Versions Compared

Old Version 1

changes.mady.by.user Fréderic LOUI

Saved on

compared with

New Version 2

changes.mady.by.user Fréderic LOUI

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleStep -2- Configure RARE/freeRtr Wireguard endpoint
  • First thing first configure vrf v1234
Code Block
languagebash
themeMidnight
titlevrf v1234 configuration
!
vrf definition v1234
 exit
!
  • Configure loopback1234 and bind it to vrf v1234
Code Block
languagebash
themeMidnight
titleLoopback1234 configuration
!
interface loopback1234
 description Wireguard allowed IPv6 network
 vrf forwarding v1234
 ipv6 address 1234::1 ffff:ffff:ffff:ffff::
 no shutdown
 no log-link-change
 exit
!
  • Configure Wireguard crypto stanza
Code Block
languagebash
themeMidnight
titlevrf v1234 configuration
!
crypto ipsec wg-1234
 key <freertr-private-key><ubuntu-public-key>
 replay 0
 exit
!
  • Configure tunnel1234 Wireguard tunnel
Code Block
languagebash
themeMidnight
titleWireguard tunnel1234 configuration
!
interface tunnel1234
 description RARE/freeRtr Wireguard tunnel 
 tunnel key 51820
 tunnel vrf inet
 tunnel protection wg-1234
 tunnel source sdn6
 tunnel destination 2a01:e0a:159:2856:a00:27ff:fe5f:f085
 tunnel mode wireguard
 vrf forwarding v1234
 ipv6 address 6789::666 ffff:ffff:ffff:ffff::
 no shutdown
 no log-link-change
 exit
!
  • if you are using a dataplane please add Wireguard tunnel and corresponding VRF in "server p4lang p4"
Code Block
languagebash
themeMidnight
titlesh run p4lang
!
server p4lang p4
...
 export-vrf v1234 5
...
 export-port tunnel1234 45 0 0 0 0
...
 exit
!
! Where 45 is an ID not already used in server p4lang


Verification

Expand
titleVerification @ ubuntu 20.04
  • Check Wireguard  interface
Code Block
languagebash
themeMidnight
titleifconfig wg0
wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1420
        inet6 6789::10  prefixlen 64  scopeid 0x0<global>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
        RX packets 980  bytes 44240 (44.2 KB)
        RX errors 204  dropped 0  overruns 0  frame 204
        TX packets 191  bytes 15768 (15.7 KB)
        TX errors 0  dropped 64 overruns 0  carrier 0  collisions 0
  • Check ipv6 routing @ ubuntu 
Code Block
languagebash
themeMidnight
titleip -6 route
::1 dev lo proto kernel metric 256 pref medium
1234::/64 dev wg0 metric 1024 pref medium
2a01:e0a:159:2856::/64 dev enp0s3 proto ra metric 100 expires 2419185sec pref medium
6789::/64 dev wg0 proto kernel metric 256 pref medium
fe80::/64 dev enp0s3 proto kernel metric 256 pref medium
fe80::/64 dev enp0s8 proto kernel metric 256 pref medium
default via fe80::24c:73ff:fe07:a77 dev enp0s3 proto ra metric 100 expires 1785sec mtu 1500 pref medium
  • ping freeRtr tunnel endpoint
Code Block
languagebash
themeMidnight
title ping 6789::666
PING 6789::666(6789::666) 56 data bytes
64 bytes from 6789::666: icmp_seq=1 ttl=255 time=2.07 ms
64 bytes from 6789::666: icmp_seq=2 ttl=255 time=1.99 ms
64 bytes from 6789::666: icmp_seq=3 ttl=255 time=2.20 ms
64 bytes from 6789::666: icmp_seq=4 ttl=255 time=2.26 ms
  • ping cascaded loopback1234
Code Block
languagebash
themeMidnight
title ping 1234::1
PING 1234::1(1234::1) 56 data bytes
64 bytes from 1234::1: icmp_seq=1 ttl=255 time=2.04 ms
64 bytes from 1234::1: icmp_seq=2 ttl=255 time=1.92 ms
64 bytes from 1234::1: icmp_seq=3 ttl=255 time=2.10 ms
64 bytes from 1234::1: icmp_seq=4 ttl=255 time=1.96 ms

Congratulations ! 

Now let's proceed to verification at freeRtr level

...

Tip
titleRARE validated design: [ SOHO #006 ] - key take-away

In this example the key take-away are:

  • Wireguard configuration is simple
  • We used ubuntu 20.04 but of course you can enabled Wireguard with any host supporting Wireguard protocol
  • IPv6 is used here. But of course IPv4 is also available (wink)
  • Last but not least do not forget to export VRF and Wireguard tunnel interface in "server p4lang p4" should you run RARE/freeRtr with a dedicated dataplane (p4emu, dpdk or P4)

This is a pretty unique freeRouter feature ! Are you aware of any other router able to set up a Wireguard VPN ?

...