++readme
This commit is contained in:
parent
846c2d3651
commit
d1116bb664
|
@ -1,6 +1,10 @@
|
||||||
## Wireguard test
|
## Wireguard test
|
||||||
|
|
||||||
### On the pod
|
This is a test whether wireguard-as-a-service can be provided inside k8s.
|
||||||
|
|
||||||
|
##
|
||||||
|
|
||||||
|
## Configuration on the pod
|
||||||
|
|
||||||
```
|
```
|
||||||
apk update
|
apk update
|
||||||
|
@ -20,7 +24,7 @@ tcpdump -ni eth0 port 51820
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
### On the client
|
## On the client
|
||||||
|
|
||||||
```
|
```
|
||||||
[Interface]
|
[Interface]
|
||||||
|
@ -34,14 +38,68 @@ Endpoint = wireguard4.default.svc.c2.k8s.ooo:51820
|
||||||
AllowedIPs = 2a0a:e5c3::/32
|
AllowedIPs = 2a0a:e5c3::/32
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Result
|
||||||
|
|
||||||
|
Working:
|
||||||
|
|
||||||
|
```
|
||||||
|
[12:01] nb3:~% ping -c3 2a0a:e5c3::42
|
||||||
|
PING 2a0a:e5c3::42(2a0a:e5c3::42) 56 data bytes
|
||||||
|
64 bytes from 2a0a:e5c3::42: icmp_seq=1 ttl=64 time=13.2 ms
|
||||||
|
64 bytes from 2a0a:e5c3::42: icmp_seq=2 ttl=64 time=13.3 ms
|
||||||
|
64 bytes from 2a0a:e5c3::42: icmp_seq=3 ttl=64 time=13.8 ms
|
||||||
|
|
||||||
|
--- 2a0a:e5c3::42 ping statistics ---
|
||||||
|
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
|
||||||
|
rtt min/avg/max/mdev = 13.195/13.409/13.751/0.244 ms
|
||||||
|
[12:01] nb3:~%
|
||||||
|
```
|
||||||
|
|
||||||
|
On the pod:
|
||||||
|
|
||||||
|
```
|
||||||
|
/ # wg show
|
||||||
|
interface: wg0
|
||||||
|
public key: ohMbdXf+eQQyiFFyJq+a8NMxV3pgFzjgPYcTD/T+qzs=
|
||||||
|
private key: (hidden)
|
||||||
|
listening port: 51820
|
||||||
|
|
||||||
|
peer: J3qrhOP6GjRC8qOdKiKcAYMXKdiTliBBbJgNpz8sUQI=
|
||||||
|
endpoint: [2a0a:e5c0:13:0:225:b3ff:fe20:383c]:11017
|
||||||
|
allowed ips: 2a0a:e5c1:101::/48
|
||||||
|
latest handshake: 26 seconds ago
|
||||||
|
transfer: 35.40 KiB received, 32.93 KiB sent
|
||||||
|
/ #
|
||||||
|
```
|
||||||
|
|
||||||
|
On the client:
|
||||||
|
|
||||||
|
```
|
||||||
|
interface: k8s
|
||||||
|
public key: J3qrhOP6GjRC8qOdKiKcAYMXKdiTliBBbJgNpz8sUQI=
|
||||||
|
private key: (hidden)
|
||||||
|
listening port: 51820
|
||||||
|
|
||||||
|
peer: ohMbdXf+eQQyiFFyJq+a8NMxV3pgFzjgPYcTD/T+qzs=
|
||||||
|
endpoint: [2a0a:e5c0:13:e2::ba58]:51820
|
||||||
|
allowed ips: 2a0a:e5c3::/32
|
||||||
|
latest handshake: 46 seconds ago
|
||||||
|
transfer: 32.93 KiB received, 35.40 KiB sent
|
||||||
|
```
|
||||||
|
|
||||||
## Missing
|
## Missing
|
||||||
|
|
||||||
* Routing / network delegation for the range
|
|
||||||
* -Receiving traffic inside wg0-: works
|
* -Receiving traffic inside wg0-: works
|
||||||
* -Different IPv6 address-: works
|
* -Different IPv6 address-: works
|
||||||
|
* -IPv4 outside-: via Jool/external
|
||||||
* Keeping pod alive
|
* Keeping pod alive
|
||||||
* IPv4: via Jool/external
|
* Routing / network delegation for the range
|
||||||
|
* Configuration definition: helm chart?
|
||||||
|
* uncloud integration:
|
||||||
|
* git repo (?)
|
||||||
|
* VPN server definition
|
||||||
|
|
||||||
## Routing / delegation
|
## Routing / delegation
|
||||||
|
|
||||||
* Also via wg
|
* Also via wg
|
||||||
|
* Via external VPN
|
||||||
|
|
Loading…
Reference in New Issue