Vxlan restore issue on wifi ap

Hello,

So I'm experimenting a little with vxlan all works fine as expected.

but I found one issue I cannot find a fix for, currently I use a multipsk setup where i redirect clients to the vxlan vlan interfaces, however: if I restart wifi with the wifi command in the CLI I manually have to restart the vx0, the link does not restore out of itself.

does anyone know a way this can be done?, could it be that I need to put it in a bridge or is my setup flawed?

ubus system board
root@MT3000:/etc/config# ubus call system board
{
        "kernel": "6.6.51",
        "hostname": "MT3000",
        "system": "ARMv8 Processor rev 4",
        "model": "GL.iNet GL-MT3000",
        "board_name": "glinet,gl-mt3000",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "SNAPSHOT",
                "revision": "r27436+158-d78dec3e19",
                "target": "mediatek/filogic",
                "description": "OpenWrt SNAPSHOT r27436+158-d78dec3e19" (I compiled myself, only added 256QAM patch)
        }
}
/etc/config/network
config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix '<snip>'

config device
        option name 'br-lan'
        option type 'bridge'
        option ipv6 '0'
        list ports 'eth1'
        list ports 'vx0'

config interface 'lan'
        option device 'br-lan.1'
        option proto 'static'
        option ipaddr '192.168.8.1'
        option netmask '255.255.255.0'
        option delegate '0'

config interface 'wan'
        option device 'eth0'
        option proto 'dhcp'
        option metric '20'

config interface 'wan6'
        option device 'eth0'
        option proto 'dhcpv6'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'eth1:u*'

config interface 'vx0'
        option proto 'vxlan'
        option peeraddr '10.6.7.1'
        option defaultroute '0'
        option delegate '0'
        option force_link '1'
        option vid '4921'
        option ipaddr '10.6.7.2'
        option port '4789'
        option tunlink 'wgclient'
        option rxcsum '0'
        option txcsum '0'

config interface 'wgclient'
        option proto 'wireguard'
        option private_key '<snip>'
        option force_link '1'
        option defaultroute '0'
        option delegate '0'
        list addresses '10.6.7.2/32'
        option mtu '1384'
        option metric '100'

config wireguard_wgclient
        option description 'MT3000'
        option public_key '<snip>'
        option endpoint_host '<snip>'
        option endpoint_port '4443'
        option persistent_keepalive '25'
        list allowed_ips '0.0.0.0/0'

config bridge-vlan
        option device 'br-lan'
        option vlan '50'
        list ports 'vx0:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '51'
        list ports 'vx0:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '90'
        list ports 'vx0:t'

config interface 'wlan0'
        option proto 'dhcp'
        option device 'br-lan.50'
        option defaultroute '0'

config device
        option name 'vx0'

config interface 'wlan1'
        option proto 'dhcp'
        option device 'br-lan.51'
        option defaultroute '0'

config interface 'ayaneo'
        option proto 'dhcp'
        option device 'br-lan.90'
        option defaultroute '0'

config interface 'trm_wwan'
        option proto 'dhcp'
        option metric '100'

config interface 'trm_wwan6'
        option device '@trm_wwan'
        option proto 'dhcpv6'

the network configuration is from the client, however a very similar setup is on the server where I use vx0 inside br-lan to use bridge filtering, but I wonder myself if this is actually good :slight_smile:, and are there alternatives which make it more DSA safer? :stuck_out_tongue:

the wireguard server is set to 1550 mtu, and the vxlan automaticly falls back to 1500 mtu (not sure if it is due this).

many thanks for the help :smiley:

I see an mtu mismatch in your config and what you have written. The wg tunnel uses less.
Could you repeat if your setup is working fine till you restart WiFi and then you have to restore the vxlan manually?
Frr and nowadays bird2 support evpn which could maybe be an alternative way to support vxlan.

1 Like

thanks for the reply :slight_smile:

I have tried to lower the wgserver to 1420 but that did not fixed it, I also tried to put wgserver back to 1550 and the client also on 1550 however it did not restore for me unfortunately.

I made a hotplug script as workaround (im still testing with timing) which can be placed in /etc/hotplug.d/iface/30-vxlan:

#!/bin/sh
if [ "$ACTION" = "ifdown" ] && [ "$INTERFACE" = "vx0" ]; then
         logger -t "vxlan" "detecting vx0 bug, restarting vx0 over 10ms."
         sleep 10
         ifup vx0
fi

this seem to work as alternative although I have no idea if the hotplug event system works asynchronously or synchronized.

bird2 seems also interesting :+1: