Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allowed ips is not published from a node which is accesable via relay node #498

Closed
chefkoch-de42 opened this issue Nov 22, 2021 · 10 comments
Closed

allowed ips is not published from a node which is accesable via relay node #498

chefkoch-de42 opened this issue Nov 22, 2021 · 10 comments

Comments

@chefkoch-de42
Copy link

Node1 : missing allowed ips for egres gw range of node 2
|
|
netmaker server: relay for Node1
|
|
Node2: egress gw for 192.168.99.0/24

In this network I have 3 more nodes and one external

I could manage this manually via adding allowed ips = 192.168.99.0/23 to netmaker server , so Node 1 is getting the allowed ips range, and then I need to add the ip route add 192.168.99.0/24 via

Is this kind of setup to special for netmaker, or do I need to work with multiple networks?
@chefkoch-de42
Copy link
Author

Any news?

@afeiszli
Copy link
Contributor

Hi, nodes will ignore egress gateway IP ranges if they overlap with a local network range. Does 192.168.99.0/24 overlap with a local network range?

@chefkoch-de42
Copy link
Author

chefkoch-de42 commented Nov 30, 2021
edited
Loading

192.168.99.0/24 is the internal network of the node2

@afeiszli
Copy link
Contributor

afeiszli commented Dec 1, 2021

is it also an internal network of node 1?

@chefkoch-de42
Copy link
Author

chefkoch-de42 commented Dec 1, 2021
edited
Loading

no.
node1: 192.168.55.10 on eth0
node2: 192.168.99.10 on eth0 and other hosts in that network

Node2 is configured as egress gw for 192.168.99.0/24 to be able to reach other hosts in that network from vpn members.

The needed allowed ips setting is configured on any direct connected host. But node1 cannot reach node2 directly due fw blocks, so I configured netmaker server as relay for node1. The problem is, that node1 does not get the allowed ips "192.168.99.0/24 " to be send via the wg connection to the relay server.

I do not know if this done in the backround, but for my understanding, netmaker needs to collect all allowed ips from nodes, which are not relayed over that relay and need to push them to the relayed hosts.

@afeiszli
Copy link
Contributor

afeiszli commented Dec 1, 2021

Ahhh ok, I think this is related to #517. We don't populate egress gateway ranges from behind relay right now. We will need to add that in the next release.

@chefkoch-de42
Copy link
Author

chefkoch-de42 commented Dec 1, 2021
edited
Loading

For the moment the workarround is:
set allowed ips on relay server with (netmask -1) for the netwoks behind nodes
And set the routing setting via postup down script

@chefkoch-de42
Copy link
Author

@afeiszli I checked the changelog of 0.9.2 for this but I was not able to find it. (Maybe to dump to do so 😇)
Am I correct?

@afeiszli
Copy link
Contributor

This has not been added yet. 0.9.2 was for bug fixes so no new features were added.

@afeiszli
Copy link
Contributor

This should be in place as of 0.9.4. Please let us know if you still experience the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@afeiszli @chefkoch-de42