Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Wireguard interface binding
« previous
next »
Print
Pages: [
1
]
Author
Topic: Wireguard interface binding (Read 1059 times)
slykens
Newbie
Posts: 8
Karma: 0
Wireguard interface binding
«
on:
June 24, 2024, 08:45:28 pm »
Hello -
Wondering if being able to bind wireguard instances to interfaces is on the roadmap for future 24.7?
I understand FreeBSD 14 is required for this so was hoping it would be there. An install of the beta reveals it is not present yet.
For those of us with dual-WAN the ability to bind an instance to an interface will greatly simplify configuring backup tunnels - right now I have a second OPN instance on my vm host to connect to my backup internet so I can have separate backup wireguard tunnels and use dynamic routing to manage them.
Logged
satish
Newbie
Posts: 2
Karma: 0
Re: Wireguard interface binding
«
Reply #1 on:
June 29, 2024, 06:35:29 pm »
I;m trying to understand your use case here; why cant you have 2 instances running on 2 different ports ? These are servers right ?or are they clients ?
If they are servers, just give different ip:port to each of the clients and they will automatically connect to your different WAN interface as they are currently doing.
If they are Clients and you are connecting out; you can simply create a load balancing gateway where you prefer 1 connection over another for that ip that you are connecting to. In both cases; from what i understand your use case should work. Unless there is something else you want to achieve.
Logged
OPNSense HW
3 x [10210U | 16G Ram | I225-V] HW
1 x i5-8250U | 16G Ram | I211 HW
4 x VM Instances
.... and counting.....
slykens
Newbie
Posts: 8
Karma: 0
Re: Wireguard interface binding
«
Reply #2 on:
July 01, 2024, 01:32:47 am »
You can't just bind to a different port because it will route to the current default gateway anyway - wireguard binds to *.12345, if 12345 were the port. Even using a firewall rule to try to direct the traffic to another gateway is hit and miss.
I'm running tunnels between sites, with BFD and BGP running over them, for quick recovery.
An example topology is Site A with WAN 1 and WAN 2 and Site B with WAN 1. I want two wireguard tunnels up at all times - one each from Site A/WAN 1 and Site A/WAN 2 to Site B/WAN 1. In this scenario, running BFD/BGP, connectivity recovers in a second or two rather than 15-30 seconds. A fast recovery is necessary as there is streaming video over these tunnels with limited buffers on each end.
Now I'm running two opnsense instances at Site A and letting them peer to get the desired behavior. It doesn't "cost" me anything, I have plenty of resources on the vm host there but it would be nice to consolidate into one instance when 24.7 comes out.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Wireguard interface binding