Hello,
So I'm experimenting a little with vxlan all works fine as expected.
but I found one issue I cannot find a fix for, currently I use a multipsk setup where i redirect clients to the vxlan vlan interfaces, however: if I restart wifi with the wifi
command in the CLI I manually have to restart the vx0, the link does not restore out of itself.
does anyone know a way this can be done?, could it be that I need to put it in a bridge or is my setup flawed?
ubus system board
root@MT3000:/etc/config# ubus call system board
{
"kernel": "6.6.51",
"hostname": "MT3000",
"system": "ARMv8 Processor rev 4",
"model": "GL.iNet GL-MT3000",
"board_name": "glinet,gl-mt3000",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "SNAPSHOT",
"revision": "r27436+158-d78dec3e19",
"target": "mediatek/filogic",
"description": "OpenWrt SNAPSHOT r27436+158-d78dec3e19" (I compiled myself, only added 256QAM patch)
}
}
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix '<snip>'
config device
option name 'br-lan'
option type 'bridge'
option ipv6 '0'
list ports 'eth1'
list ports 'vx0'
config interface 'lan'
option device 'br-lan.1'
option proto 'static'
option ipaddr '192.168.8.1'
option netmask '255.255.255.0'
option delegate '0'
config interface 'wan'
option device 'eth0'
option proto 'dhcp'
option metric '20'
config interface 'wan6'
option device 'eth0'
option proto 'dhcpv6'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'eth1:u*'
config interface 'vx0'
option proto 'vxlan'
option peeraddr '10.6.7.1'
option defaultroute '0'
option delegate '0'
option force_link '1'
option vid '4921'
option ipaddr '10.6.7.2'
option port '4789'
option tunlink 'wgclient'
option rxcsum '0'
option txcsum '0'
config interface 'wgclient'
option proto 'wireguard'
option private_key '<snip>'
option force_link '1'
option defaultroute '0'
option delegate '0'
list addresses '10.6.7.2/32'
option mtu '1384'
option metric '100'
config wireguard_wgclient
option description 'MT3000'
option public_key '<snip>'
option endpoint_host '<snip>'
option endpoint_port '4443'
option persistent_keepalive '25'
list allowed_ips '0.0.0.0/0'
config bridge-vlan
option device 'br-lan'
option vlan '50'
list ports 'vx0:t'
config bridge-vlan
option device 'br-lan'
option vlan '51'
list ports 'vx0:t'
config bridge-vlan
option device 'br-lan'
option vlan '90'
list ports 'vx0:t'
config interface 'wlan0'
option proto 'dhcp'
option device 'br-lan.50'
option defaultroute '0'
config device
option name 'vx0'
config interface 'wlan1'
option proto 'dhcp'
option device 'br-lan.51'
option defaultroute '0'
config interface 'ayaneo'
option proto 'dhcp'
option device 'br-lan.90'
option defaultroute '0'
config interface 'trm_wwan'
option proto 'dhcp'
option metric '100'
config interface 'trm_wwan6'
option device '@trm_wwan'
option proto 'dhcpv6'
the network configuration is from the client, however a very similar setup is on the server where I use vx0 inside br-lan to use bridge filtering, but I wonder myself if this is actually good , and are there alternatives which make it more DSA safer?
the wireguard server is set to 1550 mtu, and the vxlan automaticly falls back to 1500 mtu (not sure if it is due this).
many thanks for the help