Glad you liked it! I'm also planning to do some more advanced Wireguard video with BGP (Bird2).

Glad you've liked it!

Thanks! Glad you liked it. Let me know if you have any questions or if you'd like to me cover any VPN topic.

Great to hear! If you have any questions or ideas feel free to reach out!

Thanks! Glad you like it. Stay tuned for more interesting content!

Welcome aboard! Glad you like the videos!

Glad you liked it!

Great to hear! Thanks!

Sure it’s possible. Just add “AllowedIPs = 0.0.0.0/0” on NODE1 on the tunnel configuration towards NODE2. That will cause all traffic from NODE1 routed via NODE2. On top of that you need to enable NAT on NODE2. Cheers!

Hi! Sure it can! I even have a video on that topic kzbin.info/www/bejne/enq7hqeedrGBprMsi=H-2gTzVqvBQDefs_

Thanks! To your question - you still need an entry in the routing table that will send traffic via WG0 interface. In other words standard routing rules apply. If you look at the routing table you have an entry: 172.16.0.0/24 dev wg0 scope link Basically it tells that 172.16.0.0/24 network is reachable via wg0 (wireguard interface). So when you send traffic, first it will lookup the kernel routing table, then "enter" WG interface and then Wireguard Cryptokey Routing Table is used to figure out which encryption key to use and which peer to send the traffic etc. BTW as far as /32 on the main interface. The most common way to setup wireguard is to use PTP links. That is: # tunnel.conf [Interface] PrivateKey = ListenPort = [Peer] PublicKey = PresharedKey = Endpoint = AllowedIPs = 0.0.0.0/0,::/0 $ ip link add dev type wireguard $ wg setconf tunnel.conf $ ip addr add fe80::/64 dev $ ip addr add 172.xx.xx.xx/32 peer 172.xx.xx.xx/32 dev $ ip link set up $ ip link set dev mtu 1420 (or 1440)

@@LinuxCloudHacks thanks for explaining!!

Welcome aboard!

Have fun! If any issues please let me know.

@@LinuxCloudHacks :) Thank you. Everything works as expected even "bugs" (ping not responding) :)

Hi! Are you using wg-quick script to bring up wireguard? If yes then it will automatically update your routing table (just add the private network of the remote end in the allowedIPs section). Also make sure the ip forwarding is enabled. Can you tell me if your servers on the private network have the wireguard node set as the default gateway?

@@LinuxCloudHacks i do use wg-quick to bring up wg (i see the route table updated), the private network of the remote end is already in the allowedIPs section and ip forwarding is enabled (I followed your video to the T, except for the masquerading). on the router (Unifi USG) I've set a static route so that traffic destined for the remote private network will be sent to the local wireguard node. Is this what you meant by default gateway?

@LinuxCloudHacks i'd love to hear your thoughts, thanks :)

Hi, 1) Just for a test - can you go to a LAN device and add a static route that points to the remote LAN via the WireGuard node and on the remote site also pick a LAN device and add static route that points to the other LAN via the WireGuard node? Then try ping/traceroute just between those 2 LAN devices. 2) I assume you include whole subnet in AllowedIPs, like 192.168.10.0/24 3) There is no firewall or nat setup on the WG nodes, correct?

Hi! I'm running VMs on Hyper-V on a Windows box. The sub mili-second latency is due to 10Gb network between the host and the router. Windows 11 with Hyper-V CRS317 switch RB5009 router All links are 10Gbit. Here are the specs: CPU: AMD Ryzen 5900X, 32GB RAM Host OS: Windows 11 with Hyper-V hypervisor Network: Mellanox ConnectX-3 (10Gb) Switch: Mikrotik CRS317 Router: Mikrotik RB5009 Cheers!

@@LinuxCloudHacks sweet. i'm experiencing random 1-5ms rtt between hyper-v vm and either external machine or other vm under the same host, on links which are otherwise as fast as anyone would expect (

This CPU has plenty of power for WireGuard. What kind of hypervisor and OS are you using? Windows with HyperV as the host and Debian as the client? Or Proxmox as the Hypervisor and Debian as the client? etc. How is the NUC connected to rest of the network? Ethernet? Do you have VLANs or it's all a single VLAN?

@@LinuxCloudHacks hyper-v with ROOT scheduler (windows 11), using linux (alpine, arch) and freebsd vms. i'm not even aiming for throughput, just trying to normalize a lousy ping rtt. outside wireguard plain 10gbps traffic is achieved seamlessly between vms through the awesome hyper-v packet switching technology :-) . external network is nothing near what you have but there's no worrisome latency anywhere on plain traffic. few other devices are connected either direct or through a switch (macos, more linux, more freebsd). everything is modest gigabit. no vlans, firewalls or any other particular configurations worth mentioning. plain wireguard over plain ethernet. the only cause for such random latency would be (in my books right now) wireguard cpu work. this would reflect the noise added to encryption for every packet sent. but i shouldn't notice it, like you said, it's a fair cpu for such task

Can you advise if the 2 VMs that you setup WG tunnel are on the same network? Or you have 2 separate network configured in Hyper-V and there is a single VM with 2 interfaces that does the routing between the networks?

Glad it helped!

@@LinuxCloudHacks yes, was very very helpful, would you please tell me this scenario works as a hub-and-spoke topology?

Hi. Please check my video on hub and spoke kzbin.info/www/bejne/lXTFd3qVaad8pM0si=U550GwDCt8zSfMZ9 If you want to interconnect two or more sites in a hub and spoke it's better to have separate WG tunnels (as it's much easier to route the traffic).

@@LinuxCloudHacks thanks a lot, let me check your video firstly and back to u

@@LinuxCloudHacks separate WG tunnel means the current video?

Thanks!

Awesome, thank you!

Hi! You need exit node to the Internet with load balancing across multiple exit nodes? Or you want to connect to specific network via two paths?

Hi, in the "EndPoint = xxx" you can specify any public IP:port or hostname:port. Those don't have to be in the same networking segment (as long as they have network reachability).

You are welcome! I'm preparing a Wireguard tutorial for Hub and Spoke topology with dynamic routing via OSPF. It will be released soon. Stay tuned!

Great idea for a movie. Thanks for the tip. I will definitely do it.

Thanks! Let me see what I can do!

Could you please clarify which current protocol you are referring to? Are you asking about how WireGuard compares to other protocols like OpenVPN or IPsec, or about its compatibility with existing setups?

@@LinuxCloudHacks IPv6

Hi! I'm glad you liked the video. I'm using Alacritty as the terminal emulator, TMUX as the terminal multiplexer with some key re-maping, some Powerline fonts and various flavors of VIM (still haven't found the perfect one). If you are interested then I can make a video how to wire it up together and what it can do.

​@@LinuxCloudHackscould you make a video on that please?

Will do!

Hi Nikto :) Thanks for the comment. I'll create a video about a road-warrior setup for Windows, MacOS, etc. and may include some of this concepts. As far as NAT goes it's good if you connect to your network but for site-to-site a route only approach is cleaner. Professionals even don't use private IPs on VPNs but route only public IPs etc.