I am using the following setup:
WAN VRF, Interface in VLAN 999, gets IP assigned via DHCP (possibly overlaps with other IPs, hence separate VRF)
Simple wireguard tunnel to server at xxx.xxx.74.149
This wireguard tunnel does not pass any traffic.
ping 10.255.1.1 vrf wan
gives no replies. tcpdump on the server shows no inbound packets. tcpdump on VyOS shows packets being sent
monitor traffic interface wg0 tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on wg0, link-type RAW (Raw IP), snapshot length 262144 bytes 16:33:23.491616 IP 10.255.1.2 > 10.255.1.1: ICMP echo request, id 15476, seq 1, length 64 16:33:24.500153 IP 10.255.1.2 > 10.255.1.1: ICMP echo request, id 15476, seq 2, length 64 16:33:25.524026 IP 10.255.1.2 > 10.255.1.1: ICMP echo request, id 15476, seq 3, length 64 16:33:26.548167 IP 10.255.1.2 > 10.255.1.1: ICMP echo request, id 15476, seq 4, length 64
Version:
Version: VyOS 1.5-rolling-202404280021 Release train: current
Config (unncessary stuff stripped)
interfaces { ethernet eth1 { description "LAN and WAN interface" vif 999 { address dhcp description WAN vrf wan } } loopback lo { address 10.0.0.5/32 } wireguard wg0 { address 10.255.1.2/29 description VPN-to-VPS peer to-VPS { address xxx.xxx.74.149 allowed-ips 10.255.1.0/29 persistent-keepalive 25 port 51822 public-key **************** } private-key xxxxxx vrf wan } } protocols { static { route xxx.xxx.74.149/32 { next-hop 192.168.128.1 { vrf wan } } } } vrf { name wan { table 1100 } }
sudo wg show wg0 interface: wg0 public key: **************** private key: (hidden) listening port: 37998 peer: **************** endpoint: xxx.xxx.74.149:51822 allowed ips: 10.255.1.0/29 transfer: 0 B received, 32.95 KiB sent persistent keepalive: every 25 seconds
show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure C>* 10.0.0.5/32 is directly connected, lo, 00:24:16 S>* xxx.xxx.74.149/32 [1/0] via 192.168.128.1, eth1.999 (vrf wan), weight 1, 00:24:13
show ip route vrf wan Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure VRF wan: S>* 0.0.0.0/0 [210/0] via 192.168.128.1, eth1.999, weight 1, 00:24:46 C>* 10.255.1.0/29 is directly connected, wg0, 00:24:45 C>* 192.168.128.0/17 is directly connected, eth1.999, 00:24:46