Making Wireguard CARP aware

Started by bubbagump, January 31, 2023, 09:23:12 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 31, 2023, 09:23:12 PM Last Edit: January 31, 2023, 09:29:35 PM by bubbagump
Currently Wireguard has no CARP awareness meaning a few things:

* Wireguard that is stopped on a firewall that is BACKUP start after an XMLRPC config sync when the enable flag is set.
* Wireguard starts on a firewall that is BACKUP after a reboot.

This causes issues where two firewalls are connected to the same VPN endpoint and thus have the same tunnel IP. The far end thrashes packets all over as the two tunnels fight for dominance.

There is a good CARP script out there to deal with failover but not the XMLRPC sync issue.

It occurs to me that there should be an option within the WG plugin to make it "CARP aware" OR a change in the default behavior to always be CARP aware similar to DHCP.

My ask here is does a pattern for such a thing exist? Are there other plugins that have such functionality? I'd like to dig into the problem, but I want to use any established patterns if they exist so I don't make a pull request and find "hey dude, do it this way over here as that's how we always do it." I don't think any plugins ARE CARP aware, thus my question and perhaps a new pattern would need to be created. Thanks!
February 01, 2023, 01:26:48 PM #1
i'm dumb, mDNS has this same pattern.
Print
Go Up Pages1
User actions