nebula icon indicating copy to clipboard operation
nebula copied to clipboard

Published 20 hours ago verified publisher icon slackhq

make default route via nebula node (full subnet routing, 0.0.0.0/0, etc.)

Open darren opened this issue 5 years ago • 7 comments

Wireguard do someting magic while settting

AllowedIPs = 0.0.0.0/0, ::/0

And all traffic will route by that wireguard peer.

But if set nebula's unsafe_route 0.0.0.0/0, it will failed to start:

level=fatal msg="failed to set mtu 1300 on route 0.0.0.0/0; file exists"

darren avatar Aug 13 '20 13:08 darren

In fact, the routing of wireguard is also done through system routing. It can also be realized by system routing!

ghost avatar Sep 18 '20 07:09 ghost

I would appreciate this option as well for certain members of the nebula.

ibehren1 avatar Jan 07 '21 02:01 ibehren1

This is something we are interested in supported and I'll try to find time for it this year.

nbrownus avatar Apr 15 '21 02:04 nbrownus

Hi @mrbluecoat (and other readers) - please show your support for this issue by adding a 👍 to the original post, which allows us to sort by votes. Commenting with a bump just creates noise for the maintainers. Thanks for understanding!

In the meantime, there's a bit of additional context here: https://github.com/slackhq/nebula/issues/307#issuecomment-1194547903

johnmaguire avatar May 11 '23 15:05 johnmaguire

I ran a test, I might be totally wrong , however I think the issue with adding 0.0.0.0/0 via nebula IP, is that the handshake times out to reach the actual nebula server " at least this is what I think happens " so what I did was using https://www.procustodibus.com/blog/2021/03/wireguard-allowedips-calculator/ to exclude the nebula exit node IP , that gave me few routes to add, did that, reload my client and it works... I am sure there is a better way and maybe a correct way, but thought to put this here

SherifNagy avatar May 15 '24 20:05 SherifNagy

I ran a test, I might be totally wrong , however I think the issue with adding 0.0.0.0/0 via nebula IP, is that the handshake times out to reach the actual nebula server " at least this is what I think happens " so what I did was using https://www.procustodibus.com/blog/2021/03/wireguard-allowedips-calculator/ to exclude the nebula exit node IP , that gave me few routes to add, did that, reload my client and it works... I am sure there is a better way and maybe a correct way, but thought to put this here

Did you add the routes under unsafe_routes? or did you add them on OS/System level (e.g. ip route add)?

nimblepenguin avatar Jul 12 '24 20:07 nimblepenguin

I ran a test, I might be totally wrong , however I think the issue with adding 0.0.0.0/0 via nebula IP, is that the handshake times out to reach the actual nebula server " at least this is what I think happens " so what I did was using https://www.procustodibus.com/blog/2021/03/wireguard-allowedips-calculator/ to exclude the nebula exit node IP , that gave me few routes to add, did that, reload my client and it works... I am sure there is a better way and maybe a correct way, but thought to put this here

Did you add the routes under unsafe_routes? or did you add them on OS/System level (e.g. ip route add)?

via unsafe_router within nebula configs

SherifNagy avatar Jul 13 '24 16:07 SherifNagy

added this to the v2.0.0 milestone

ben-auo avatar Mar 12 '25 15:03 ben-auo