netmaker
netmaker copied to clipboard
gravitl
[Bug]: Cannot connect to egress network behind relay
Contact Details
No response
What happened?
1 When I use the following network, everything works fine
but when I switch to this network, egress behind relay, it wont work, 192.168.201.2 is raspberrypi
I see this issue https://github.com/gravitl/netmaker/issues/517
it mentioned Egress is now enabled behind relay.
Version
v0.14.4
What OS are you using?
Linux, Mac
Relevant log output
No response
Contributing guidelines
- [X] Yes, I did.
root@raspberrypi:~# wg show
interface: nm-test-net
public key: removed
private key: (hidden)
listening port: 44077
peer: ivYjeZJeFN/ViyX4uHBWeJnCBK+WuLihYjI5NRNmT3w=
endpoint: 45.77.removed:56840
allowed ips: 192.168.201.1/32, 192.168.201.3/32, 192.168.201.254/32, 192.168.201.4/32, 192.168.201.5/32, 192.168.201.6/32, 192.168.1.0/24
latest handshake: 18 seconds ago
transfer: 96.46 KiB received, 112.66 KiB sent
persistent keepalive: every 20 seconds
additional info from pi
on my mac, I don't see the 192.168.1.0/24 in allowed ips
interface: utun0
public key: removed
private key: (hidden)
listening port: 51232
peer: ivYjeZJeFN/ViyX4uHBWeJnCBK+WuLihYjI5NRNmT3w=
endpoint: removed:56840
allowed ips: 192.168.201.1/32, 192.168.201.2/32
latest handshake: 50 seconds ago
transfer: 112.83 KiB received, 159.16 KiB sent
persistent keepalive: every 20 seconds
peer: 6Rz/YWOR8pEH2z8UhLO5X/XuiDSSXw6btPYZ7eTCTBY=
endpoint: removed:51821
allowed ips: 192.168.201.254/32
latest handshake: 1 minute, 9 seconds ago
transfer: 33.62 KiB received, 56.17 KiB sent
persistent keepalive: every 20 seconds
peer: CvFGcQ1bDJx9SqnXJxvOG7fknOuNd4wMz19szbEOUn0=
endpoint: removed:30681
allowed ips: 192.168.201.6/32
latest handshake: 1 minute, 42 seconds ago
transfer: 18.03 KiB received, 88.21 KiB sent
persistent keepalive: every 20 seconds
peer: PZqkw02Uv2quhjZbioRVm/Nzn3M7zZiVxNIujS435DE=
endpoint: removed:51821
allowed ips: 192.168.201.3/32
latest handshake: 1 minute, 56 seconds ago
transfer: 7.05 KiB received, 27.50 KiB sent
persistent keepalive: every 20 seconds
peer: HJPilfwfW0SkOZMJGAj9Wb54N6jSe+VKYGflNXH82RQ=
endpoint: removed:60906
allowed ips: 192.168.201.4/32
transfer: 0 B received, 230.24 KiB sent
persistent keepalive: every 20 seconds
This is a known issue in 0.14.4, egress behind relay is currently non-functional. We are working to have this fixed in 0.14.5.
I can confirm the bug. It affects also a gateway which is not a relay. I'm using a dockerized install. The routes on the netmaker docker container are set with the destination network on the "network-name" interface:
Destination Gateway Genmask Flags Metric Ref Use Iface
10.20.100.0 0.0.0.0 255.255.255.0 U 0 0 0 network-name
A quick fix is to just not set any routes and leave them to be routed on the default outgoing interface (also for masquerading):
route del -net 10.20.100/24
fixes the issue (after the client pulls the specific route, off course.
This is a known issue in 0.14.4, egress behind relay is currently non-functional. We are working to have this fixed in 0.14.5.
Is this considered fixed? I have everything on 0.14.5 now, and my egress gateway is still attempting to route its own egress ranges back to the relay, the same as what pquan reported.
For example, on the egress gateway with the ranges 192.168.2.0/24 and 192.168.101.0/24 defined, the following routes were added:
192.168.2.0/24 dev nm-net-home scope link
192.168.101.0/24 dev nm-net-home scope link
and the allowed-ips to the relay peer look like:
allowed ips: 10.90.48.254/32, 192.168.2.0/24, 192.168.101.0/24, 10.90.48.3/32, 10.90.48.2/32
This is still an issue with 0.16.0 Not fixed. The netmaker machine cannot connect to the internet in the presence of multiple egress gateways. It tries to route over them which is not correct.