Skip to content

Instantly share code, notes, and snippets.

@pamolloy

pamolloy/README.md

Last active April 6, 2024 05:49
Show Gist options
  • Star 49 You must be signed in to star a gist
  • Fork 10 You must be signed in to fork a gist
  • Save pamolloy/f464c2b54af03c436491f42abf0bbff9 to your computer and use it in GitHub Desktop.
Save pamolloy/f464c2b54af03c436491f42abf0bbff9 to your computer and use it in GitHub Desktop.
Download ZIP
Mesh network using VXLAN over Wireguard
Raw
README.md
Raw
setup.bash
#!/usr/bin/env bash
#
# setup.bash - Setup a Wireguard + VXLAN demo
#
# The following four hosts are on a 10.100.0.0/24 LAN. The Wireguard tunnels
# make up a 10.100.1.0/24. I would like to ping from one host to another
# through a pair of hosts (e.g. 1 -> 2 -> 5 -> 7).
set -xe
hosts=(
host-01
host-02
host-05
host-07
host-0d
)
declare -A public_keys=(
["host-01"]="WZCRokpC2NMnCcZYbHfpZy+imkKHoVm2R9ZGkr3IzjA="
["host-02"]="+95cO2NwOMTODa9aQ9i2N0p6zx2fQ+mF5Cn3kwZ26Qc="
["host-05"]="1ZZYh4eJIPB+TTtwdLzj+tsIgcxTwFUMEdPMTbd1+xk="
["host-07"]="T0sCMXF8iAQEha0goqzAmGr3i4wI3oWBRP3VroMmqxw="
["host-0d"]="DDuWRg4p7qfpjL1PAimaCmou45k5l2FFn9oG1j61hU0="
)
declare -A lan_addrs=(
["host-01"]="10.100.0.9"
["host-02"]="10.100.0.10"
["host-05"]="10.100.0.11"
["host-07"]="10.100.0.12"
["host-0d"]="10.100.0.8"
)
for host in "${hosts[@]}"; do
ssh "${host}" reboot
done
sleep 70
for host in "${hosts[@]}"; do
ssh "${host}" ip link add dev wg0 type wireguard
ssh "${host}" ip link set mtu 1420 dev wg0
done
ssh host-01 ip address add dev wg0 10.100.1.1/24
ssh host-02 ip address add dev wg0 10.100.1.2/24
ssh host-05 ip address add dev wg0 10.100.1.5/24
ssh host-07 ip address add dev wg0 10.100.1.7/24
ssh host-0d ip address add dev wg0 10.100.1.13/24
for host in "${hosts[@]}"; do
ssh "${host}" wg set wg0 private-key /root/privatekey
done
# TODO(PM): Update "clients" allowed-ip to 0.0.0.0/0
# TODO(PM): Test SSHing from one host to another
# 1 <---> 2 (server)
ssh host-02 wg set wg0 listen-port 51820
ssh host-01 wg set wg0 peer "${public_keys[host-02]}" \
persistent-keepalive 25 \
allowed-ips 10.100.1.2/32 \
endpoint "${lan_addrs[host-02]}:51820"
ssh host-02 wg set wg0 peer "${public_keys[host-01]}" \
persistent-keepalive 25 \
allowed-ips 10.100.1.1/32
# 2 (server) <---> 5 (server)
ssh host-02 wg set wg0 peer "${public_keys[host-05]}" \
persistent-keepalive 25 \
allowed-ips 10.100.1.5/32 \
endpoint "${lan_addrs[host-05]}:51820"
ssh host-05 wg set wg0 peer "${public_keys[host-02]}" \
persistent-keepalive 25 \
allowed-ips 10.100.1.2/32 \
endpoint "${lan_addrs[host-02]}:51820"
# 5 (server) <--> 7
ssh host-05 wg set wg0 listen-port 51820
ssh host-05 wg set wg0 peer "${public_keys[host-07]}" \
persistent-keepalive 25 \
allowed-ips 10.100.1.7/32
ssh host-07 wg set wg0 peer "${public_keys[host-05]}" \
persistent-keepalive 25 \
allowed-ips 10.100.1.5/32 \
endpoint "${lan_addrs[host-05]}:51820"
# D (server) <---> 2 (server)
# D (server) <---> 5 (server)
ssh host-0d wg set wg0 listen-port 51820
