Wireguard mesh topology is not working

Hi Team,

This is my topology and my mesh topology is not working as expected, can someone please suggest if I am doing anything wrong?

R1 Config
set interfaces ethernet eth0 address '10.144.10.10/24'
set interfaces ethernet eth0 hw-id '00:0c:29:fd:ae:01'
set interfaces ethernet eth1 address '10.144.40.10/24'
set interfaces ethernet eth1 hw-id '00:0c:29:fd:ae:0b'
set interfaces loopback lo
set interfaces wireguard wg10 address '169.254.1.1/24'
set interfaces wireguard wg10 peer R3 address '10.144.20.10'
set interfaces wireguard wg10 peer R3 allowed-ips '169.254.1.0/24'
set interfaces wireguard wg10 peer R3 port '51280'
set interfaces wireguard wg10 peer R3 public-key '77mgubVEutdg6C/UcORE7oHnUf+VBqLeQg3a3n0OQy8='
set interfaces wireguard wg10 peer R4 address '10.144.30.10'
set interfaces wireguard wg10 peer R4 allowed-ips '169.254.1.0/24'
set interfaces wireguard wg10 peer R4 port '51280'
set interfaces wireguard wg10 peer R4 public-key 'QlV3MECxhiI70Y+8eBXfBjltSLbetxCUqcvMc5A2iV0='
set interfaces wireguard wg10 port '51280'
set interfaces wireguard wg10 private-key 'KBlTOFbgI1HdaFDtLqGvFGOL63On1RsHbAqy2P5xwHc='
set protocols static route 0.0.0.0/0 next-hop 10.144.10.100

R3 config
set interfaces ethernet eth0 address '10.144.20.10/24'
set interfaces ethernet eth0 hw-id '00:0c:29:ec:21:b1'
set interfaces ethernet eth1 address '10.144.50.10/24'
set interfaces ethernet eth1 hw-id '00:0c:29:ec:21:bb'
set interfaces loopback lo
set interfaces wireguard wg10 address '169.254.1.2/24'
set interfaces wireguard wg10 peer R1 address '10.144.10.10'
set interfaces wireguard wg10 peer R1 allowed-ips '169.254.1.0/24'
set interfaces wireguard wg10 peer R1 port '51280'
set interfaces wireguard wg10 peer R1 public-key 'mFa9Bja2RCGCspjgyPjZL6WXprMwW4jvLzHExIX3+SI='
set interfaces wireguard wg10 peer R3 address '10.144.30.10'
set interfaces wireguard wg10 peer R3 allowed-ips '169.254.1.0/24'
set interfaces wireguard wg10 peer R3 port '51280'
set interfaces wireguard wg10 peer R3 public-key 'QlV3MECxhiI70Y+8eBXfBjltSLbetxCUqcvMc5A2iV0='
set interfaces wireguard wg10 port '51280'
set interfaces wireguard wg10 private-key 'YJduAHi82BaEDCIce2t+r1i6Kb/lOFeJj8JMFlueZn4='
set protocols static route 0.0.0.0/0 next-hop 10.144.20.100

R4 config
set interfaces ethernet eth0 address '10.144.30.10/24'
set interfaces ethernet eth0 hw-id '00:0c:29:0e:43:00'
set interfaces ethernet eth1 address '10.144.60.10/24'
set interfaces ethernet eth1 hw-id '00:0c:29:0e:43:0a'
set interfaces loopback lo
set interfaces wireguard wg10 address '169.254.1.3/24'
set interfaces wireguard wg10 peer R1 address '10.144.10.10'
set interfaces wireguard wg10 peer R1 allowed-ips '169.254.1.0/24'
set interfaces wireguard wg10 peer R1 port '51280'
set interfaces wireguard wg10 peer R1 public-key 'mFa9Bja2RCGCspjgyPjZL6WXprMwW4jvLzHExIX3+SI='
set interfaces wireguard wg10 port '51280'
set interfaces wireguard wg10 private-key 'uN4BgusQokIi400klxeXNz8CF03VRy294k/XPe4OaUw='
set protocols static route 0.0.0.0/0 next-hop 10.144.30.100

Now the issue is when R1- R3 configured I can ping 169.254.1.1 and 169.254.1.2 but when R4 config is added ping between 169.254.1.1 - 169.254.1.2 is stopped and I can ping between 169.254.1.1 ↔ 169.254.1.3

image1342×755 48.8 KB

Do I need to create separate key-pair for each peer?

OK - I guess I got it. Have not looked at the documentation properly.

image806×163 6.05 KB

In that case the only option left is to configure multiple interfaces for multiple peers

image653×560 21.8 KB

You can still do it, but you would need to be more explicit with how you define your allowed-ips. For instance, you could do this:

R4 config
set interfaces wireguard wg10 peer R1 allowed-ips '169.254.1.1/32'
set interfaces wireguard wg10 peer R1 allowed-ips '10.144.40.0/24'
set interfaces wireguard wg10 peer R3 allowed-ips '169.254.1.2/32'
set interfaces wireguard wg10 peer R3 allowed-ips '10.144.50.0/24'

There’s a couple of free services like ZeroTier and NetBird that are pretty good for creating site-to-site networks (free for non-commercial use). You could be up and running with those in 10 minutes or so.

NetBird I can install on my own setup right? I am still trying to understand the netbird to configure site-site setup

Yep! I recommend setting up NetBird in a container so it’ll be persistent if you upgrade VyOS later.

Inside of the NetBird console, there’s a spot to add routes to a peer. This would be what routes are owned by that peer. So if you had a peer called R1, you would add a route for ‘10.144.40.0/24’

@L0crian So can we install netbird console on Ubuntu and manage vyos routes from there? Also in that case netbird has to be installed on vyos routers as well? I am not sure about the topology or architecture of netbird with vyos.

Yes, you can either use their hosted service, which is the easiest method. Or you can self host it yourself.

Netbird has 2 parts:

• The controller, which itself has multiple parts, but is all are installed with docker compose if self hosting
• The Nodes, which would be your instances of VyOS.

Netbird nodes will communicate and register with the controller, which will let it know about all of the other nodes in the group, and suggest to other nodes how to communicate between each other.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.