4.1 Beta 0.1 Wireguard: реализована привязка туннеля к определенному родительскому подключению - проблемка

[vasek00]

Спасибо за реализацию, проверка на Peak

Только вот вопрос на созданный (выделенный из LAN портов) WAN порт для второго провайдера GigabitEthernet0/Vlan9, не получилось добавить - ошибка, при выборе основного на PPPoE все ОК

  Показать контент

 

(config)> interface Wireguard4 wireguard peer 5+Pf......8= connect via 

 Usage template:  
          connect [via {via}]

   Choose:
         via GigabitEthernet1 
                      via ISP 
 via WifiMaster0/AccessPoint3 
 via WifiMaster0/AccessPoint1 
 via WifiMaster0/AccessPoint6 
 via WifiMaster0/AccessPoint0 
              via AccessPoint 
 via WifiMaster0/AccessPoint5 
 via WifiMaster0/AccessPoint4 
 via WifiMaster0/AccessPoint2 
 via WifiMaster0/WifiStation0 
 via WifiMaster1/AccessPoint5 
 via WifiMaster1/AccessPoint3 
 via WifiMaster1/AccessPoint1 
 via WifiMaster1/AccessPoint2 
 via WifiMaster1/AccessPoint0 
           via AccessPoint_5G 
 via WifiMaster1/AccessPoint6 
 via WifiMaster1/AccessPoint4 
 via WifiMaster1/WifiStation0 
   via GigabitEthernet0/Vlan1 
   via GigabitEthernet0/Vlan2 
   via GigabitEthernet0/Vlan3 
   via GigabitEthernet0/Vlan9 **************** второй провайдер
            via AsixEthernet0 
                  via Bridge0 
                     via Home 
                  via Bridge1 
                via HomeSmart 
                   via PPPoE0 
                 via OpenVPN0 
               via Wireguard0 
               via Wireguard1 
               via Wireguard2 
               via Wireguard3 
               via Wireguard4 
                via ZeroTier0 

(config)> interface Wireguard4 wireguard peer 5+Pf.....D8= connect via GigabitEthernet0/Vlan9
Io::Netlink error[268239225]: system failed [0xcffd0179], got an error response: no such process.
(config)> interface Wireguard4 wireguard peer 5+Pf.....D8= connect via Inet-2
Command::Base error[7405602]: via: argument parse error.
(config)> 
(config)> 
(config)> interface Wireguard4 wireguard peer 5+Pf....D8= connect via PPPoE0
(config)> sys

           system - maintenance functions

(config)> system 

          caption - set caption template
            clock - change system clock settings
    configuration - manage system configuration
          country - set system country

(config)> system configuration save
Core::System::StartupConfig: Saving (cli).
(config)> 

interface GigabitEthernet0/Vlan9
    description Inet-2
    security-level public
    ip address dhcp
    ip dhcp client hostname P-KN
    ip dhcp client dns-routes
    ip mtu 1500
    ip global 65469
    ip no name-servers
    ipv6 no name-servers
    up
!
interface GigabitEthernet0/3
    rename 4
    role inet for GigabitEthernet0/Vlan9
    switchport mode access
    switchport access vlan 9
    up
!

!
interface PPPoE0
    description RT
    role inet
...


[I] Dec  9 11:59:08 ndm: Wireguard::Interface: "Wireguard4": set peer "5+Pfg.......D8=" connect via "GigabitEthernet0/Vlan9". 
[I] Dec  9 11:59:08 kernel: wireguard: Wireguard4: peer "5+Pfg........DD8=" (9) (185.177.xxx.xxxx:5060) destroyed
[I] Dec  9 11:59:08 ndm: Network::Interface::Base: "Wireguard4": "wireguard" changed "link" layer state "running" to "pending". 
[I] Dec  9 11:59:08 ndm: Network::Interface::Ip: "Wireguard4": removing default route via Wireguard4. 
[I] Dec  9 11:59:08 ndm: Network::Interface::Ip6: "Wireguard4": removing default route via Wireguard4. 
[I] Dec  9 11:59:08 ndm: Wireguard::Interface: "Wireguard4": "5+Pfg.......D8=": via interface is not ready, standby. 
[I] Dec  9 11:59:31 kernel: wireguard: Wireguard0: retrying handshake with peer "bmXO.......fgyo=" (8) (162.159.xxx.xxx:xxxx) because we stopped hearing back after 15 seconds
[E] Dec  9 11:59:32 ndm: Command::Base: argument parse error. 
[I] Dec  9 11:59:42 ndm: Network::Interface::L3Base: "Wireguard4": global priority unchanged. 
[I] Dec  9 11:59:42 ndm: Wireguard::Interface: "Wireguard4": set peer "5+Pfg........DD8=" connect via "GigabitEthernet0/Vlan9". 
[I] Dec  9 11:59:42 kernel: wireguard: Wireguard4: peer "5+Pfgs2q2......DD8=" (10) created
[I] Dec  9 11:59:42 kernel: wireguard: Wireguard4: peer "5+Pfgs2q.......D8=" (10) (185.177.xxx.xxx:5060) destroyed
[I] Dec  9 11:59:42 ndm: Wireguard::Interface: "Wireguard4": "5+Pfgs2q......D8=": via interface is not ready, standby. 
[I] Dec  9 11:59:42 kernel: wireguard: Wireguard4: invalid handshake response from 185.177.xxx.xxx:5060
[I] Dec  9 12:00:00 kernel: wireguard: Wireguard4: peer "5+Pfgs2q2......D8=" (11) created
[I] Dec  9 12:00:00 ndm: Network::Interface::L3Base: "Wireguard4": global priority unchanged. 
[I] Dec  9 12:00:00 ndm: Wireguard::Interface: "Wireguard4": set peer "5+Pfgs.....D8=" connect via "PPPoE0". 
[I] Dec  9 12:00:00 ndm: Network::Interface::EndpointTracker: "Wireguard4": "5+Pfgs......DD8=": remote endpoint is "185.177.xxx.xxx". 
[I] Dec  9 12:00:00 ndm: Network::Interface::EndpointTracker: "Wireguard4": "5+Pfgs......D8=": connecting via "PPPoE0" (PPPoE0). 
[I] Dec  9 12:00:00 ndm: Network::Interface::EndpointTracker: "Wireguard4": "5+Pfgs......D8=": local endpoint is "1xx.xx.xxx.200". 
[I] Dec  9 12:00:05 ndm: Network::Interface::Base: "Wireguard4": "wireguard" changed "link" layer state "pending" to "running". 
[I] Dec  9 12:00:05 ndm: Network::Interface::Ip: "Wireguard4": interface "Wireguard4" is global, priority 65293. 
[I] Dec  9 12:00:05 ndm: Network::Interface::Ip: "Wireguard4": adding default route via Wireguard4. 
[I] Dec  9 12:00:05 ndm: Network::Interface::Ip6: "Wireguard4": interface "Wireguard4" is global, priority 65293. 
[I] Dec  9 12:00:05 ndm: Network::Interface::Ip6: "Wireguard4": adding default route via Wireguard4. 