ssh host-0d wg set wg0 peer "${public_keys[host-02]}" \
persistent-keepalive 25 \
allowed-ips 10.100.1.2/32 \
endpoint "${lan_addrs[host-02]}:51820"
ssh host-0d wg set wg0 peer "${public_keys[host-05]}" \
persistent-keepalive 25 \
allowed-ips 10.100.1.5/32 \
endpoint "${lan_addrs[host-05]}:51820"
ssh host-02 wg set wg0 peer "${public_keys[host-0d]}" \
persistent-keepalive 25 \
allowed-ips 10.100.1.13/32 \
endpoint "${lan_addrs[host-0d]}:51820"
ssh host-05 wg set wg0 peer "${public_keys[host-0d]}" \
persistent-keepalive 25 \
allowed-ips 10.100.1.13/32 \
endpoint "${lan_addrs[host-0d]}:51820"
for host in "${hosts[@]}"; do
ssh "${host}" ip link add name br0 type bridge stp_state 1
ssh "${host}" ip link set up dev wg0
done
# Add an address in 10.100.2.0/24 to the bridge on each host
ssh host-01 ip address add dev br0 10.100.2.1/24
ssh host-02 ip address add dev br0 10.100.2.2/24
ssh host-05 ip address add dev br0 10.100.2.5/24
ssh host-07 ip address add dev br0 10.100.2.7/24
ssh host-0d ip address add dev br0 10.100.2.13/24
# Before the standard Linux used a port for VXLAN that was popular among
# various companies. For backwards compatibility it kept that default. Here we
# set the standard port
ssh host-01 ip link add two type vxlan remote 10.100.1.2 id 1 dstport 4789
ssh host-02 ip link add one type vxlan remote 10.100.1.1 id 1 dstport 4789
ssh host-02 ip link add five type vxlan remote 10.100.1.5 id 2 dstport 4789
ssh host-05 ip link add two type vxlan remote 10.100.1.2 id 2 dstport 4789
ssh host-05 ip link add seven type vxlan remote 10.100.1.7 id 3 dstport 4789
ssh host-07 ip link add five type vxlan remote 10.100.1.5 id 3 dstport 4789
ssh host-0d ip link add two type vxlan remote 10.100.1.2 id 4 dstport 4789
ssh host-02 ip link add thirteen type vxlan remote 10.100.1.13 id 4 dstport 4789
ssh host-0d ip link add five type vxlan remote 10.100.1.5 id 5 dstport 4789
ssh host-05 ip link add thirteen type vxlan remote 10.100.1.13 id 5 dstport 4789
for host in "${hosts[@]}"; do
ssh "${host}" ip link set up dev br0
done
ssh host-01 ip link set up two
ssh host-01 ip link set two master br0
ssh host-02 ip link set up one
ssh host-02 ip link set one master br0
ssh host-02 ip link set up five
ssh host-02 ip link set five master br0
ssh host-02 ip link set up thirteen
ssh host-02 ip link set thirteen master br0
ssh host-05 ip link set up two
ssh host-05 ip link set two master br0
ssh host-05 ip link set up seven
ssh host-05 ip link set seven master br0
ssh host-05 ip link set up thirteen
ssh host-05 ip link set thirteen master br0
ssh host-07 ip link set up five
ssh host-07 ip link set five master br0
ssh host-0d ip link set up two
ssh host-0d ip link set two master br0
ssh host-0d ip link set up five
ssh host-0d ip link set five master br0
@soto2080
Copy link

Here is an typo "XVLAN" in h1.

@pamolloy
Copy link
Author

pamolloy commented Sep 2, 2021

Here is an typo "XVLAN" in h1.

Thanks for pointing that out! Should be fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment