In T6281#185620, @c-po wrote:You probably should get the wireguard interface running in your default VRF first and see if traffic properly passes - once that's working for oyu you can move it into a VRF. Please not only the decrypted side of the WireGuard interface will reside in the VRF. The side passing encrypted packets ALWAYS is in the default VRF (Linux Kernel)
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
May 1 2024
May 1 2024
Apr 29 2024
Apr 29 2024
In T6281#185394, @c-po wrote:Please note that the Wireguard tunnel itself is sourced from the default VRF. Only the "inner side" of the tunnel runs in VRF wan.
There is no possibility to source the wireguard interface from
- Another VRf
- A discrete source IP
- A discrete source interface
This can only be handled by applying fwmark values and policy based routing - this is a WireGuard design thing.
Running into this issue on VyOS 1.5-rolling-202404280021
set protocols static route xxx.xxx.74.149/32 dhcp-interface eth1.999