Hi all,
I have a setup where I have an Ethernet port and a port channel connected to a WAN bridge interface, which has a static public IP address assigned to it.
I followed the directions for configuring Wireguard and assigned it the same public IP address, yet the packets never reach the Wireguard interface. I can see the packets in the bridge interface, and my firewall rules to accept the UDP packets are being hit. It’s as if the packets go into a black hole. I am guessing it is because I cannot add the Wireguard interface to my WAN bridge.
I have enabled debug logging and packet logging for Wireguard, yet no matter what I do, it never sees any packets, despite them passing through the firewall.
Hello,
Wireguard should work normally as long as you have a public IP address. However you seem to be somewhat confused…
- what is a WAN bridge (if it is a bridge, why is it so?, if it means that you have some sort of device from the ISP that is in “bridge mode”, then why not say that?)
- what do you mean you “set the IP” of the wireguard to the same ip? Wireguard does not have an IP address setting for the underlay (encrypted) packets, it just receives them as the router itself (as if it were a service, such as DNS), and emits the packets as if emitted from a local process (such as DNS). If you set the public IP on the wireguard interface, that’s wrong.
- what do you mean you can’t “assign wireguard to the wan bridge” - no such assignment is necessary, and if your “WAN bridge” is actually a bridge and you try to add the wireguard interface to it (which is nonsensical), you obviously can’t because wireguard is an IP (layer 3, like PPP) interface, and bridges have ethernet (layer 2) members.
Along the way don’t forget that you’ll have to allow traffic to the UDP port you’re using for wireguard and otherwise configure your firewall correctly.
/export file=anynameyouwish (minus router serial number, public WANIP information, keys).
Be happy to comment then.