I have a small cluster of 2 PVE nodes that in many ways mirror each other, unfortunately also in this very perplexing issue…
They are both set up with an OpenWrt VM with a WireGuard VPN interface, and all (OpenWrt) LAN traffic routed through that interface.
Other VM's connected to either of those LAN interfaces work perfectly, with measured speeds at ~400 Mb/s through WireGuard, both up and down.
(The Realtime Graphs tool in OpenWrt confirms those numbers on the LAN and VPN interfaces. The Network Diagnostics works perfectly as well.)
But every single LXC, connected to the same (OpenWrt) LAN interfaces, hit's a brick wall: no traffic what so ever though WireGuard!
If I switch them over to either OpenWrt WAN interface (i.e. the homelab LAN or DMZ interface) traffic is restored in a second.
Switch them back to use WG: dead as dodos.
Both OpenWrt instances are set up the same, and relays DHCP requests for the LAN interface to a Technitium DNS/DHCP Server, so all clients gets served identical IP settings. (Something I've checked and confirmed several times over.)
But with very different results regarding WireGuard: VM's work, while LXC's don't…
I've spent the last week trying to solve this, without getting anywhere. Hope someone here can give me some pointers!
// Håkan
They are both set up with an OpenWrt VM with a WireGuard VPN interface, and all (OpenWrt) LAN traffic routed through that interface.
Other VM's connected to either of those LAN interfaces work perfectly, with measured speeds at ~400 Mb/s through WireGuard, both up and down.
(The Realtime Graphs tool in OpenWrt confirms those numbers on the LAN and VPN interfaces. The Network Diagnostics works perfectly as well.)
But every single LXC, connected to the same (OpenWrt) LAN interfaces, hit's a brick wall: no traffic what so ever though WireGuard!
If I switch them over to either OpenWrt WAN interface (i.e. the homelab LAN or DMZ interface) traffic is restored in a second.
Switch them back to use WG: dead as dodos.
Both OpenWrt instances are set up the same, and relays DHCP requests for the LAN interface to a Technitium DNS/DHCP Server, so all clients gets served identical IP settings. (Something I've checked and confirmed several times over.)
But with very different results regarding WireGuard: VM's work, while LXC's don't…
I've spent the last week trying to solve this, without getting anywhere. Hope someone here can give me some pointers!
// Håkan