48 lines
904 B
Markdown
48 lines
904 B
Markdown
|
## Wireguard test
|
||
|
|
|
||
|
|
### On the pod
|
||
|
|
|
||
|
|
```
|
||
|
|
apk update
|
||
|
|
apk add wireguard-tools tcpdump
|
||
|
|
cat > /etc/wireguard/wg0.conf <<EOF
|
||
|
|
[Interface]
|
||
|
|
ListenPort = 51820
|
||
|
|
PrivateKey = wNTbdLXXQVynFAqIqXuqbwul7O00kuqgzajeK7/NoUw=
|
||
|
|
|
||
|
|
[Peer]
|
||
|
|
PublicKey = J3qrhOP6GjRC8qOdKiKcAYMXKdiTliBBbJgNpz8sUQI=
|
||
|
|
AllowedIPs = 2a0a:e5c1:101::/48
|
||
|
|
EOF
|
||
|
|
wg-quick up wg0
|
||
|
|
ip addr add 2a0a:e5c3::42/32 dev wg0
|
||
|
|
tcpdump -ni eth0 port 51820
|
||
|
|
|
||
|
|
```
|
||
|
|
|
||
|
|
### On the client
|
||
|
|
|
||
|
|
```
|
||
|
|
[Interface]
|
||
|
|
PrivateKey = YIhBmmE+D8NwSUijXv2Jw8FazNI73BEM9ApzAfJ9Zms=
|
||
|
|
ListenPort = 51820
|
||
|
|
Address = 2a0a:e5c1:101::42/48
|
||
|
|
|
||
|
|
[Peer]
|
||
|
|
PublicKey = ohMbdXf+eQQyiFFyJq+a8NMxV3pgFzjgPYcTD/T+qzs=
|
||
|
|
Endpoint = wireguard4.default.svc.c2.k8s.ooo:51820
|
||
|
|
AllowedIPs = 2a0a:e5c3::/32
|
||
|
|
```
|
||
|
|
|
||
|
|
## Missing
|
||
|
|
|
||
|
|
* Routing / network delegation for the range
|
||
|
|
* -Receiving traffic inside wg0-: works
|
||
|
|
* -Different IPv6 address-: works
|
||
|
|
* Keeping pod alive
|
||
|
|
* IPv4: via Jool/external
|
||
|
|
|
||
|
|
## Routing / delegation
|
||
|
|
|
||
|
|
* Also via wg
|