 

OpenVPN все ОК

  Показать контент

interface OpenVPN0
    description Anti
    role misc
    security-level public
    ip dhcp client dns-routes
    ip mtu 1500
    ip tcp adjust-mss pmtu
    ip no name-servers
    ipv6 no name-servers
    openvpn accept-routes
    openvpn connect via GigabitEthernet0/Vlan9
    down

 

 

Изменено 11 декабря, 2023 пользователем vasek00

[hellonow]

@vasek00 в версии ПО 4.1 Beta 4 ситуация сохраняется?

[vasek00]

  В 08.02.2024 в 16:40, hellonow сказал:

в версии ПО 4.1 Beta 4 ситуация сохраняется?

Показать  

Решено частично, т.е. при перезагрузке роутера все ОК, но при ручном выкл/вкл WG в WEB роутера он WG не поднимается.

Канал проводной на DHCP и выделенный LAN порт - "GigabitEthernet0/Vlan9"

  Показать контент

interface GigabitEthernet0/Vlan9
    description Inet-2
    security-level public
    ip dhcp client dns-routes
    ip no name-servers
    ipv6 no name-servers

interface GigabitEthernet0/3
    rename 4
    role inet for GigabitEthernet0/Vlan9
    switchport mode access
    switchport access vlan 9

interface Wireguard4
    description WG-proton
    security-level public
...
    connect via GigabitEthernet0/Vlan9


[I] Feb  9 08:02:18 ndm: Dhcp::Client: GigabitEthernet0/Vlan9 DHCP client DNS host routes are enabled. 
[I] Feb  9 08:02:18 ndm: Network::Interface::Base: "GigabitEthernet0/Vlan9": static MTU is 1500. 
[I] Feb  9 08:02:18 ndm: Network::Interface::L3Base: "GigabitEthernet0/Vlan9": global priority is 54610. 
[I] Feb  9 08:02:18 ndm: Dns::InterfaceSpecific: "GigabitEthernet0/Vlan9": ignore IPv4 name servers. 
[I] Feb  9 08:02:18 ndm: Dns::InterfaceSpecific: "GigabitEthernet0/Vlan9": ignore IPv6 name servers. 
[I] Feb  9 08:02:18 ndm: Network::Interface::Base: "GigabitEthernet0/Vlan9": "base" changed "conf" layer state "disabled" to "running". 
[I] Feb  9 08:02:18 ndm: Network::Interface::Base: "GigabitEthernet0/Vlan9": interface is up. 
...
[I] Feb  9 08:02:29 ndm: Wireguard::Interface: "Wireguard4": loaded a private key. 
[I] Feb  9 08:02:29 kernel: wireguard: Wireguard4: interface created
[I] Feb  9 08:02:29 ndm: Network::Interface::Base: "Wireguard4": interface is down. 
[I] Feb  9 08:02:29 ndm: Network::Interface::Base: "Wireguard4": "l3-base" changed "ctrl" layer state "invalid" to "running". 
[I] Feb  9 08:02:29 ndm: Network::Interface::Base: "Wireguard4": network MTU reset to default. 
[I] Feb  9 08:02:29 ndm: Network::Interface::Base: "Wireguard4": "wireguard" changed "link" layer state "invalid" to "disabled". 
[I] Feb  9 08:02:29 ndm: Network::Interface::Repository: "Wireguard4" interface created. 
[I] Feb  9 08:02:30 ndm: Network::Interface::Base: "Wireguard4": description saved. 
[I] Feb  9 08:02:30 ndm: Network::Interface::L3Base: "Wireguard4": security level set to "public". 
[I] Feb  9 08:02:30 ndm: Network::Interface::Ip: "Wireguard4": IP address is 10.2.0.2/32. 
[I] Feb  9 08:02:30 ndm: Network::Interface::Base: "Wireguard4": static MTU is 1280. 
[I] Feb  9 08:02:30 ndm: Network::Acl: input "_WEBADMIN_Wireguard4" access list added to "Wireguard4". 
[I] Feb  9 08:02:30 ndm: Network::Interface::L3Base: "Wireguard4": global priority is 21844. 
[I] Feb  9 08:02:30 ndm: Network::Interface::Ip: "Wireguard4": TCP-MSS adjustment enabled. 
[I] Feb  9 08:02:30 ndm: Wireguard::Interface: "Wireguard4": set listen port to "65104". 
[I] Feb  9 08:02:30 ndm: Wireguard::Interface: "Wireguard4": created peer "AS...HU=". 
[I] Feb  9 08:02:30 kernel: wireguard: Wireguard4: peer "AS...HU=" (6) created
[I] Feb  9 08:02:30 ndm: Wireguard::Interface: "Wireguard4": set peer "AS...HU=" endpoint to "212.ххх.ххх.ххх:хххх". 
[I] Feb  9 08:02:30 ndm: Wireguard::Interface: "Wireguard4": set peer "AS...HU=" keepalive interval to "120". 
[I] Feb  9 08:02:30 ndm: Wireguard::Interface: "Wireguard4": add allowed IPs "0.0.0.0/0.0.0.0" from peer "AS...HU=". 
[I] Feb  9 08:02:30 ndm: Wireguard::Interface: "Wireguard4": add allowed IPs "10.2.0.0/255.255.255.0" from peer "AS...HU=". 
[I] Feb  9 08:02:30 ndm: Wireguard::Interface: "Wireguard4": add allowed IPs "192.168.130.0/255.255.255.0" from peer "AS...HU=". 
[E] Feb  9 08:02:30 ndm: Network::Interface::Ip: "GigabitEthernet0/Vlan9": address is not available. 
[I] Feb  9 08:02:30 ndm: Wireguard::Interface: "Wireguard4": set peer "AS...HU=" connect via "GigabitEthernet0/Vlan9". 
[I] Feb  9 08:02:30 ndm: Network::Interface::Base: "Wireguard4": "base" changed "conf" layer state "disabled" to "running". 
[I] Feb  9 08:02:30 ndm: Network::Interface::Base: "Wireguard4": interface is up. 
...
[I] Feb  9 08:02:31 ndm: Network::PolicyTable: created policy "Policy2". 
[I] Feb  9 08:02:31 ndm: Network::PolicyTable: "Policy2": updated description. 
[I] Feb  9 08:02:31 ndm: Network::PolicyTable: "Policy2": set permission to use Wireguard4. 
[I] Feb  9 08:02:31 ndm: Network::PolicyTable: "Policy2": set no permission to use GigabitEthernet0/Vlan9. 
[I] Feb  9 08:02:32 ndm: Network::PolicyTable: "Policy2": set no permission to use Wireguard0. 
...
[I] Feb  9 08:02:40 ndhcpc: GigabitEthernet0/Vlan9: NDM DHCP Client, v3.2.55. 
[I] Feb  9 08:02:40 ndhcpc: GigabitEthernet0/Vlan9: created PID file "/var/run/ndhcpc-eth2.9.pid". 
...
[I] Feb  9 08:02:45 ndhcpc: GigabitEthernet0/Vlan9: received OFFER for 10.10.10.12 from 10.10.10.200. 
[I] Feb  9 08:02:45 ndhcpc: GigabitEthernet0/Vlan9: received ACK for 10.10.10.12 from 10.10.10.200 lease 1200 sec. 
[I] Feb  9 08:02:45 ndm: Dhcp::Client: configuring interface GigabitEthernet0/Vlan9. 
[I] Feb  9 08:02:45 ndm: Network::Interface::Ip: "GigabitEthernet0/Vlan9": IP address is 10.10.10.12/24. 
[I] Feb  9 08:02:45 ndm: Dhcp::Client: obtained IP address 10.10.10.12/24. 
[I] Feb  9 08:02:45 ndm: Dhcp::Client: interface "GigabitEthernet0/Vlan9" is global, priority 54610. 
[I] Feb  9 08:02:45 ndm: Dhcp::Client: adding a default route via 10.10.10.1. 
[W] Feb  9 08:02:45 ndm: Dns::InterfaceSpecific: name server 10.10.10.2 is ignored. 
[I] Feb  9 08:02:45 ndm: Network::Interface::Base: "GigabitEthernet0/Vlan9": "dhcp-client" changed "ipv4" layer state "pending" to "running". 
...
[I] Feb  9 08:02:50 ndm: Wireguard::Interface: "Wireguard4": "AS...HU=": via interface is not ready, standby. 
...
[I] Feb  9 08:04:15 ndm: Wireguard::Interface: "Wireguard4": triggering peers to reinitiate handshakes. 
[I] Feb  9 08:04:15 kernel: wireguard: Wireguard4: peer "AS...HU=" (9) created
...
[I] Feb  9 08:04:19 ndm: Network::Interface::Base: "Wireguard4": "wireguard" changed "link" layer state "pending" to "running". 
[I] Feb  9 08:04:19 ndm: Network::Interface::Ip: "Wireguard4": interface "Wireguard4" is global, priority 21844. 
[I] Feb  9 08:04:19 ndm: Network::Interface::Ip: "Wireguard4": adding default route via Wireguard4. 
[I] Feb  9 08:04:19 ndm: Network::Interface::Ip6: "Wireguard4": interface "Wireguard4" is global, priority 21844. 
[I] Feb  9 08:04:19 ndm: Network::Interface::Ip6: "Wireguard4": adding default route via Wireguard4. 
[I] Feb  9 08:04:19 ndm: Network::Interface::Base: "Wireguard0": "wireguard" changed "link" layer state "pending" to "running". 
[I] Feb  9 08:04:19 ndm: Network::Interface::Ip: "Wireguard0": interface "Wireguard0" is global, priority 32766. 
...
[I] Feb  9 08:14:03 ndhcpc: GigabitEthernet0/Vlan9: received ACK for 10.10.10.12 from 10.10.10.200 lease 1200 sec. 
...

