-
lemoer authoredThe address of the vpn interface is calculated in the style of modified EUI-64, based on a virtual mac address. This virtual mac address consists of 0x00 as first byte and the other five bytes are taken from the first bytes of md5sum(base64 encoded public key). The algorithm was taken by the ffmuc, with a slight difference. ffmuc calculated the result of md5sum(base64 encoded public key + '\n') which was interpreted as accidential fault and therefore dropped. Example: - Public-Key: "gP3VJnTTvnQut+z4O+m0N9RgMyXbgyUbUkF3E3TKX2w=" - Address: "fe80::02ca:b8ff:fedc:2eb3" The following interfaces are used for wireguard: - wg_mesh -> wireguard interface - mesh-vpn -> vxlan iface on top of wg_mesh If you use this new feature, make sure the NTP servers in your site config are publicly reachable. This is necessary, since wireguard requires correct time before the vpn connection is established. Therefore gluon performs ntp time synchronisation via WAN before it establishes the vpn connection. Therefore the NTP servers have to be publicly reachable (and not only via mesh).
lemoer authoredThe address of the vpn interface is calculated in the style of modified EUI-64, based on a virtual mac address. This virtual mac address consists of 0x00 as first byte and the other five bytes are taken from the first bytes of md5sum(base64 encoded public key). The algorithm was taken by the ffmuc, with a slight difference. ffmuc calculated the result of md5sum(base64 encoded public key + '\n') which was interpreted as accidential fault and therefore dropped. Example: - Public-Key: "gP3VJnTTvnQut+z4O+m0N9RgMyXbgyUbUkF3E3TKX2w=" - Address: "fe80::02ca:b8ff:fedc:2eb3" The following interfaces are used for wireguard: - wg_mesh -> wireguard interface - mesh-vpn -> vxlan iface on top of wg_mesh If you use this new feature, make sure the NTP servers in your site config are publicly reachable. This is necessary, since wireguard requires correct time before the vpn connection is established. Therefore gluon performs ntp time synchronisation via WAN before it establishes the vpn connection. Therefore the NTP servers have to be publicly reachable (and not only via mesh).
user NaN GiB