howto:network:wireguard
Toto je starší verze dokumentu!
WireGuard
L2 tunnel
Wireguard je L3 tunnel. Pokud se pres wireguard potrebuju dostat do vzdaleny site na L2 vrstve, musim pouzit dalsi tunnel ktery pobezi pres wireguardove ip adresy.
WireGuard+SSH
Nasledujici prikaz lze pouzit pro L2 tunnel na ssh server za wireguardem. Na vzdalenem serveru alokuje prvni volny tap interface a prida ho do bridge vmbr0, ktera musi na serveru jiz existovat. Lokalne vytvori tap7, na kterem si mohu pak lokalne pustit treba dhcp klienta.
ssh -o Tunnel=ethernet -w 7 root@wg_ip_adresa 'brctl addif vmbr0 $SSH_TUNNEL'
WireGuard+Geneve
https://en.wikipedia.org/wiki/Generic_Network_Virtualization_Encapsulation
priklad server:
[Interface] Address = 10.11.17.123/24 ... PostUp = ip link add gnv0 type geneve id 1234 remote 10.11.17.124 PostUp = ip link set gnv0 up #PostUp = ip addr add 10.100.200.35/24 dev gnv0 PostUp = brctl addif vmbr0 gnv0 PreDown = ip link delete gnv0 [Peer] ...
priklad klient:
[Interface] Address = 10.11.17.124/24 ... PostUp = ip link add gnv0 type geneve id 1234 remote 10.11.17.123 PostUp = ip link set gnv0 up PostUp = dhcpcd gnv0 #PostUp = ip addr add 10.100.200.32/24 dev gnv0 #PostUp = ip route add 10.10.0.0/16 via 10.10.160.1 dev gnv0 PreDown = dhcpcd --exit gnv0 PreDown = ip link delete gnv0 [Peer] ...
howto/network/wireguard.1647601048.txt.gz · Poslední úprava: 2022/03/18 11:57 autor: harvie