Выкл/вкл в Web роутера WG канала 

[I] Feb  9 08:19:46 ndm: Network::Interface::Base: "Wireguard4": "base" changed "conf" layer state "running" to "disabled". 
[I] Feb  9 08:19:46 ndm: Network::Interface::Base: "Wireguard4": interface is down. 
[I] Feb  9 08:19:46 ndm: Core::System::StartupConfig: saving (http/rci). 
[I] Feb  9 08:19:47 ndm: Network::Interface::Ip: "Wireguard4": removing default route via Wireguard4. 
[I] Feb  9 08:19:47 ndm: Network::Interface::Ip6: "Wireguard4": removing default route via Wireguard4. 
[I] Feb  9 08:19:47 kernel: wireguard: Wireguard4: peer "AS...HU=" (9) (212.ххх.ххх.ххх:хххх) destroyed
[I] Feb  9 08:19:50 ndm: Core::System::StartupConfig: configuration saved. 
[I] Feb  9 08:20:01 ndm: Network::Interface::Base: "Wireguard4": "base" changed "conf" layer state "disabled" to "running". 
[I] Feb  9 08:20:01 ndm: Network::Interface::Base: "Wireguard4": interface is up. 
[I] Feb  9 08:20:01 ndm: Core::System::StartupConfig: saving (http/rci). 
[I] Feb  9 08:20:01 ndm: Wireguard::Interface: "Wireguard4": "AS....HU=": via interface is not ready, standby. 
[I] Feb  9 08:20:03 kernel: wireguard: Wireguard4: invalid handshake initiation from 212.ххх.ххх.ххх:хххх
[I] Feb  9 08:20:04 ndm: Core::System::StartupConfig: configuration saved. 
[I] Feb  9 08:20:06 ndm: Wireguard::Interface: "Wireguard4": "AS....HU=": via interface is not ready, standby. 
[I] Feb  9 08:20:09 kernel: wireguard: Wireguard4: invalid handshake initiation from 212.ххх.ххх.ххх:хххх
[I] Feb  9 08:20:20 kernel: Core::Syslog: last message repeated 2 times.
[I] Feb  9 08:20:24 ndm: Network::Interface::Base: "Wireguard4": "base" changed "conf" layer state "running" to "disabled". 
[I] Feb  9 08:20:24 ndm: Network::Interface::Base: "Wireguard4": interface is down. 
[I] Feb  9 08:20:24 ndm: Core::System::StartupConfig: saving (http/rci). 
[I] Feb  9 08:20:28 ndm: Core::System::StartupConfig: configuration saved. 
[I] Feb  9 08:20:31 ndm: Network::Interface::Base: "Wireguard4": "base" changed "conf" layer state "disabled" to "running". 
[I] Feb  9 08:20:31 ndm: Network::Interface::Base: "Wireguard4": interface is up. 
[I] Feb  9 08:20:31 ndm: Core::System::StartupConfig: saving (http/rci). 
[I] Feb  9 08:20:31 ndm: Wireguard::Interface: "Wireguard4": "AS....HU=": via interface is not ready, standby. 
[I] Feb  9 08:20:35 ndm: Core::System::StartupConfig: configuration saved. 
[I] Feb  9 08:20:35 kernel: wireguard: Wireguard4: invalid handshake initiation from 212.ххх.ххх.ххх:хххх
[I] Feb  9 08:20:36 ndm: Wireguard::Interface: "Wireguard4": "AS....HU=": via interface is not ready, standby. 
[I] Feb  9 08:20:41 kernel: wireguard: Wireguard4: invalid handshake initiation from 212.ххх.ххх.ххх:хххх
[I] Feb  9 08:21:13 kernel: Core::Syslog: last message repeated 6 times.
[I] Feb  9 08:21:18 ndm: Network::Interface::Base: "Wireguard4": "base" changed "conf" layer state "running" to "disabled". 
[I] Feb  9 08:21:18 ndm: Network::Interface::Base: "Wireguard4": interface is down. 
[I] Feb  9 08:21:18 ndm: Core::System::StartupConfig: saving (http/rci). 
[I] Feb  9 08:21:21 ndm: Network::Interface::Base: "Wireguard4": "base" changed "conf" layer state "disabled" to "running". 
[I] Feb  9 08:21:21 ndm: Network::Interface::Base: "Wireguard4": interface is up. 
[I] Feb  9 08:21:21 ndm: Core::System::StartupConfig: saving (http/rci). 
[I] Feb  9 08:21:21 ndm: Core::System::StartupConfig: configuration saved. 
[I] Feb  9 08:21:21 ndm: Wireguard::Interface: "Wireguard4": "AS....HU=": via interface is not ready, standby. 
[I] Feb  9 08:21:23 kernel: wireguard: Wireguard4: invalid handshake initiation from 212.ххх.ххх.ххх:хххх
[I] Feb  9 08:21:24 ndm: Core::System::StartupConfig: configuration saved. 
[I] Feb  9 08:21:26 ndm: Wireguard::Interface: "Wireguard4": "AS.....qHU=": via interface is not ready, standby. 
[I] Feb  9 08:21:29 kernel: wireguard: Wireguard4: invalid handshake initiation from 212.ххх.ххх.ххх:хххх

 

Если же в место "connect via GigabitEthernet0/Vlan9" просто "connect" и со стат маршрутом до данного сервера "from 212.ххх.ххх.ххх" через интерфейс Inet-2 вопросов не возникает как при перезапуске, так и при вкл/выкл в Web роутера.

