Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
opnsense, wireguard, and dn42
« previous
next »
Print
Pages: [
1
]
Author
Topic: opnsense, wireguard, and dn42 (Read 1673 times)
fmeppo
Newbie
Posts: 3
Karma: 0
opnsense, wireguard, and dn42
«
on:
December 29, 2021, 01:46:51 am »
I'm trying to use wireguard to connect to dn42, a BGP-managed overlay network. OPNsense is running my home network just fine, and I've set up wireguard and a BGP peer successfully. Wireguard is up, and I'm receiving BGP adverts (and according to the dn42 forums, I'm advertising my IPv4 space as well). Problem is, frr's bgpd isn't detecting that the BGP peer is a connected address - and by default, I don't even have a system route to the other side of the wireguard tunnel.
I can manually add a route to the remote side of the tunnel:
route add -host 172.20.16.139/32 -iface wg0
This at least gives me IPv4 connectivity to the remote endpoint, and lets bgpd receive updates. However, bgpd refuses to do anything with the route updates as frr isn't seeing the nexthop as connected:
# show bgp nexthop
Current BGP nexthop cache:
172.20.16.139 invalid, peer 172.20.16.139
Must be Connected
Last update: Tue Dec 28 16:41:03 2021
I can work around that somewhat by (manually) starting staticd and adding some config with vtysh, but....there's gotta be a better way. Does anyone use opnsense to connect to dn42, or have suggestions for how I could get the remote side of a wireguard tunnel to show up more automatically in various routing tables?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
opnsense, wireguard, and dn42