Skip to content

Instantly share code, notes, and snippets.

@TyIsI

TyIsI/README.md

Forked from pamolloy/README.md
Created March 1, 2023 18:42
Show Gist options
  • Save TyIsI/a40e1aa8ee3d232a263d41f3b737587f to your computer and use it in GitHub Desktop.
Save TyIsI/a40e1aa8ee3d232a263d41f3b737587f to your computer and use it in GitHub Desktop.
Download ZIP
Mesh network using VXLAN over Wireguard
Raw
README.md
Raw
setup.bash
#!/usr/bin/env bash
#
# setup.bash - Setup a Wireguard + VXLAN demo
#
# The following four hosts are on a 10.100.0.0/24 LAN. The Wireguard tunnels
# make up a 10.100.1.0/24. I would like to ping from one host to another
# through a pair of hosts (e.g. 1 -> 2 -> 5 -> 7).
set -xe
hosts=(
host-01
host-02
host-05
host-07
host-0d
)
declare -A public_keys=(
["host-01"]="WZCRokpC2NMnCcZYbHfpZy+imkKHoVm2R9ZGkr3IzjA="
["host-02"]="+95cO2NwOMTODa9aQ9i2N0p6zx2fQ+mF5Cn3kwZ26Qc="
["host-05"]="1ZZYh4eJIPB+TTtwdLzj+tsIgcxTwFUMEdPMTbd1+xk="
["host-07"]="T0sCMXF8iAQEha0goqzAmGr3i4wI3oWBRP3VroMmqxw="
["host-0d"]="DDuWRg4p7qfpjL1PAimaCmou45k5l2FFn9oG1j61hU0="
)
declare -A lan_addrs=(
["host-01"]="10.100.0.9"
["host-02"]="10.100.0.10"
["host-05"]="10.100.0.11"
["host-07"]="10.100.0.12"
["host-0d"]="10.100.0.8"
)
for host in "${hosts[@]}"; do
ssh "${host}" reboot
done
sleep 70
for host in "${hosts[@]}"; do
ssh "${host}" ip link add dev wg0 type wireguard
ssh "${host}" ip link set mtu 1420 dev wg0
done
ssh host-01 ip address add dev wg0 10.100.1.1/24
ssh host-02 ip address add dev wg0 10.100.1.2/24
ssh host-05 ip address add dev wg0 10.100.1.5/24
ssh host-07 ip address add dev wg0 10.100.1.7/24
ssh host-0d ip address add dev wg0 10.100.1.13/24
for host in "${hosts[@]}"; do
ssh "${host}" wg set wg0 private-key /root/privatekey
done
# TODO(PM): Update "clients" allowed-ip to 0.0.0.0/0
# TODO(PM): Test SSHing from one host to another
# 1 <---> 2 (server)
ssh host-02 wg set wg0 listen-port 51820
ssh host-01 wg set wg0 peer "${public_keys[host-02]}" \
persistent-keepalive 25 \
allowed-ips 10.100.1.2/32 \
endpoint "${lan_addrs[host-02]}:51820"
ssh host-02 wg set wg0 peer "${public_keys[host-01]}" \
persistent-keepalive 25 \
allowed-ips 10.100.1.1/32
# 2 (server) <---> 5 (server)
ssh host-02 wg set wg0 peer "${public_keys[host-05]}" \
persistent-keepalive 25 \
allowed-ips 10.100.1.5/32 \
endpoint "${lan_addrs[host-05]}:51820"
ssh host-05 wg set wg0 peer "${public_keys[host-02]}" \
persistent-keepalive 25 \
allowed-ips 10.100.1.2/32 \
endpoint "${lan_addrs[host-02]}:51820"
# 5 (server) <--> 7
ssh host-05 wg set wg0 listen-port 51820
ssh host-05 wg set wg0 peer "${public_keys[host-07]}" \
persistent-keepalive 25 \
allowed-ips 10.100.1.7/32
ssh host-07 wg set wg0 peer "${public_keys[host-05]}" \
persistent-keepalive 25 \
allowed-ips 10.100.1.5/32 \
endpoint "${lan_addrs[host-05]}:51820"
# D (server) <---> 2 (server)
# D (server) <---> 5 (server)
ssh host-0d wg set wg0 listen-port 51820
ssh host-0d wg set wg0 peer "${public_keys[host-02]}" \
persistent-keepalive 25 \
allowed-ips 10.100.1.2/32 \
endpoint "${lan_addrs[host-02]}:51820"
ssh host-0d wg set wg0 peer "${public_keys[host-05]}" \
persistent-keepalive 25 \
allowed-ips 10.100.1.5/32 \
endpoint "${lan_addrs[host-05]}:51820"
ssh host-02 wg set wg0 peer "${public_keys[host-0d]}" \
persistent-keepalive 25 \
allowed-ips 10.100.1.13/32 \
endpoint "${lan_addrs[host-0d]}:51820"
ssh host-05 wg set wg0 peer "${public_keys[host-0d]}" \
persistent-keepalive 25 \
allowed-ips 10.100.1.13/32 \
endpoint "${lan_addrs[host-0d]}:51820"
for host in "${hosts[@]}"; do
ssh "${host}" ip link add name br0 type bridge stp_state 1
ssh "${host}" ip link set up dev wg0
done
# Add an address in 10.100.2.0/24 to the bridge on each host
ssh host-01 ip address add dev br0 10.100.2.1/24
ssh host-02 ip address add dev br0 10.100.2.2/24
ssh host-05 ip address add dev br0 10.100.2.5/24
ssh host-07 ip address add dev br0 10.100.2.7/24
ssh host-0d ip address add dev br0 10.100.2.13/24
# Before the standard Linux used a port for VXLAN that was popular among
# various companies. For backwards compatibility it kept that default. Here we
# set the standard port
ssh host-01 ip link add two type vxlan remote 10.100.1.2 id 1 dstport 4789
ssh host-02 ip link add one type vxlan remote 10.100.1.1 id 1 dstport 4789
ssh host-02 ip link add five type vxlan remote 10.100.1.5 id 2 dstport 4789
ssh host-05 ip link add two type vxlan remote 10.100.1.2 id 2 dstport 4789
ssh host-05 ip link add seven type vxlan remote 10.100.1.7 id 3 dstport 4789
ssh host-07 ip link add five type vxlan remote 10.100.1.5 id 3 dstport 4789
ssh host-0d ip link add two type vxlan remote 10.100.1.2 id 4 dstport 4789
ssh host-02 ip link add thirteen type vxlan remote 10.100.1.13 id 4 dstport 4789
ssh host-0d ip link add five type vxlan remote 10.100.1.5 id 5 dstport 4789
ssh host-05 ip link add thirteen type vxlan remote 10.100.1.13 id 5 dstport 4789
for host in "${hosts[@]}"; do
ssh "${host}" ip link set up dev br0
done
ssh host-01 ip link set up two
ssh host-01 ip link set two master br0
ssh host-02 ip link set up one
ssh host-02 ip link set one master br0
ssh host-02 ip link set up five
ssh host-02 ip link set five master br0
ssh host-02 ip link set up thirteen
ssh host-02 ip link set thirteen master br0
ssh host-05 ip link set up two
ssh host-05 ip link set two master br0
ssh host-05 ip link set up seven
ssh host-05 ip link set seven master br0
ssh host-05 ip link set up thirteen
ssh host-05 ip link set thirteen master br0
ssh host-07 ip link set up five
ssh host-07 ip link set five master br0
ssh host-0d ip link set up two
ssh host-0d ip link set two master br0
ssh host-0d ip link set up five
ssh host-0d ip link set five master br0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment