How does routing work in wesher? #57
Comments
|
I would be also interested in understanding more how the overlay network and routing works. So far I have understood that for the purpose of having a very simple mesh topology, they all get automatically an IP assigned from the specified network. I am interested in setting up a meshed VPN, to connect several networks and the WG/VPN nodes would be the gateway of each network. I wonder how I could set up a proper routing between the network segments (not knowing the exact IPs and for which subnetwork they are responsible) and if this even is possible with wesher? |
Depends a bit on what you mean by "correct node". The mesh is a "full mesh", meaning each node talks directly to each other node, so no routing (also see #28 about possible improvements to this). Also, your example currently won't work reliably because of #8 😞
Not currently, because of #28.
This is also blocked by #28. The question is not only about routing, but about security. Depending on how this is implemented, a compromised node in a mesh could "reroute" traffic through itself, which we definitely do not want. Hope that helps a bit with clarifying the current state of things, even if it the answer isn't as positive as expected. |
|
@costela - thanks for your answers. |
I will use an example to help describe the question.
Let’s say I have 1 public node in a hosting provider and two nodes at my home. The nodes at home are behind a NAT.
Let’s also say that wesher has set up a mesh between all the nodes. There should be 3 tunnels.
If this is 10.0.0.0/24, they are all on the same subnet.
How does wireguard know to route to the correct node?
Also.
now let’s say you add another node. Let’s say it is only reachable from your home network via the public node.
Will your system route home traffic through the public node to reach this new node (And vice versa)?
The text was updated successfully, but these errors were encountered: