[Bug 261711] net/wireguard-kmod: Cannot send data over VXLAN / vtnet

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 16 Sep 2022 12:51:36 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261711

--- Comment #7 from marco@tols.org ---
Hi there,

I have the same issue.  Hopefully my submission of uname -a and pkg info
wireguard-kmod will help this bug progress further.  I'm sure if this bug gets
resolved, it will also resolve my issue.

For completeness my setup is this:
- 2x 13.1-RELEASE-p2 host - no firewalls active
- Working wireguard setup (can ssh from one to the other via the wireguard IPs)
- Working vxlan over ipsec setup, traffic across the vxlan tunnel ends up on
the other side.  In my case the vxlan interfaces are bridged to a real
interface so that I end up having a stretched ethernet network.

When I change the vxlanlocal and vxlanremote on both ends from the ipsec ip
addresses to the wireguard ip adresses the traffic across the vxlan tunnel does
not end up on the other side any more.  I do see the udp/4789 packets arrive on
the wg0 interface, but they don't seem to make it into the vxlan interface.

My suspicion is that by the time the packets get decrypted by the wireguard
setup, it's too late to have them get processed by vxlan.  This is pure
speculation.

My `uname -a` is this: (identical on both ends)
FreeBSD <hostname> 13.1-RELEASE-p2 FreeBSD 13.1-RELEASE-p2 GENERIC amd64

my `pkg info wireguard-kmod` is this:
wireguard-kmod-0.0.20220615
Name           : wireguard-kmod
Version        : 0.0.20220615
Installed on   : Fri Sep 16 11:29:06 2022 CEST
Origin         : net/wireguard-kmod
Architecture   : FreeBSD:13:amd64
Prefix         : /usr/local
Categories     : net-vpn net kld
Licenses       : MIT
Maintainer     : decke@FreeBSD.org
WWW            : https://git.zx2c4.com/wireguard-freebsd/
Comment        : WireGuard implementation for the FreeBSD kernel
Annotations    :
        FreeBSD_version: 1301000
        repo_type      : binary
        repository     : FreeBSD
Flat size      : 144KiB
Description    :
Kernel module for FreeBSD to support Wireguard.

At this time this code is new, unvetted, possibly buggy, and should be
considered "experimental". It might contain security issues. We gladly
welcome your testing and bug reports, but do keep in mind that this code
is new, so some caution should be exercised at the moment for using it
in mission critical environments.

WWW: https://git.zx2c4.com/wireguard-freebsd/

-- 
You are receiving this mail because:
You are the assignee for the bug.