Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Relay servers #31

Open
rudolfbyker opened this issue Feb 1, 2023 · 3 comments · May be fixed by #32
Open

Relay servers #31

rudolfbyker opened this issue Feb 1, 2023 · 3 comments · May be fixed by #32

Comments

@rudolfbyker
Copy link
Contributor

Here is an example config: example.zip

It has two nodes with public IPs, called alpha and beta, and two nodes without public IPs and behind NATs, called gamma and delta. In this configuration, the mesh works well, except for the connection between gamma and delta. (Note that gamma can talk to alpha and beta and vice versa without issues. The same with delta.)

I can tweak the generated config manually to get everything to work. The required changes are:

  • comment out the AllowedIPs line under the delta peer in the gamma config file
  • comment out the AllowedIPs line under the gamma peer in the delta config file

This tells wireguard that gamma can't reach delta directly, so it uses alpha or beta as a relay server, which is exactly what I want.

Can this be done in wg-meshconf without post-processing the generated config files?

@k4yt3x
Copy link
Owner

k4yt3x commented Feb 3, 2023

I didn't add anything like this. This program, as its description suggests, generates configs for a full mesh network. I.e., every node has a direct connection with every other node. Once you start to want to make exceptions or edit a particular connection, the editor becomes magnitudes more complex.

The easier approach at that point would be to build some kind of a UI and you can drag a line between nodes to create a connection or remove a line to break that direct connection, but that's going to take a lot longer to write.

@rudolfbyker
Copy link
Contributor Author

rudolfbyker commented Feb 27, 2023

I understand that wg-meshconf should not support all possible configurations, but I think my specific use case is very common, and easy to achieve without any modifications to the database or API.

The proposed logic is:

a = (the node for which we are currently generating a config file)
b = (peer for which we are currently generating a [Peer] section in the config file)

a_can_see_b_directly = (a has an endpoint) && (b has an endpoint)

if !a_can_see_b_directly
    do not write AllowedIPs
end if

@rudolfbyker rudolfbyker linked a pull request Feb 27, 2023 that will close this issue
@mwt
Copy link

mwt commented Jun 1, 2023

I wrote this on the PR, but I think that this sort of config is still useful. Without manual editing, NAT -> NAT routing will not be optimized, but it will work so long as you set allowedIPs on one connectable client to include the wg IPs of all NAT devices.

For many people, this is likely fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants