netmaker
netmaker copied to clipboard
gravitl
DNS Addresses as Endpoint Url
I do not have a public availible IPv4 (refers to DualStack-Lite) and both of my IP Addresses are not static. I use DNS Address in conjunction with IPv6's Prefix Delegation to handle my network connectivity.
So is it planned to use DNS Addresses as Endpoints? From my exeperience with Wireguard its definitly possible
the issue you have is wireguard converts the DNS to a static ip address on connect and never changes the ip address until it disconnects and the reconnects
so for dynamic ip addressing to work, you would need to keep a track of the external ip address some how
then notifiy every node that its changed and the nodes would have to disconnect and reconnect which would cause dropouts but also a min of 60 seconds for the DNS to refresh and have the correct ip address
I see..
After a bit of further research I stumbled accross Wireguard's Roadmap. I think wg-dynamic is what possibly solves the problem. For me it is crucial, that a VPN can react to changing network situations. I will take a look into Wireguards source code :)
the only thing i would suggest is maybe try the following a script that detects the comps external ip address then if it changes, stop netclient and wireguard on the client computer, then restart them, this should then force the client to send its new ip address to the netmaker server, which will in turn send the new ip to other nodes? i havent tried this but its worth a shot!
the only thing i would suggest is maybe try the following a script that detects the comps external ip address then if it changes, stop netclient and wireguard on the client computer, then restart them, this should then force the client to send its new ip address to the netmaker server, which will in turn send the new ip to other nodes? i havent tried this but its worth a shot!
netclient already detects public ip changes (if IsStatic==false) and sends update info to the server.
@mattkasun so the only thing really needed is to allow the fqdn in the endpoint?
@mattkasun so the only thing really needed is to allow the fqdn in the endpoint?
why? on join, netclient determines your public ip and while the daemon is running, it will send updates to the server if the public ip changes.
@mattkasun so the only thing really needed is to allow the fqdn in the endpoint?
why? on join, netclient determines your public ip and while the daemon is running, it will send updates to the server if the public ip changes.
the problem is my dual-stack-lite internet connection. my 'public' ipv4 is not accessible from outside. so my idea was to point the endpoint to a domain, so that if my ipv6 prefix changes, the server will be reachable.
setting the endpoint address to a ipv6 in netmaker-ui is possible. but when you input a domain it fails the put-request to the api due to validation. from my research it could be fixed by adding 'fqdn' parameter to the endpoint validation.
so my intention with this setup is to pair on-prem hardware with on demand or external devices over a meshed vpn network.
but wireguard only does a dns lookup of a fqdn on start up and changes the endpoint to an ip. If the public ip changes, the wireguard endpoint won't be updated.
😄 that is the reason why I wanted to take a look into wireguard. I already mentioned wg-dynamic. But the use case is to provide dynamic addresses for tunnel via some dhcp, when I understand it correctly. I think the solution for this problem is simpler. I think in wireguard a configuration property like 'dns-refresh-interval' could be implemented, which checks if the ip has changed. Big benefit here is, that it is possible to point to A and AAAA records. So in my case it would possible to host netmaker with dynamic ipv6 addresses by putting a domain into the endpoint field.
FYI: I contacted the Wireguard team with a feature request and waiting for approval. I will post any updates here