPv4 Link-Local address is already in use"
(section 2.2) by "broadcasting an ARP Request for the desired address"
(section 2.2.1). The document also says that for this to work, "a
broadcast sent [...] by any host from that set of hosts can be
received by every other host" (section 1.2)

So the first question would be: any chance wireguard can broadcast ARP request?

Now for my question about resolving ".local" hosts, the concept is
called mDNS and maps to https://tools.ietf.org/html/rfc6762. The
protocol is summarized as "Clients performing DNS-like queries for
DNS-like resource records by sending DNS-like UDP query and response
messages over IP Multicast to UDP port 5353". The general idea is that
"Any DNS query for a name ending with ".local." MUST be sent to the
mDNS IPv4 link-local multicast address 224.0.0.251 (or its IPv6
equivalent FF02::FB)" (section 3).

So the second question is about whether wireguard supports
broadcasting udp packets to 224.0.0.251 or the ipv6 equivalent
ff02::fb (I don't know why the RFC used capital letters). Digging in
the mailing list, I found a thread from end of 2016
https://lists.zx2c4.com/pipermail/wireguard/2016-December/000811.html
stating that this was currently not possible. Then, there is this
answer https://lists.zx2c4.com/pipermail/wireguard/2016-December/000813.html
which says that "It's not complicated in theory, but I wonder if this
would be genuinely useful".

I would like to say that the decentralized nature of wireguard would
make it ideal for combining it with decentralized protocols such as
avahi-autoipd or mDNS, so please support this!

Best,
Christophe-Marie

Re: Assigning addresses with avahi-autoipd

[Matthias Urlichs]

On 02.03.2018 15:41, Christophe-Marie Duquesne wrote:
> So the first question would be: any chance wireguard can broadcast ARP request?

Umm … no.

Wireguard doesn't do ARP because it already knows where to send packets.

It also doesn't dynamic assign IP addresses because you already need a
way to exchange information before setting up the WG link (i.e. the
public keys). It's trivial to also exchange IP addresses when you do that.

I'll leave the question of whether/how to route multicast packets to
somebody more knowledgeable.

-- 
-- Matthias Urlichs

Re: Assigning addresses with avahi-autoipd

[Reuben Martin]

On Friday, March 2, 2018 8:41:34 AM CST Christophe-Marie Duquesne wrote:
> Hi,
> 
> The lack of answer suggested nobody was familiar enough with
> avahi-autoipd, so I am giving more details.

Nobody has answered because your questions are orthogonal to the scope of 
wireguard.

> So the first question would be: any chance wireguard can broadcast ARP
> request?

ARP is layer2. Wireguard is layer3. If you want ARP requests to propogate 
between the networks you will have to set up layer2 tunneling of some sort.

> So the second question is about whether wireguard supports
> broadcasting udp packets to 224.0.0.251 or the ipv6 equivalent
> ff02::fb 

If you want multicast traffic to propogate, an IGMP / MLP proxy server would 
probably be the easiest solution.

-Reuben

Re: Assigning addresses with avahi-autoipd

[Christophe-Marie Duquesne]

On Sat, Mar 3, 2018 at 5:04 AM, Reuben Martin <reuben.m.work@gmail.com> wrote:
> ARP is layer2. Wireguard is layer3. If you want ARP requests to propogate
> between the networks you will have to set up layer2 tunneling of some sort.

Ok, thanks a lot. The other VPN software I have used can also
transport layer2: openvpn has the bridge mode, tinc has the switch
mode. I was assuming wireguard had (or could aquire) this capability
as well. Are there reasons not to support this? I would like to have
your opinion.

> If you want multicast traffic to propogate, an IGMP / MLP proxy server would
> probably be the easiest solution.

Thank you for the advice, but then I think I will just hack something
with dnsmasq. The point of using mDNS was to avoid maintaining an
extra piece of software. The moment I setup an IGMP / MLP proxy, I
fail this goal, and at this point if I am going to set up something, I
would rather fall back to a DNS management tool.

Cheers,
Christophe-Marie