  Показать контент

interface Wireguard4
    description WG-proton
    security-level public
...
    connect 

 

 

Изменено 9 февраля, 2024 пользователем vasek00

[vasek00]

  В 08.02.2024 в 16:40, hellonow сказал:

в версии ПО 4.1 Beta 4 ситуация сохраняется?

Показать  

В догонку, если принудительно выключить сам канал (Inet-2) в WEB а потом его в WEB включить то все нормально ОК.

 

[Le ecureuil]

  В 09.02.2024 в 05:52, vasek00 сказал:

Решено частично, т.е. при перезагрузке роутера все ОК, но при ручном выкл/вкл WG в WEB роутера он WG не поднимается.

Канал проводной на DHCP и выделенный LAN порт - "GigabitEthernet0/Vlan9"

  Показать контент

interface GigabitEthernet0/Vlan9
    description Inet-2
    security-level public
    ip dhcp client dns-routes
    ip no name-servers
    ipv6 no name-servers

interface GigabitEthernet0/3
    rename 4
    role inet for GigabitEthernet0/Vlan9
    switchport mode access
    switchport access vlan 9

interface Wireguard4
    description WG-proton
    security-level public
...
    connect via GigabitEthernet0/Vlan9


[I] Feb  9 08:02:18 ndm: Dhcp::Client: GigabitEthernet0/Vlan9 DHCP client DNS host routes are enabled. 
[I] Feb  9 08:02:18 ndm: Network::Interface::Base: "GigabitEthernet0/Vlan9": static MTU is 1500. 
[I] Feb  9 08:02:18 ndm: Network::Interface::L3Base: "GigabitEthernet0/Vlan9": global priority is 54610. 
[I] Feb  9 08:02:18 ndm: Dns::InterfaceSpecific: "GigabitEthernet0/Vlan9": ignore IPv4 name servers. 
[I] Feb  9 08:02:18 ndm: Dns::InterfaceSpecific: "GigabitEthernet0/Vlan9": ignore IPv6 name servers. 
[I] Feb  9 08:02:18 ndm: Network::Interface::Base: "GigabitEthernet0/Vlan9": "base" changed "conf" layer state "disabled" to "running". 
[I] Feb  9 08:02:18 ndm: Network::Interface::Base: "GigabitEthernet0/Vlan9": interface is up. 
...
[I] Feb  9 08:02:29 ndm: Wireguard::Interface: "Wireguard4": loaded a private key. 
[I] Feb  9 08:02:29 kernel: wireguard: Wireguard4: interface created
[I] Feb  9 08:02:29 ndm: Network::Interface::Base: "Wireguard4": interface is down. 
[I] Feb  9 08:02:29 ndm: Network::Interface::Base: "Wireguard4": "l3-base" changed "ctrl" layer state "invalid" to "running". 
[I] Feb  9 08:02:29 ndm: Network::Interface::Base: "Wireguard4": network MTU reset to default. 
[I] Feb  9 08:02:29 ndm: Network::Interface::Base: "Wireguard4": "wireguard" changed "link" layer state "invalid" to "disabled". 
[I] Feb  9 08:02:29 ndm: Network::Interface::Repository: "Wireguard4" interface created. 
[I] Feb  9 08:02:30 ndm: Network::Interface::Base: "Wireguard4": description saved. 
[I] Feb  9 08:02:30 ndm: Network::Interface::L3Base: "Wireguard4": security level set to "public". 
[I] Feb  9 08:02:30 ndm: Network::Interface::Ip: "Wireguard4": IP address is 10.2.0.2/32. 
[I] Feb  9 08:02:30 ndm: Network::Interface::Base: "Wireguard4": static MTU is 1280. 
[I] Feb  9 08:02:30 ndm: Network::Acl: input "_WEBADMIN_Wireguard4" access list added to "Wireguard4". 
[I] Feb  9 08:02:30 ndm: Network::Interface::L3Base: "Wireguard4": global priority is 21844. 
[I] Feb  9 08:02:30 ndm: Network::Interface::Ip: "Wireguard4": TCP-MSS adjustment enabled. 
[I] Feb  9 08:02:30 ndm: Wireguard::Interface: "Wireguard4": set listen port to "65104". 
[I] Feb  9 08:02:30 ndm: Wireguard::Interface: "Wireguard4": created peer "AS...HU=". 
[I] Feb  9 08:02:30 kernel: wireguard: Wireguard4: peer "AS...HU=" (6) created
[I] Feb  9 08:02:30 ndm: Wireguard::Interface: "Wireguard4": set peer "AS...HU=" endpoint to "212.ххх.ххх.ххх:хххх". 
[I] Feb  9 08:02:30 ndm: Wireguard::Interface: "Wireguard4": set peer "AS...HU=" keepalive interval to "120". 
[I] Feb  9 08:02:30 ndm: Wireguard::Interface: "Wireguard4": add allowed IPs "0.0.0.0/0.0.0.0" from peer "AS...HU=". 
[I] Feb  9 08:02:30 ndm: Wireguard::Interface: "Wireguard4": add allowed IPs "10.2.0.0/255.255.255.0" from peer "AS...HU=". 
[I] Feb  9 08:02:30 ndm: Wireguard::Interface: "Wireguard4": add allowed IPs "192.168.130.0/255.255.255.0" from peer "AS...HU=". 
[E] Feb  9 08:02:30 ndm: Network::Interface::Ip: "GigabitEthernet0/Vlan9": address is not available. 
[I] Feb  9 08:02:30 ndm: Wireguard::Interface: "Wireguard4": set peer "AS...HU=" connect via "GigabitEthernet0/Vlan9". 
[I] Feb  9 08:02:30 ndm: Network::Interface::Base: "Wireguard4": "base" changed "conf" layer state "disabled" to "running". 
[I] Feb  9 08:02:30 ndm: Network::Interface::Base: "Wireguard4": interface is up. 
...
[I] Feb  9 08:02:31 ndm: Network::PolicyTable: created policy "Policy2". 
[I] Feb  9 08:02:31 ndm: Network::PolicyTable: "Policy2": updated description. 
[I] Feb  9 08:02:31 ndm: Network::PolicyTable: "Policy2": set permission to use Wireguard4. 
[I] Feb  9 08:02:31 ndm: Network::PolicyTable: "Policy2": set no permission to use GigabitEthernet0/Vlan9. 
[I] Feb  9 08:02:32 ndm: Network::PolicyTable: "Policy2": set no permission to use Wireguard0. 
...
[I] Feb  9 08:02:40 ndhcpc: GigabitEthernet0/Vlan9: NDM DHCP Client, v3.2.55. 
[I] Feb  9 08:02:40 ndhcpc: GigabitEthernet0/Vlan9: created PID file "/var/run/ndhcpc-eth2.9.pid". 
...
[I] Feb  9 08:02:45 ndhcpc: GigabitEthernet0/Vlan9: received OFFER for 10.10.10.12 from 10.10.10.200. 
[I] Feb  9 08:02:45 ndhcpc: GigabitEthernet0/Vlan9: received ACK for 10.10.10.12 from 10.10.10.200 lease 1200 sec. 
[I] Feb  9 08:02:45 ndm: Dhcp::Client: configuring interface GigabitEthernet0/Vlan9. 
[I] Feb  9 08:02:45 ndm: Network::Interface::Ip: "GigabitEthernet0/Vlan9": IP address is 10.10.10.12/24. 
[I] Feb  9 08:02:45 ndm: Dhcp::Client: obtained IP address 10.10.10.12/24. 
[I] Feb  9 08:02:45 ndm: Dhcp::Client: interface "GigabitEthernet0/Vlan9" is global, priority 54610. 
[I] Feb  9 08:02:45 ndm: Dhcp::Client: adding a default route via 10.10.10.1. 
[W] Feb  9 08:02:45 ndm: Dns::InterfaceSpecific: name server 10.10.10.2 is ignored. 
[I] Feb  9 08:02:45 ndm: Network::Interface::Base: "GigabitEthernet0/Vlan9": "dhcp-client" changed "ipv4" layer state "pending" to "running". 
...
[I] Feb  9 08:02:50 ndm: Wireguard::Interface: "Wireguard4": "AS...HU=": via interface is not ready, standby. 
...
[I] Feb  9 08:04:15 ndm: Wireguard::Interface: "Wireguard4": triggering peers to reinitiate handshakes. 
[I] Feb  9 08:04:15 kernel: wireguard: Wireguard4: peer "AS...HU=" (9) created
...
[I] Feb  9 08:04:19 ndm: Network::Interface::Base: "Wireguard4": "wireguard" changed "link" layer state "pending" to "running". 
[I] Feb  9 08:04:19 ndm: Network::Interface::Ip: "Wireguard4": interface "Wireguard4" is global, priority 21844. 
[I] Feb  9 08:04:19 ndm: Network::Interface::Ip: "Wireguard4": adding default route via Wireguard4. 
[I] Feb  9 08:04:19 ndm: Network::Interface::Ip6: "Wireguard4": interface "Wireguard4" is global, priority 21844. 
[I] Feb  9 08:04:19 ndm: Network::Interface::Ip6: "Wireguard4": adding default route via Wireguard4. 
[I] Feb  9 08:04:19 ndm: Network::Interface::Base: "Wireguard0": "wireguard" changed "link" layer state "pending" to "running". 
[I] Feb  9 08:04:19 ndm: Network::Interface::Ip: "Wireguard0": interface "Wireguard0" is global, priority 32766. 
...
[I] Feb  9 08:14:03 ndhcpc: GigabitEthernet0/Vlan9: received ACK for 10.10.10.12 from 10.10.10.200 lease 1200 sec. 
...

