monotux has left #nixos-on-your-router [#nixos-on-your-router]
monotux has joined #nixos-on-your-router
vuko has joined #nixos-on-your-router
<bpye>
I also don't suppose anyone has used the networking.sits config to setup an IPv6 tunnel? I played around last night but ended up reverting my changes because I ended up confusing myself...
vuko_ has joined #nixos-on-your-router
vuko has quit [Ping timeout: 265 seconds]
early` has quit [Quit: Leaving]
early has joined #nixos-on-your-router
vuko has joined #nixos-on-your-router
vuko_ has quit [Ping timeout: 268 seconds]
<aleph->
Alright bird2/ospf is... interesting
<aleph->
And a right pain to debug
vuko_ has joined #nixos-on-your-router
<hexa->
compared to what? :D
<aleph->
Heh compared to not getting it to work :p
<hexa->
right, that sounds tough :D
<hexa->
basically you have a `protocol ospf v3` block
<hexa->
that has an `area 0` block, in which you enable ospf on a certain interface
<hexa->
then you add an ipv6/ipv4 channel to handle export/import filters
<aleph->
Heh guess I should just use 2 for now yeah
<hexa->
not really :D
<aleph->
Heh
<hexa->
ospfv3 supports both ipv4 and ipv6
<hexa->
but communicates over ipv6
<hexa->
ospfv2 only supports ipv4
<aleph->
Ahhh that's... kinda odd
<aleph->
Guess it makes sense to networking folks
<aleph->
Okay yeah `ip a add fe80::/64 dev wg0` got the interface showing up
<hexa->
actually, fe80::1/64
<hexa->
and fe80::2/64
<hexa->
fe80::/64 is only the prefix
<hexa->
for link local addresses
<cransom>
i'm not sure about the 'makes sense to networking folks' holds, its just because thats the way it's always been. you could swap to ISIS if you are particularly obsessed about one routing protocol.
<hexa->
yeah, and personally I use babel
<hexa->
also over wireguard
<aleph->
Heh which is easier? Thought OSPF was the simplest routing protocol to start with
<hexa->
it is not really about 'easier'
<cransom>
i don' tknow about easier, but you can read about them and see if there's one in particular that suits your requirements. ospf however, is ubiquitous and everything speaks it, and most kind of know how to use it.
<hexa->
ospf works out ok on fixed links
<aleph->
Hmm well this is progress at least.
<aleph->
`ospf1: Socket error on wg0: Required key not available`
<aleph->
Probably need to add ipv6 to my allowed ips
<hexa->
wg show
<hexa->
tl;dr: no handshake has occured yet with the other end
<hexa->
oh yeah, that
<hexa->
fe80::/64 to allowedips
<aleph->
Yeah I really need to read up on ipv6 finally heh
<hexa->
the gist about link local addresses is: they're free and you can use them on any link, they are scoped to a link, so you can reuse them everywhere
<aleph->
Good to know.
<hexa->
scoped to link means, that given an fe80::1 address, to reach it you must also specify the interface it is sc oped to
<hexa->
fe80::1%wg0
<aleph->
Interesting.
<hexa->
and you could have fe80::1/64 on 5 interfaces on your system
<aleph->
Nifty
<hexa->
it is only valid on that link, and it is not routable
<aleph->
Now just need to update wg on the remote to have `fe80::/64` in the AlloweIps
<aleph->
Hmm wonder if I can set wireguard to set multiple addresses so I can stop manually adding this...
<aleph->
Yep
<aleph->
Okay yeah just doing ospf v2 for now heh
<aleph->
I'll need to do some reading on ipv6 late tonight heh
<aleph->
Hmm. hexa- say I'm using ospf v2 I only want to route one subnet 192.168.1.0/24 to my friends remote and they want to route 192.168.100.0/24 to my remote. I want unicast I think and not multicast, so setting type to ptp/pointopint and setting the neighbor explicitly to 10.100.0.4(next wg hop to his end) should work no?
<cransom>
i don't think you want point to point. that behavior relies more on things like direct serial connections where there can only be 2 machines chatting on the line.
<aleph->
Ah, is there another way to denote unicast then?
<cransom>
i don't think it's useful to state it at all
<aleph->
Hmm doesn't it default to multicast then no? Or at least that's what I'm reading
<cransom>
well, maybe the unicast is required. i haven't done this over wireguard before. i would probably say that if you are communicating with another administrative domain, that's where bgp should be happening rather than ospf.
<aleph->
Possibly yeah. Just wanted to start with OSPF first before moving onto EBPG
<cransom>
they aren't exclusive of eachother. there's no graduation from one to the other. bgp has protection and more interesting filtering options that ospf wasn't meant to provide.
<aleph->
Fair enough
<cransom>
you can do lots of weird things with networks, and i won't stop you. just if you were curious about doing more, using the right tools for the job helps.
<aleph->
Hmm I need to do more reading on ospf and bgp then. I'm this close to getting these idjits to say hello