I have 6 Wireguard nodes (1 linux, 5 MTs) that are connected in a dynamic mesh (but not full graph). This works great for me, but I want to go to the next level and have access to each node’s LAN without having to enter each node’s lan subnet into WG’s accept address list. Have number of reasons for that, key being that links go down sometimes and I want to be able to re-route.
OSPF has been great for this purpose, I’m super satisfied. However, I have to run it over ipip tunnels on top of the WG links. OSPF on top of pure and dynamic WG mesh doesn’t seem to work (or I can’t make it work). I’ve been using WG to build overlay networks for few years now, but it still bums me how special and limited it’s routing is.
Hi,
One option is to have multiple wireguard interfaces with one peer each.
Each peer can have 0.0.0.0/0 allowed address.
And then use ospf to route over them.
Can use ospf directly over the wireguards in a point to point mode.
Thank you. That’s so obvious, IDK why I was stuck in the mindset to use one interface with many peers. Guess routing would work as usual, without WG’s key-based routing quirks?
How about the automatic up/down interface detection? Unlike the ipip tunnels WG interfaces don’t ever go down. Will OSPF properly detect changes when the single peer on WG interface stops working?
thank you, that works great