Выкл/вкл в Web роутера WG канала 

[I] Feb  9 08:19:46 ndm: Network::Interface::Base: "Wireguard4": "base" changed "conf" layer state "running" to "disabled". 
[I] Feb  9 08:19:46 ndm: Network::Interface::Base: "Wireguard4": interface is down. 
[I] Feb  9 08:19:46 ndm: Core::System::StartupConfig: saving (http/rci). 
[I] Feb  9 08:19:47 ndm: Network::Interface::Ip: "Wireguard4": removing default route via Wireguard4. 
[I] Feb  9 08:19:47 ndm: Network::Interface::Ip6: "Wireguard4": removing default route via Wireguard4. 
[I] Feb  9 08:19:47 kernel: wireguard: Wireguard4: peer "AS...HU=" (9) (212.ххх.ххх.ххх:хххх) destroyed
[I] Feb  9 08:19:50 ndm: Core::System::StartupConfig: configuration saved. 
[I] Feb  9 08:20:01 ndm: Network::Interface::Base: "Wireguard4": "base" changed "conf" layer state "disabled" to "running". 
[I] Feb  9 08:20:01 ndm: Network::Interface::Base: "Wireguard4": interface is up. 
[I] Feb  9 08:20:01 ndm: Core::System::StartupConfig: saving (http/rci). 
[I] Feb  9 08:20:01 ndm: Wireguard::Interface: "Wireguard4": "AS....HU=": via interface is not ready, standby. 
[I] Feb  9 08:20:03 kernel: wireguard: Wireguard4: invalid handshake initiation from 212.ххх.ххх.ххх:хххх
[I] Feb  9 08:20:04 ndm: Core::System::StartupConfig: configuration saved. 
[I] Feb  9 08:20:06 ndm: Wireguard::Interface: "Wireguard4": "AS....HU=": via interface is not ready, standby. 
[I] Feb  9 08:20:09 kernel: wireguard: Wireguard4: invalid handshake initiation from 212.ххх.ххх.ххх:хххх
[I] Feb  9 08:20:20 kernel: Core::Syslog: last message repeated 2 times.
[I] Feb  9 08:20:24 ndm: Network::Interface::Base: "Wireguard4": "base" changed "conf" layer state "running" to "disabled". 
[I] Feb  9 08:20:24 ndm: Network::Interface::Base: "Wireguard4": interface is down. 
[I] Feb  9 08:20:24 ndm: Core::System::StartupConfig: saving (http/rci). 
[I] Feb  9 08:20:28 ndm: Core::System::StartupConfig: configuration saved. 
[I] Feb  9 08:20:31 ndm: Network::Interface::Base: "Wireguard4": "base" changed "conf" layer state "disabled" to "running". 
[I] Feb  9 08:20:31 ndm: Network::Interface::Base: "Wireguard4": interface is up. 
[I] Feb  9 08:20:31 ndm: Core::System::StartupConfig: saving (http/rci). 
[I] Feb  9 08:20:31 ndm: Wireguard::Interface: "Wireguard4": "AS....HU=": via interface is not ready, standby. 
[I] Feb  9 08:20:35 ndm: Core::System::StartupConfig: configuration saved. 
[I] Feb  9 08:20:35 kernel: wireguard: Wireguard4: invalid handshake initiation from 212.ххх.ххх.ххх:хххх
[I] Feb  9 08:20:36 ndm: Wireguard::Interface: "Wireguard4": "AS....HU=": via interface is not ready, standby. 
[I] Feb  9 08:20:41 kernel: wireguard: Wireguard4: invalid handshake initiation from 212.ххх.ххх.ххх:хххх
[I] Feb  9 08:21:13 kernel: Core::Syslog: last message repeated 6 times.
[I] Feb  9 08:21:18 ndm: Network::Interface::Base: "Wireguard4": "base" changed "conf" layer state "running" to "disabled". 
[I] Feb  9 08:21:18 ndm: Network::Interface::Base: "Wireguard4": interface is down. 
[I] Feb  9 08:21:18 ndm: Core::System::StartupConfig: saving (http/rci). 
[I] Feb  9 08:21:21 ndm: Network::Interface::Base: "Wireguard4": "base" changed "conf" layer state "disabled" to "running". 
[I] Feb  9 08:21:21 ndm: Network::Interface::Base: "Wireguard4": interface is up. 
[I] Feb  9 08:21:21 ndm: Core::System::StartupConfig: saving (http/rci). 
[I] Feb  9 08:21:21 ndm: Core::System::StartupConfig: configuration saved. 
[I] Feb  9 08:21:21 ndm: Wireguard::Interface: "Wireguard4": "AS....HU=": via interface is not ready, standby. 
[I] Feb  9 08:21:23 kernel: wireguard: Wireguard4: invalid handshake initiation from 212.ххх.ххх.ххх:хххх
[I] Feb  9 08:21:24 ndm: Core::System::StartupConfig: configuration saved. 
[I] Feb  9 08:21:26 ndm: Wireguard::Interface: "Wireguard4": "AS.....qHU=": via interface is not ready, standby. 
[I] Feb  9 08:21:29 kernel: wireguard: Wireguard4: invalid handshake initiation from 212.ххх.ххх.ххх:хххх

