search

gravitl / netmaker

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
https://netmaker.io
Other
9.5k stars 552 forks source link

[Bug]: Netclient fails to join when other peer has same subnet configured as egress #1708

Open Ruakij opened 2 years ago

Ruakij commented 2 years ago

Contact Details

No response

What happened?

Environment:

2x Netclient in same subnet 1x Netmaker-server somewhere else

Netmaker-network servers is using 10.2.0.0/24

Both Netclients are connected over 10.1.0.0/24 (their local network). Routing-table:

default via 10.1.0.1 dev eth0 
10.1.0.0/24 dev eth0 proto kernel scope link

Problem:

Netclient-1 has 10.1.0.0/24 configured as egress, so other Peers can access the subnet. (Not 1 or 2 obviously, but a 3rd-one) Netclient-2 cannot join network, because adding the egress-route from Netclient-1 fails as its already set.

Errors:

[#] ip -4 route add 10.1.0.0/24 dev nm-servers
RTNETLINK answers: File exists

Possible solutions:

When netclient has a local network with same CIDR as an egress configured in the netmaker-network, the local one should be preferred. (=> the incoming route should be ignored)

Other problems could be a collision of networks e.g. local network is 10.0.0.0/16, but egress configured is 10.0.0.0/24, then the egress would take precedence.

Maybe a warning should be displayed when a collision is detected.

Version

v0.16.1

What OS are you using?

Linux

Relevant log output

[..]

[#] ip -4 route add 10.2.0.254/32 dev nm-servers
[#] ip -4 route add 10.2.0.1/32 dev nm-servers
[#] ip -4 route add 10.1.0.0/24 dev nm-servers
RTNETLINK answers: File exists
[#] ip link delete dev nm-servers 

file does not exist
[netclient] 2022-11-02 14:08:04 error installing:  could not reliably create interface, please check wg installation and retry 

[..]

Contributing guidelines

mattkasun commented 1 year ago

create all your nodes before creating the egress.