Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - rcmcdonald91

Pages1
#1
Virtual private networks / Re: Wireguard 0.0.0.0/0 allowed and "Table = off"
December 21, 2020, 06:48:38 PM
Problem appears to be upstream:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244330

Will be so nice when we get kernel module with FreeBSD 13
#2
Virtual private networks / Re: Wireguard 0.0.0.0/0 allowed and "Table = off"
December 21, 2020, 06:35:24 PM
Looking at netstat -rn seems to suggest that there isn't a local local binding for the wg0 local tunnel address:

For instance, if we look at the routing table with ZeroTier enabled we see this:

Code Select

Internet:
Destination        Gateway            Flags     Netif Expire
10.147.17.0/24     link#10            U      ztdbpfrc
10.147.17.162      link#10            UHS         lo0


However, for a WireGuard interface we only see this:
Code Select

Internet:
Destination        Gateway            Flags     Netif Expire
10.0.13.0          wg0                UHS         wg0
10.0.13.0/31       10.0.13.0          UGS         wg0
10.0.13.1          link#11            UH          wg0

So it seems that wg-quick (or whatever you are using on the backend to build and teardown wg instances, isn't doing it correctly.
#3
Virtual private networks / Re: Wireguard 0.0.0.0/0 allowed and "Table = off"
December 21, 2020, 12:56:49 PM
Any particular reason why?
#4
Virtual private networks / Re: Wireguard 0.0.0.0/0 allowed and "Table = off"
December 21, 2020, 01:19:32 AM
What kind of static route or firewall rule should I apply to create just a point-to-point link? On Linux all that is required is "Table= off" and it just works. I guess things are a bit different here? I did figure out that if I create a gateway pointed at the other end of the link, and then set this gateway on the Wireguard>Local Advanced Settings configuration, this seems to work...though pinging the local side of the link from Opnsense is quite slow, so it seems that the traffic is hitting the far side and then coming back, instead of staying local?
#5
Virtual private networks / Wireguard 0.0.0.0/0 allowed and "Table = off"
December 19, 2020, 03:30:57 AM
I need to use wireguard for point-to-point links without Wireguard injecting routes into the routing table. On Linux or manually configuring .conf files , this is easy to do with "Table = off" and settint the AllowedIPs = 0.0.0.0/0 on both client and server.

The only way I can get traffic to pass through my wireguard tunnels is NOT disable routes , I thought this was the GUI equivalent of Table = off.

What's the deal?
#6
General Discussion / Choose which gateway ZeroTier uses for traffic?
December 18, 2020, 09:25:23 PM
How can I select which gateway ZeroTier uses for traffic without changing the default gateway?
Pages1