Community discussions

MikroTik App
 
User avatar
anav
Forum Guru
Forum Guru
Topic Author
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

WIREGUARD Routes & DNS Resolve

Wed Mar 23, 2022 5:13 pm

(1) DNS RERESOLVE!
Note in the ref thread (linked below), it is clear that there is an issue with wireguard when the SERVER IP changes and typically this can be due to use of mynetname.net or any DYNDNS url.
It is so common that in the linux world they have a reresolve DNS script and Procustodibus has produced their ReResolve Agent.
https://git.zx2c4.com/wireguard-tools/t ... lve-dns.sh
https://www.procustodibus.com/blog/2021 ... endpoints/
(ref thread - viewtopic.php?p=920886#p920886)

Looking to see if embedding this functionality within the Router working alongside with the wireguard protocol would make sense for MT to include. Something like.
If Client unable to reach Server (after user selectable keep alive attempts), instead of next keep alive attempt or simply Stopping,
THEN reresolve associated endpoint address.
THEN attempt another cycle of keep alives, if not accepted
THEN reattempt reresolve associated endpoint addresses.

USER selectable attributes.
a. use reresolve function Y/N (or checkbox on interface setting of wireguard or at DNS servers)
b. number of keep alives before attempting reresolve ( available range 2-5 ? )
c. number of reresolve attempts ( available range 1-3 ?)

In this kind of smart approach, no additional home grown script or agents would be required!

(2) CREATING IP Routes for Allowed IPs.
In the linux world and associated APPS for wireguard there is software that automatically creates IP routes for Allowed IPs.
Is this something worth considering to implement automatically for MT software. I cannot see it hurting?

USER SETTINGS
a. (on Peer allowed IP settings for each peer) add IP routes Y/N

Outcome: IP routes would be created (DAC I suppose) for all IPs within allowed IP addresses for that peer.
The code should ignore any allowed IPs that also match the IP ADDRESS structure of the wireguard interface as defined by the admin under /ip address.
(no need for duplicates).
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 871
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: WIREGUARD Routes & DNS Resolve

Wed Mar 23, 2022 6:24 pm

@anav
Errr --- you mean the ("Peer" server) -- right? why? because WG is a p2p protocol :)

Which version of Linux is under the RoS hood? Me thinks its 5.6 but I am not 100% sure .... Does RoS run independently of Linux or does it rely on Linux but uses its own abstraction to run Linux so that it can exercise control over its products?

FYI -Abstraction is one of the four cornerstones of Computer Science. It involves filtering out – essentially, ignoring - the characteristics that we don't need in order to concentrate on those that we do. :)
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: WIREGUARD Routes & DNS Resolve

Wed Mar 23, 2022 7:18 pm

7.2rc5 is using linux kernel 5.6.3. ROS is userland based on kernel much like any other linux distro (debian, ubuntu, RedHat, etc.) builds on linux kernel. As all others ROS uses same linux kernel API calls to use and configure kernel functionality. High-level UI is completely custom though.

Who is online

Users browsing this forum: No registered users and 19 guests