Hi forum,
just would like to share couple of notes regarding the WireGuard implementations.
ROS 7.1.1
\
-
When adding a new wireguard Interface, if I set the port 51820, the interface never becomes Running and its not possible to start it. If I specify any other port it works fine.
This behaviour was observed on several RB4011, RB960
However, when the same was tried on CRS309 and CRS326, the interface is created fine in running state.
So it seems the only way to set WG port ito 51820 is to first create it with some other port, then change it to 51820 later.
^^^
(UPDATE: Ok i understood why it is happening. I already had one Wireguard listening on 51820 that was used as a client, so obviously a second interface that was supposed to be a Server couldnt be created on the same port. There was no error generated or anything, it was just inactive. However, when the interface was created in a different port, and was later change to 51820, it was shown in as Running, but wouldnt come active if I pressed Disable/enable. So thats what have confused me here) -
There is some strange behaviour of WireGuard when the packet is sent to the VRRP interface.
So say, I have two devices with host_A@.251 and host_B@.252 sharing a VRRP IP of .254
When I initiate a tunnel to either .251 or .252 all works fine. When I initiate a tunnel to .254, it doesn’t always work. I haven’t figured out the consistent pattern, but if I am unable to establish a connection to the VRRP IP (.254), I try connecting to the active VRRP host main IP(.251), then back to the VRRP IP (.254) and it suddenly mystically works.