 

Если же в место "connect via GigabitEthernet0/Vlan9" просто "connect" и со стат маршрутом до данного сервера "from 212.ххх.ххх.ххх" через интерфейс Inet-2 вопросов не возникает как при перезапуске, так и при вкл/выкл в Web роутера.

  Показать контент

interface Wireguard4
    description WG-proton
    security-level public
...
    connect 

 

 

Показать  

Пробовал много раз, не воспроизводится.

Нужна дополнительная информация.

[vasek00]

  В 02.04.2024 в 09:29, Le ecureuil сказал:

Пробовал много раз, не воспроизводится.

Нужна дополнительная информация.

Показать  

ОК

1. Два канала + WG. Профиль по умолчанию - RT (основной) далее Inet-2 (резервный). Есть еще один профиль в котором только WG.

  Показать контент

interface GigabitEthernet0/Vlan9
    description Inet-2
    security-level public
    ip address 10.10.10.10 255.255.255.0
    ip dhcp client hostname P-KN
    ip dhcp client dns-routes
    ip mtu 1500
    ip global 65529
    ip no name-servers
    ipv6 no name-servers
    up
!
interface GigabitEthernet0/3
    rename 4
    role inet for GigabitEthernet0/Vlan9
    switchport mode access
    switchport access vlan 9
    up

interface PPPoE0
    description RT
    role inet
    no ipv6cp
    lcp echo 30 3
    ipcp default-route
    ipcp dns-routes
    ipcp address
    no ccp
    security-level public
...
    ip mtu 1492
    ip access-group _WEBADMIN_PPPoE0 in
    ip global 65531
    ip tcp adjust-mss pmtu
    ip no name-servers
    ipv6 no name-servers
    pppoe service RT
    connect via ISP
    up

interface Wireguard0
    description Cloud-warp
    security-level public
    ip address 10.10.132.101 255.255.255.255
    ip mtu 1320
    ip access-group _WEBADMIN_Wireguard0 in
    ip global 65524
    ip tcp adjust-mss pmtu
    wireguard listen-port 65100
    wireguard peer bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo= !Cloudflare-warp
        endpoint ххх.ххх.ххх.ххх:хххх
        keepalive-interval 120
        allow-ips 0.0.0.0 0.0.0.0
        allow-ips 10.10.132.0 255.255.255.0
        allow-ips 10.16.130.29 255.255.255.255
        allow-ips 192.168.130.0 255.255.255.0
        connect via GigabitEthernet0/Vlan9
    !
    up

ip policy Policy0
    description Cloud
    permit global Wireguard0
    no permit global GigabitEthernet0/Vlan9
    no permit global PPPoE0

show interface Wireguard0

{
    "id": "Wireguard0",
    "index": 0,
    "interface-name": "Wireguard0",
    "type": "Wireguard",
    "description": "Cloud-warp",
    "traits": [
        "Ip",
        "Ip6",
        "Wireguard"
    ],
    "link": "up",
    "connected": "yes",
    "state": "up",
    "mtu": 1320,
    "tx-queue-length": 50,
    "address": "10.10.132.101",
    "mask": "255.255.255.255",
    "uptime": 672,
    "global": true,
    "defaultgw": false,
    "priority": 65524,
    "security-level": "public",
    "ipv6": {
        "defaultgw": false
    },
    "wireguard": {
        "public-key": "V........................1o=",
        "listen-port": 65100,
        "status": "up",
        "peer": [
            {
                "public-key": "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=",
                "local": "0.0.0.0",
                "local-port": 65100,
                "via": "",
                "remote": "0.0.0.0",
                "remote-port": хххх,
                "rxbytes": 182384566,
                "txbytes": 193000604,
                "last-handshake": 69,
                "online": true,
                "enabled": true,
                "fwmark": 0
            }
        ]
    },
    "summary": {
        "layer": {
            "conf": "running",
            "link": "running",
            "ipv4": "running",
            "ipv6": "disabled",
            "ctrl": "running"
        }
    },
    "prompt": "(config)"
}

 

2. И так клиент в отдельном профиле в котором только олин канал WG (согласно настроек он должен идти по каналу Inet-2 - "connect via GigabitEthernet0/Vlan9"

3. Проверяем, speedtest показывает да 104.28.xx.xx т.е. клиент вышел через нужный WG. Но посмотрим через какой канал он выходит

  Показать контент

traceroute на сервер WG показывает так же канал через PPPoE0.

Где еще что нужно посмотреть.

 

Есть еще один на FineVPN для пробы там сервер на мнемонике, но если ставим его IP (после определения) - WG так же работает на основном канале. Стоит сменить его на interface Wireguard4 wireguard peer y0OzAW7+o2ZJEysGQSqs19zTtWKh0TELxmTmEX8IkD8= connect via GigabitEthernet0/Vlan9

interface Wireguard4 wireguard peer y0.....D8= connect via GigabitEthernet0/Vlan9

Устанавливаться вообще не хочет. Вкл./выкл. ползунка на WG не помогает.

  Показать контент

Апр 2 14:49:52 ndm Network::Interface::EndpointTracker: "Wireguard4": "y0......D8=": remote endpoint is "141.98.87.10".
Апр 2 14:49:52 ndm Network::Interface::EndpointTracker: "Wireguard4": "y0......D8=": connecting via "GigabitEthernet0/Vlan9" (GigabitEthernet0/Vlan9).
Апр 2 14:49:52 ndm Network::Interface::EndpointTracker: "Wireguard4": "y0......D8=": local endpoint is "10.10.98.12".
Апр 2 14:49:52 kernel wireguard: Wireguard4: peer "y0....D8=" (16) created
Апр 2 14:49:54 ndm Core::System::StartupConfig: configuration saved.
Апр 2 14:49:57 kernel wireguard: Wireguard4: handshake for peer "y0....D8=" (16) (141.98.87.10:хххх) did not complete after 5 seconds, retrying (try 2)
Апр 2 14:50:02 kernel wireguard: Wireguard4: handshake for peer "y0....D8=" (16) (141.98.87.10:хххх) did not complete after 5 seconds, retrying (try 3)

 

Стоит добавить "connect" на данный WG то все ОК.

interface Wireguard4 wireguard peer y0.....D8= connect

 

Изменено 2 апреля, 2024 пользователем vasek00

[Le ecureuil]

  В 02.04.2024 в 10:31, vasek00 сказал:

ОК

1. Два канала + WG. Профиль по умолчанию - RT (основной) далее Inet-2 (резервный). Есть еще один профиль в котором только WG.

