Date: Tue, 08 Feb 2022 12:01:56 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 261711] VXLAN over wireguqard Message-ID: <bug-261711-227-KwgpBDhp6p@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-261711-227@https.bugs.freebsd.org/bugzilla/> References: <bug-261711-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D261711 --- Comment #2 from Volker <worker@cksn.tk> --- okay, sorry for the delay but now i have tested with an plain freeBSD 13-release (no opnsense offset). same result, VXLAN over wireguard isnt wor= king now. here is my test environment config: system1: - network interface vtnet0 is in DHCP mode for internet uplink and ssh acce= ss - network interface vtnet1 is a dedicated network between the VMs (10GBit w= ith 9000 MTU): # ifconfig vtnet1 inet 10.0.0.1 netmask 255.255.255.0 mtu 9000 # pkg install wireguard wireguard config: /usr/local/etc/wireguard/wg0.conf =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D [Interface] PrivateKey =3D ODK5skFPghxdo41XWG9Way6fIKHfhvKxeMDVxkeE610=3D Address =3D 10.10.0.1/24 ListenPort =3D 51820 [Peer] PublicKey =3D 4jyrPvDJUPAe/Lvqa6XUuqDX1SzzMiFVADh56jSPAWU=3D AllowedIPs =3D 10.10.0.2/32 Endpoint =3D 10.0.0.2:51820 PersistentKeepalive =3D 15 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D # service wireguard start # ifconfig vxlan create vxlanid 42 vxlanlocal 10.10.0.1 vxlanremote 10.10.0= .2 inet 10.10.10.1/24 system 2: - network interface vtnet0 is in DHCP mode for internet uplink and ssh acce= ss - network interface vtnet1 is a dedicated network between the VMs (10GBit w= ith 9000 MTU): # ifconfig vtnet1 inet 10.0.0.2 netmask 255.255.255.0 mtu 9000 # pkg install wireguard wireguard config: /usr/local/etc/wireguard/wg0.conf =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D [Interface] PrivateKey =3D ODK5skFPghxdo41XWG9Way6fIKHfhvKxeMDVxkeE610=3D Address =3D 10.10.0.2/24 ListenPort =3D 51820 [Peer] PublicKey =3D 4jyrPvDJUPAe/Lvqa6XUuqDX1SzzMiFVADh56jSPAWU=3D AllowedIPs =3D 10.10.0.1/32 Endpoint =3D 10.0.0.1:51820 PersistentKeepalive =3D 15 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D # service wireguard start # ifconfig vxlan create vxlanid 42 vxlanlocal 10.10.0.2 vxlanremote 10.10.0= .1 inet 10.10.10.2/24 so all interfaces are up and running, so from system 1 i start to ping the interfaces: root@freebsd:~ # ping 10.0.0.2 PING 10.0.0.2 (10.0.0.2): 56 data bytes 64 bytes from 10.0.0.2: icmp_seq=3D0 ttl=3D64 time=3D0.581 ms 64 bytes from 10.0.0.2: icmp_seq=3D1 ttl=3D64 time=3D0.614 ms ... so ping between the native interfaces are fine root@freebsd:~ # ping 10.10.0.2 PING 10.10.0.2 (10.10.0.2): 56 data bytes 64 bytes from 10.10.0.2: icmp_seq=3D0 ttl=3D64 time=3D0.824 ms 64 bytes from 10.10.0.2: icmp_seq=3D1 ttl=3D64 time=3D0.879 ms ... ping via wireguard are also fine root@freebsd:~ # ping 10.10.10.2 PING 10.10.10.2 (10.10.10.2): 56 data bytes ping: sendto: Host is down ping: sendto: Host is down ... ping over the VXLAN is not working :( an check to the arp-table shows the problem: root@freebsd:~ # arp -a ? (10.10.10.2) at (incomplete) on vxlan0 expired [ethernet] ... the initial arp request isnt responded by the opposite VXLAN interface. here is the ifconfig from system 1: root@freebsd:~ # ifconfig vtnet0: flags=3D8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1= 500 =20=20=20=20=20=20=20 options=3D4c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSU= M,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6> ether 4a:78:ef:c5:db:28 inet6 fe80::4878:efff:fec5:db28%vtnet0 prefixlen 64 scopeid 0x1 inet 10.50.0.240 netmask 0xffffff00 broadcast 10.50.0.255 media: Ethernet autoselect (10Gbase-T <full-duplex>) status: active nd6 options=3D23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3D680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet 127.0.0.1 netmask 0xff000000 groups: lo nd6 options=3D23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> vtnet1: flags=3D8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 9= 000 =20=20=20=20=20=20=20 options=3D4c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSU= M,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6> ether c6:77:27:a1:fd:3e inet6 fe80::c477:27ff:fea1:fd3e%vtnet1 prefixlen 64 scopeid 0x3 inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 media: Ethernet autoselect (10Gbase-T <full-duplex>) status: active nd6 options=3D23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> vxlan0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1= 500 options=3D80020<JUMBO_MTU,LINKSTATE> ether 58:9c:fc:10:ff:c5 inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255 inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255 groups: vxlan vxlan vni 42 local 10.10.0.1:4789 remote 10.10.0.2:4789 media: Ethernet autoselect (autoselect <full-duplex>) status: active nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> wg0: flags=3D80c1<UP,RUNNING,NOARP,MULTICAST> metric 0 mtu 8920 options=3D80000<LINKSTATE> inet 10.10.0.1 netmask 0xffffff00 groups: wg nd6 options=3D103<PERFORMNUD,ACCEPT_RTADV,NO_DAD> and here from system 2: root@freebsd:/usr/local/etc/wireguard # ifconfig vtnet0: flags=3D8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1= 500 =20=20=20=20=20=20=20 options=3D4c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSU= M,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6> ether 2e:c0:6b:ff:3b:79 inet6 fe80::2cc0:6bff:feff:3b79%vtnet0 prefixlen 64 scopeid 0x1 inet 10.50.0.241 netmask 0xffffff00 broadcast 10.50.0.255 media: Ethernet autoselect (10Gbase-T <full-duplex>) status: active nd6 options=3D23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> vtnet1: flags=3D8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 9= 000 =20=20=20=20=20=20=20 options=3D4c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSU= M,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6> ether 52:10:64:d2:31:bf inet6 fe80::5010:64ff:fed2:31bf%vtnet1 prefixlen 64 scopeid 0x2 inet 10.0.0.2 netmask 0xffffff00 broadcast 10.0.0.255 media: Ethernet autoselect (10Gbase-T <full-duplex>) status: active nd6 options=3D23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3D680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet 127.0.0.1 netmask 0xff000000 groups: lo nd6 options=3D23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> wg0: flags=3D80c1<UP,RUNNING,NOARP,MULTICAST> metric 0 mtu 1420 options=3D80000<LINKSTATE> inet 10.10.0.2 netmask 0xffffff00 groups: wg nd6 options=3D103<PERFORMNUD,ACCEPT_RTADV,NO_DAD> vxlan0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1= 500 options=3D80020<JUMBO_MTU,LINKSTATE> ether 58:9c:fc:10:ff:c5 inet 10.10.10.2 netmask 0xffffff00 broadcast 10.10.10.255 inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255 groups: vxlan vxlan vni 42 local 10.10.0.2:4789 remote 10.10.0.1:4789 media: Ethernet autoselect (autoselect <full-duplex>) status: active nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> so, this my input, maybe someone can have a look and can help to solve this problem??? i know, the VXLAN MTU value isnt optimized but this shouldnt the problem... --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-261711-227-KwgpBDhp6p>