Peers can't contact eachother over the network

[Twi]

Describe the bug I want to create a network such that peers can contact eachother as if they were on the same physical network segment.

To Reproduce Steps to reproduce the behavior:

apiVersion: v1
kind: Namespace
metadata:
  name: wireguard
---
apiVersion: vpn.wireguard-operator.io/v1alpha1
kind: Wireguard
metadata:
  name: "ponyville"
  namespace: wireguard
spec:
  mtu: "1380"
  serviceType: "NodePort"
  enableIpForwardOnPodInit: true
---
apiVersion: vpn.wireguard-operator.io/v1alpha1
kind: WireguardPeer
metadata:
  name: rainbow-dash
  namespace: wireguard
spec:
  wireguardRef: "ponyville"
---
apiVersion: vpn.wireguard-operator.io/v1alpha1
kind: WireguardPeer
metadata:
  name: rarity
  namespace: wireguard
spec:
  wireguardRef: "ponyville"

Expected behavior Node rainbow-dash to be able to ping node rarity and connect over TCP/UDP/IP.

Additional context Add any other context about the problem here.

[jodevsa]

Hi @Twi,

Thank you for openning the issue. I have tried to reproduce and at least I can verify that ICMP connectivity (ping) between the nodes is possible.

How are you verifying this?

[jodevsa]

HTTP (TCP) is also possible between the peers

[jodevsa]

Can you try to also check connectivity from the wireguard pod itself. here are some tips on how you can debug this:

find out the wireguard pod

kubectl get pods -lapp=wireguard -n NAMESPACE_YOU_USED

bash into the wireguard pod

kubectl exec -it -c agent -- bash

list connected peers

wg

list iptables rules

iptables -L

those should be similar to what I have as you haven't configured any networkpolicy

connectivity check

ping 10.8.0.2 ping 10.8.0.3

You could also do a tcpdump on the pod and analyse the logs. I'll be happy to help you debug this further and available for a quick call if needed