  Показать контент

interface GigabitEthernet0/Vlan9
    description Inet-2
    security-level public
    ip address 10.10.10.10 255.255.255.0
    ip dhcp client hostname P-KN
    ip dhcp client dns-routes
    ip mtu 1500
    ip global 65529
    ip no name-servers
    ipv6 no name-servers
    up
!
interface GigabitEthernet0/3
    rename 4
    role inet for GigabitEthernet0/Vlan9
    switchport mode access
    switchport access vlan 9
    up

interface PPPoE0
    description RT
    role inet
    no ipv6cp
    lcp echo 30 3
    ipcp default-route
    ipcp dns-routes
    ipcp address
    no ccp
    security-level public
...
    ip mtu 1492
    ip access-group _WEBADMIN_PPPoE0 in
    ip global 65531
    ip tcp adjust-mss pmtu
    ip no name-servers
    ipv6 no name-servers
    pppoe service RT
    connect via ISP
    up

interface Wireguard0
    description Cloud-warp
    security-level public
    ip address 10.10.132.101 255.255.255.255
    ip mtu 1320
    ip access-group _WEBADMIN_Wireguard0 in
    ip global 65524
    ip tcp adjust-mss pmtu
    wireguard listen-port 65100
    wireguard peer bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo= !Cloudflare-warp
        endpoint ххх.ххх.ххх.ххх:хххх
        keepalive-interval 120
        allow-ips 0.0.0.0 0.0.0.0
        allow-ips 10.10.132.0 255.255.255.0
        allow-ips 10.16.130.29 255.255.255.255
        allow-ips 192.168.130.0 255.255.255.0
        connect via GigabitEthernet0/Vlan9
    !
    up

ip policy Policy0
    description Cloud
    permit global Wireguard0
    no permit global GigabitEthernet0/Vlan9
    no permit global PPPoE0

show interface Wireguard0

{
    "id": "Wireguard0",
    "index": 0,
    "interface-name": "Wireguard0",
    "type": "Wireguard",
    "description": "Cloud-warp",
    "traits": [
        "Ip",
        "Ip6",
        "Wireguard"
    ],
    "link": "up",
    "connected": "yes",
    "state": "up",
    "mtu": 1320,
    "tx-queue-length": 50,
    "address": "10.10.132.101",
    "mask": "255.255.255.255",
    "uptime": 672,
    "global": true,
    "defaultgw": false,
    "priority": 65524,
    "security-level": "public",
    "ipv6": {
        "defaultgw": false
    },
    "wireguard": {
        "public-key": "V........................1o=",
        "listen-port": 65100,
        "status": "up",
        "peer": [
            {
                "public-key": "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=",
                "local": "0.0.0.0",
                "local-port": 65100,
                "via": "",
                "remote": "0.0.0.0",
                "remote-port": хххх,
                "rxbytes": 182384566,
                "txbytes": 193000604,
                "last-handshake": 69,
                "online": true,
                "enabled": true,
                "fwmark": 0
            }
        ]
    },
    "summary": {
        "layer": {
            "conf": "running",
            "link": "running",
            "ipv4": "running",
            "ipv6": "disabled",
            "ctrl": "running"
        }
    },
    "prompt": "(config)"
}

 

2. И так клиент в отдельном профиле в котором только олин канал WG (согласно настроек он должен идти по каналу Inet-2 - "connect via GigabitEthernet0/Vlan9"

3. Проверяем, speedtest показывает да 104.28.xx.xx т.е. клиент вышел через нужный WG. Но посмотрим через какой канал он выходит

  Показать контент

traceroute на сервер WG показывает так же канал через PPPoE0.

Где еще что нужно посмотреть.

 

Есть еще один на FineVPN для пробы там сервер на мнемонике, но если ставим его IP (после определения) - WG так же работает на основном канале. Стоит сменить его на interface Wireguard4 wireguard peer y0OzAW7+o2ZJEysGQSqs19zTtWKh0TELxmTmEX8IkD8= connect via GigabitEthernet0/Vlan9

interface Wireguard4 wireguard peer y0.....D8= connect via GigabitEthernet0/Vlan9

Устанавливаться вообще не хочет. Вкл./выкл. ползунка на WG не помогает.

  Показать контент

Апр 2 14:49:52 ndm Network::Interface::EndpointTracker: "Wireguard4": "y0......D8=": remote endpoint is "141.98.87.10".
Апр 2 14:49:52 ndm Network::Interface::EndpointTracker: "Wireguard4": "y0......D8=": connecting via "GigabitEthernet0/Vlan9" (GigabitEthernet0/Vlan9).
Апр 2 14:49:52 ndm Network::Interface::EndpointTracker: "Wireguard4": "y0......D8=": local endpoint is "10.10.98.12".
Апр 2 14:49:52 kernel wireguard: Wireguard4: peer "y0....D8=" (16) created
Апр 2 14:49:54 ndm Core::System::StartupConfig: configuration saved.
Апр 2 14:49:57 kernel wireguard: Wireguard4: handshake for peer "y0....D8=" (16) (141.98.87.10:хххх) did not complete after 5 seconds, retrying (try 2)
Апр 2 14:50:02 kernel wireguard: Wireguard4: handshake for peer "y0....D8=" (16) (141.98.87.10:хххх) did not complete after 5 seconds, retrying (try 3)

 

Стоит добавить "connect" на данный WG то все ОК.

interface Wireguard4 wireguard peer y0.....D8= connect

 

Показать  

Это на последней 4.2 такое?

[vasek00]

  В 03.04.2024 в 04:00, Le ecureuil сказал:

Это на последней 4.2 такое?

Показать  

ДА.

[vasek00]

  В 03.04.2024 в 04:00, Le ecureuil сказал:

Это на последней 4.2 такое?

Показать  

Что еще вспомнил про Zerotier если есть настройки

interface ZeroTier0
    role inet
    security-level public
...
    zerotier connect via GigabitEthernet0/Vlan9
    up

то при подключении клиента ZT и например набираю speedtest то вижу IP от основного канала, хотя по show

  Показать контент

"mac": "be:28:df:cd:a3:53",
    "auth-type": "none",
    "zerotier": {
        "via": "GigabitEthernet0/Vlan9",
        "local-id": "0efee33217",
        "network-id": "b15644912e2126bf",
        "network-name": "",
        "status": "OK"
    },

"mac": "хх:28:хх:хх:хх:хх",
    "auth-type": "none",
    "zerotier": {
        "via": "GigabitEthernet0/Vlan9",
        "local-id": "0eeeeee217",
        "network-id": "b11111111111111f",
        "network-name": "",
        "status": "OK"
    },

 

