[Bug 261711] VXLAN over wireguqard

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 261711] VXLAN over wireguqard"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 08 Feb 2022 12:01:56 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261711

--- Comment #2 from Volker <worker@cksn.tk> ---
okay, sorry for the delay but now i have tested with an plain freeBSD
13-release (no opnsense offset). same result, VXLAN over wireguard isnt working
now. here is my test environment config:

system1:

- network interface vtnet0 is in DHCP mode for internet uplink and ssh access
- network interface vtnet1 is a dedicated network between the VMs (10GBit with
9000 MTU):
# ifconfig vtnet1 inet 10.0.0.1 netmask 255.255.255.0 mtu 9000
# pkg install wireguard

wireguard config: /usr/local/etc/wireguard/wg0.conf
=============================================================
[Interface]
PrivateKey = ODK5skFPghxdo41XWG9Way6fIKHfhvKxeMDVxkeE610=
Address = 10.10.0.1/24
ListenPort = 51820

[Peer]
PublicKey = 4jyrPvDJUPAe/Lvqa6XUuqDX1SzzMiFVADh56jSPAWU=
AllowedIPs = 10.10.0.2/32
Endpoint = 10.0.0.2:51820
PersistentKeepalive = 15
=============================================================

# service wireguard start
# ifconfig vxlan create vxlanid 42 vxlanlocal 10.10.0.1 vxlanremote 10.10.0.2
inet 10.10.10.1/24




system 2:

- network interface vtnet0 is in DHCP mode for internet uplink and ssh access
- network interface vtnet1 is a dedicated network between the VMs (10GBit with
9000 MTU):
# ifconfig vtnet1 inet 10.0.0.2 netmask 255.255.255.0 mtu 9000
# pkg install wireguard

wireguard config: /usr/local/etc/wireguard/wg0.conf
=============================================================
[Interface]
PrivateKey = ODK5skFPghxdo41XWG9Way6fIKHfhvKxeMDVxkeE610=
Address = 10.10.0.2/24
ListenPort = 51820

[Peer]
PublicKey = 4jyrPvDJUPAe/Lvqa6XUuqDX1SzzMiFVADh56jSPAWU=
AllowedIPs = 10.10.0.1/32
Endpoint = 10.0.0.1:51820
PersistentKeepalive = 15
=============================================================

# service wireguard start
# ifconfig vxlan create vxlanid 42 vxlanlocal 10.10.0.2 vxlanremote 10.10.0.1
inet 10.10.10.2/24




so all interfaces are up and running, so from system 1 i start to ping the
interfaces:


root@freebsd:~ # ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2): 56 data bytes
64 bytes from 10.0.0.2: icmp_seq=0 ttl=64 time=0.581 ms
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.614 ms
...

so ping between the native interfaces are fine

root@freebsd:~ # ping 10.10.0.2
PING 10.10.0.2 (10.10.0.2): 56 data bytes
64 bytes from 10.10.0.2: icmp_seq=0 ttl=64 time=0.824 ms
64 bytes from 10.10.0.2: icmp_seq=1 ttl=64 time=0.879 ms
...

ping via wireguard are also fine

root@freebsd:~ # ping 10.10.10.2
PING 10.10.10.2 (10.10.10.2): 56 data bytes
ping: sendto: Host is down
ping: sendto: Host is down
...

ping over the VXLAN is not working :( an check to the arp-table shows the
problem:

root@freebsd:~ # arp -a
? (10.10.10.2) at (incomplete) on vxlan0 expired [ethernet]
...

the initial arp request isnt responded by the opposite VXLAN interface.

here is the ifconfig from system 1:
root@freebsd:~ # ifconfig
vtnet0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
       
options=4c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6>
        ether 4a:78:ef:c5:db:28
        inet6 fe80::4878:efff:fec5:db28%vtnet0 prefixlen 64 scopeid 0x1
        inet 10.50.0.240 netmask 0xffffff00 broadcast 10.50.0.255
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
vtnet1: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 9000
       
options=4c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6>
        ether c6:77:27:a1:fd:3e
        inet6 fe80::c477:27ff:fea1:fd3e%vtnet1 prefixlen 64 scopeid 0x3
        inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
vxlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=80020<JUMBO_MTU,LINKSTATE>
        ether 58:9c:fc:10:ff:c5
        inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255
        inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
        groups: vxlan
        vxlan vni 42 local 10.10.0.1:4789 remote 10.10.0.2:4789
        media: Ethernet autoselect (autoselect <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
wg0: flags=80c1<UP,RUNNING,NOARP,MULTICAST> metric 0 mtu 8920
        options=80000<LINKSTATE>
        inet 10.10.0.1 netmask 0xffffff00
        groups: wg
        nd6 options=103<PERFORMNUD,ACCEPT_RTADV,NO_DAD>



and here from system 2:
root@freebsd:/usr/local/etc/wireguard # ifconfig
vtnet0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
       
options=4c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6>
        ether 2e:c0:6b:ff:3b:79
        inet6 fe80::2cc0:6bff:feff:3b79%vtnet0 prefixlen 64 scopeid 0x1
        inet 10.50.0.241 netmask 0xffffff00 broadcast 10.50.0.255
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
vtnet1: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 9000
       
options=4c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6>
        ether 52:10:64:d2:31:bf
        inet6 fe80::5010:64ff:fed2:31bf%vtnet1 prefixlen 64 scopeid 0x2
        inet 10.0.0.2 netmask 0xffffff00 broadcast 10.0.0.255
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
wg0: flags=80c1<UP,RUNNING,NOARP,MULTICAST> metric 0 mtu 1420
        options=80000<LINKSTATE>
        inet 10.10.0.2 netmask 0xffffff00
        groups: wg
        nd6 options=103<PERFORMNUD,ACCEPT_RTADV,NO_DAD>
vxlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=80020<JUMBO_MTU,LINKSTATE>
        ether 58:9c:fc:10:ff:c5
        inet 10.10.10.2 netmask 0xffffff00 broadcast 10.10.10.255
        inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
        groups: vxlan
        vxlan vni 42 local 10.10.0.2:4789 remote 10.10.0.1:4789
        media: Ethernet autoselect (autoselect <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>



so, this my input, maybe someone can have a look and can help to solve this
problem??? i know, the VXLAN MTU value isnt optimized but this shouldnt the
problem...

-- 
You are receiving this mail because:
You are the assignee for the bug.