Menu
▾
▴
Re: [Astlinux-users] Multiple wg interfaces
|
From: Michael K. <mic...@ip...> - 2019-06-08 01:57:30
|
Hi Group I would like to bring this up again as I have begun development of a transit switch for my customers (using Astlinux). The architecture will be both a primary and secondary server for the transit switch with regular synchronisation from Primary to Secondary. Both will have trunks to my upstream SIP provider with active/active redundancy. All customer Astlinux boxes will connect via Wireguard VPN as a client to 3 servers being Primary Transit, Secondary Transit and a Management server (I would rather not manage through the Transit servers). The customer Astlinux box could also be a VPN server for other satellite sites and user Remote Peers. Should this config work? -- Management Server -- gui.wireguard.conf: WIREGUARD_IP="172.29.200.254" WIREGUARD_NM="255.255.255.0" wg0.peer: [Peer] # Peer 1 PublicKey = ### AllowedIPs = 172.29.200.1/32 [Peer] # Peer 2 PublicKey = ### AllowedIPs = 172.29.200.2/32 ........> [Peer] # Peer 200 PublicKey = ### AllowedIPs = 172.29.200.200/32 -- Primary Server -- gui.wireguard.conf: WIREGUARD_IP="172.29.201.254" WIREGUARD_NM="255.255.255.0" wg0.peer: [Peer] # Peer 1 PublicKey = ### AllowedIPs = 172.29.201.1/32 [Peer] # Peer 2 PublicKey = ### AllowedIPs = 172.29.201.2/32 ........> [Peer] # Peer 200 PublicKey = ### AllowedIPs = 172.29.201.200/32 -- Secondary Server -- gui.wireguard.conf: WIREGUARD_IP="172.29.202.254" WIREGUARD_NM="255.255.255.0" wg0.peer: [Peer] # Peer 1 PublicKey = ### AllowedIPs = 172.29.202.1/32 [Peer] # Peer 2 PublicKey = ### AllowedIPs = 172.29.202.2/32. ........> [Peer] # Peer 200 PublicKey = ### AllowedIPs = 172.29.202.200/32 -- Client -- gui.wireguard.conf: # This range is used for peers to us that we are a server e.g. satellite sites and users WIREGUARD_IP="172.29.253.1" WIREGUARD_NM="255.255.255.0" rc.elocal: # Add Secondary IP Addresses to wg0 ip addr add 172.29.200.1/24 dev wg0 ip addr add 172.29.201.1/24 dev wg0 ip addr add 172.29.202.1/24 dev wg0 wg0.peer: [Peer] # Management Server PublicKey = ### Endpoint = management01.ipcaccess.net AllowedIPs = 172.29.200.254/32 PersistentKeepalive = 25 [Peer] # Primary Server PublicKey = ### Endpoint = primary01.ipcaccess.net AllowedIPs = 172.29.201.254/32 # No keepalive required as SIP Options ping will keep it up [Peer] # Secondary Server PublicKey = ### Endpoint = secondary01.ipcaccess.net AllowedIPs = 172.29.202.254/32 # No keepalive required as SIP Options ping will keep it up [Peer] # Another Astlinux box peering to us PublicKey = ### AllowedIPs = 172.29.253.2/32,<other accessible routes at the satellite site> # No keepalive required as SIP Options ping will keep it up -- Can anyone see problems with this configuration? Regards Michael Knill From: David Kerr <da...@ke...> Reply-To: AstLinux List <ast...@li...> Date: Tuesday, 1 January 2019 at 6:21 pm To: AstLinux List <ast...@li...> Subject: Re: [Astlinux-users] Multiple wg interfaces Michael, A single wg interface can have multiple IP addresses. They can be different subnets too. You will have to manually edit the config files. David. On Tue, Jan 1, 2019 at 6:37 AM Michael Knill <mic...@ip...<mailto:mic...@ip...>> wrote: Hi group Here is my scenario. I have primary and backup Wireguard VPN Peers that multiple Astlinux boxes will be connecting to. I assume that I will need different wgx interfaces for this as I cant have the same IP Address. If so, just wondering how to set this up in Astlinux? Regards Michael Knill _______________________________________________ Astlinux-users mailing list Ast...@li...<mailto:Ast...@li...> https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pa...@kr...<mailto:pa...@kr...>. -- David Kerr Sent from Gmail Mobile |