[I] Mar 29 15:48:55 ndm: Network::Acl: input "_WEBADMIN_ZeroTier0" access list added to "ZeroTier0". 
[I] Mar 29 15:48:55 ndm: ZeroTier::Interface: "ZeroTier0": enabled addresses accept. 
[I] Mar 29 15:48:55 ndm: ZeroTier::Interface: "ZeroTier0": enabled routes accept. 
[I] Mar 29 15:48:55 ndm: ZeroTier::Interface: "ZeroTier0": set network ID to "b............f". 
[I] Mar 29 15:48:55 ndm: ZeroTier::Interface: "ZeroTier0": set connection via GigabitEthernet0/Vlan9. 
[I] Mar 29 15:48:55 kernel: IPv6: ADDRCONF(NETDEV_UP): zt_br0: link is not ready
[I] Mar 29 15:48:55 ndm: Network::Interface::Base: "ZeroTier0": "base" changed "conf" layer state "disabled" to "running". 
[I] Mar 29 15:48:55 ndm: Network::Interface::Base: "ZeroTier0": interface is up. 
...
[I] Mar 29 15:49:02 ndm: Network::Interface::EndpointTracker: "ZeroTier0": via interface "GigabitEthernet0/Vlan9" is up, reconnecting. 
[I] Mar 29 15:49:02 ndm: Core::System::Mtd::Table: firmware image 1 marked as active. 
...
[I] Mar 30 09:22:35 ndm: Network::Interface::EndpointTracker: "ZeroTier0": remote endpoint is "151.ZT.91". 
[I] Mar 30 09:22:35 ndm: Network::Interface::EndpointTracker: "ZeroTier0": connecting via "GigabitEthernet0/Vlan9" (GigabitEthernet0/Vlan9). 
[I] Mar 30 09:22:35 ndm: Network::Interface::EndpointTracker: "ZeroTier0": local endpoint is "10.IP_vlan9.12". 
[I] Mar 30 09:22:35 ndm: Network::Interface::EndpointTracker: "ZeroTier0": remote endpoint is "151.ZT.91". 
[I] Mar 30 09:22:35 ndm: Network::Interface::EndpointTracker: "ZeroTier0": connecting via "GigabitEthernet0/Vlan9" (GigabitEthernet0/Vlan9). 
[I] Mar 30 09:22:35 ndm: Network::Interface::EndpointTracker: "ZeroTier0": local endpoint is "10.IP_vlan9.12". 
[I] Mar 30 09:22:37 kernel: IPv6: ADDRCONF(NETDEV_CHANGE): zt_br0: link becomes ready
[I] Mar 30 09:22:48 ndm: Network::Interface::Base: "ZeroTier0": "zt" changed "link" layer state "pending" to "running". 
[W] Mar 30 09:22:50 ndm: Process: "Link-layer discovery observer" has been killed. 
[I] Mar 30 09:22:50 ndm: Network::Interface::Base: "ZeroTier0": "ip" changed "ipv4" layer state "disabled" to "running". 
[I] Mar 30 09:22:50 ndm: Network::Interface::Ip: "ZeroTier0": IP address is 10.ZT_LAN.101/24. 

 

 

  Показать контент

 

Изменено 4 апреля, 2024 пользователем vasek00

[gaaronk]

  В 04.04.2024 в 05:22, vasek00 сказал:

Что еще вспомнил про Zerotier если есть настройки

interface ZeroTier0
    role inet
    security-level public
...
    zerotier connect via GigabitEthernet0/Vlan9
    up

то при подключении клиента ZT и например набираю speedtest то вижу IP от основного канала, хотя по show

Показать  

Пока зеротир использует все существующие в системе интерфейсы. Я писал об этом, обещали исправить.

[vasek00]

  В 04.04.2024 в 06:03, gaaronk сказал:

Пока зеротир использует все существующие в системе интерфейсы. Я писал об этом, обещали исправить.

Показать  

Вы о чем, если поменять два канала интернет :

- PPPoE0 основной (Инет1 провод) и GigabitEthernet0/Vlan9 (Инет2 провод)

на

- GigabitEthernet0/Vlan9 основной и PPPoE резервный

и так же в настройках на "zerotier connect via PPPoE" то проблем с выходом по данному каналу нет, по крайней мере было проверено ранее на draft 4.1.

При моем использование ZT (подключение клиента к лок.сети роутера) как то по барабану, что он ZT на роутере слушает все интерфейсы, которые есть в системе.

В данной ветке теме описано применение команды "connect via ......".

[gaaronk]

  В 04.04.2024 в 09:01, vasek00 сказал:

Вы о чем, если поменять два канала интернет :

- PPPoE0 основной (Инет1 провод) и GigabitEthernet0/Vlan9 (Инет2 провод)

на

- GigabitEthernet0/Vlan9 основной и PPPoE резервный

и так же в настройках на "zerotier connect via PPPoE" то проблем с выходом по данному каналу нет, по крайней мере было проверено ранее на draft 4.1.

При моем использование ZT (подключение клиента к лок.сети роутера) как то по барабану, что он ZT на роутере слушает все интерфейсы, которые есть в системе.

В данной ветке теме описано применение команды "connect via ......".

Показать  

я об этом

[Le ecureuil]

connect via спроектирован так, что исходящий трафик он стремится пускать по определенному WAN, но входящий разрешен отовсюду. Для ZT такое поведение, конечно, недопустимо - он лезет везде. Для  Wireguard, учитывая, что он сам всегда является инициатором обмена - это ок.

[vasek00]

  В 04.04.2024 в 09:28, Le ecureuil сказал:

connect via спроектирован так, что исходящий трафик он стремится пускать по определенному WAN, но входящий разрешен отовсюду. .... Для  Wireguard, учитывая, что он сам всегда является инициатором обмена - это ок.

Показать  

Перестроил систему, поменял каналы 4.2 Alpha 2. Основной Inet-2 резервный PPPoE. Направил WG на резервный ВСЕ ОК, в отличие от схемы на которой проблемы с "connect via ...../Vlan"

  Показать контент

 

  В 02.04.2024 в 09:29, Le ecureuil сказал:

Пробовал много раз, не воспроизводится.

Нужна дополнительная информация.

Показать  

Единственное что еще наводит на мысль, что vlan9 (Inet-2) IP провайдер дает из серых 10.х.х.х адресов.

 

[vasek00]

  В 04.04.2024 в 06:03, gaaronk сказал:

Пока зеротир использует все существующие в системе интерфейсы. Я писал об этом, обещали исправить.

Показать  

По поводу ZT. Опять Inet-2 основной (vlan9 или он же eth2.9) и резерв PPPoE (или он же ppp0). ZT поднят на "connect via PPPoE0". Клиент подключился к ZT роутера и скачивает, а потом записывает файл на HDD роутера.

 

  Показать контент

Как и положено ZT работает через тот канал на котором ему и сказано. Страница https://my.zerotier.com/ как и положено показала IP от PPPoE канала.

 

  В 04.04.2024 в 09:28, Le ecureuil сказал:

Для ZT такое поведение, конечно, недопустимо - он лезет везде. Для  Wireguard, учитывая, что он сам всегда является инициатором обмена - это ок.

Показать  

А как же правило с какого IP ушло на тот и должно вернуться.

Первоначальный трафик ZT идет сначала до серверов ZT (root-zrh-01.zerotier.com, root-mia-01.zerotier.com, root-sgp-01.zerotier.com и ещё один, у которого не прописано обратное имя), а уже потом отправитель и получатель начинают работать на прямую.

  Цитата

Данные проходят через сервера ZeroTier в зашифрованном виде, и сервера видят только кто, кому и куда отправил (без этого никак, нужно для роутинга пакетов).

Показать