[PATCH proxmox-ve-rs] sdn: use service endpoints for internal WireGuard peers

all lists on lists.proxmox.com
 help / color / mirror / Atom feed

* [PATCH proxmox-ve-rs] sdn: use service endpoints for internal WireGuard peers
@ 2026-05-19 19:07 Gabriel Goller
  2026-05-20  2:46 ` applied: " Thomas Lamprecht
  0 siblings, 1 reply; 2+ messages in thread
From: Gabriel Goller @ 2026-05-19 19:07 UTC (permalink / raw)
  To: pve-devel

Store internal WireGuard node and peer endpoints as full service
endpoints, including the port, and pass them through directly when
generating WireGuard peer configuration (this avoids the "ip:port:port"
construct in the wireguard config).

Update WireGuard fabric tests to use host:port endpoints for internal
nodes.

Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
---

 .../src/sdn/fabric/section_config/mod.rs          |  4 ++--
 .../fabric/section_config/protocol/wireguard.rs   |  6 +++---
 proxmox-ve-config/src/sdn/wireguard.rs            | 15 ++++-----------
 3 files changed, 9 insertions(+), 16 deletions(-)

diff --git a/proxmox-ve-config/src/sdn/fabric/section_config/mod.rs b/proxmox-ve-config/src/sdn/fabric/section_config/mod.rs
index e7134414bfa7..9833369149c2 100644
--- a/proxmox-ve-config/src/sdn/fabric/section_config/mod.rs
+++ b/proxmox-ve-config/src/sdn/fabric/section_config/mod.rs
@@ -168,13 +168,13 @@ wireguard_node: wireg_external
 
 wireguard_node: wireg_pve1
     role internal
-    endpoint 192.0.2.2
+    endpoint 192.0.2.2:51111
     interfaces name=wg0,listen_port=51111,public_key=Kay64UG8yvCyLhqU000LxzYeUm0L/hLIl5S8kyKWbdc=
     peers type=internal,node=pve2,node_iface=wg0,iface=wg0
 
 wireguard_node: wireg_pve2
     role internal
-    endpoint 192.0.2.3
+    endpoint 192.0.2.3:51111
     interfaces name=wg0,listen_port=51111,public_key=Kay64UG8yvCyLhqU000LxzYeUm0L/hLIl5S8kyKWbdc=
     peers type=internal,node=pve1,node_iface=wg0,iface=wg0
 "#;
diff --git a/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs b/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs
index 0c32c0c747f8..f01b7e73a406 100644
--- a/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs
+++ b/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs
@@ -34,7 +34,7 @@ use std::ops::{Deref, DerefMut};
 use anyhow::Result;
 
 use const_format::concatcp;
-use proxmox_network_types::endpoint::{HostnameOrIpAddr, ServiceEndpoint};
+use proxmox_network_types::endpoint::ServiceEndpoint;
 use proxmox_network_types::ip_address::{Cidr, Ipv4Cidr, Ipv6Cidr};
 use proxmox_schema::api_types::CIDR_SCHEMA;
 use proxmox_schema::{api, property_string::PropertyString, ApiStringFormat, Updater, UpdaterType};
@@ -274,7 +274,7 @@ pub struct InternalWireGuardNode {
     /// The endpoint used for connecting to this node.
     #[serde(default, skip_serializing_if = "Option::is_none")]
     #[updater(serde(skip_serializing_if = "Option::is_none"))]
-    pub(crate) endpoint: Option<HostnameOrIpAddr>,
+    pub(crate) endpoint: Option<ServiceEndpoint>,
 
     /// The interfaces that should get created on this node.
     #[serde(default, skip_serializing_if = "Vec::is_empty")]
@@ -378,7 +378,7 @@ pub struct InternalPeer {
     /// Override for the endpoint settings in the node section.
     #[serde(default, skip_serializing_if = "Option::is_none")]
     #[updater(serde(skip_serializing_if = "Option::is_none"))]
-    pub(crate) endpoint: Option<HostnameOrIpAddr>,
+    pub(crate) endpoint: Option<ServiceEndpoint>,
     /// Additional allowed IPs for this peer
     #[serde(default, skip_serializing_if = "Vec::is_empty")]
     #[updater(serde(skip_serializing_if = "Option::is_none"))]
diff --git a/proxmox-ve-config/src/sdn/wireguard.rs b/proxmox-ve-config/src/sdn/wireguard.rs
index 61be336e1dfb..6182944375b4 100644
--- a/proxmox-ve-config/src/sdn/wireguard.rs
+++ b/proxmox-ve-config/src/sdn/wireguard.rs
@@ -3,7 +3,6 @@ use std::ops::Deref;
 
 use anyhow::bail;
 
-use proxmox_network_types::endpoint::ServiceEndpoint;
 use proxmox_network_types::ip_address::{Ipv4Cidr, Ipv6Cidr};
 use proxmox_sdn_types::wireguard::PersistentKeepalive;
 use proxmox_wireguard::{WireGuardConfig, WireGuardInterface, WireGuardPeer};
@@ -90,14 +89,8 @@ impl WireGuardConfigBuilder {
 
                             let endpoint = peer
                                 .endpoint
-                                .as_ref()
-                                .or(wireguard_node.endpoint.as_ref())
-                                .map(|endpoint| {
-                                    ServiceEndpoint::new(
-                                        endpoint.to_string(),
-                                        peer_interface.listen_port,
-                                    )
-                                });
+                                .clone()
+                                .or_else(|| wireguard_node.endpoint.clone());
 
                             let mut allowed_ips = Vec::new();
 
@@ -233,14 +226,14 @@ wireguard_node: wireg_external
 
 wireguard_node: wireg_pve1
     role internal
-    endpoint 192.0.2.2
+    endpoint 192.0.2.2:51111
     allowed_ips 203.0.113.0/25
     interfaces name=wg0,listen_port=51111,public_key=GDPUAnPOY5xGIjYXmcGyXZXbocjBr21dGQ5vwnjmdzA=,ip=198.51.100.1/24
     peers type=internal,node=pve2,node_iface=wg0,iface=wg0
 
 wireguard_node: wireg_pve2
     role internal
-    endpoint 192.0.2.3
+    endpoint 192.0.2.3:51111
     interfaces name=wg0,listen_port=51111,public_key=y0kOpXfo9ff4KoUwO3H1cRuwObbKwsK8mAkwXxNvKUc=
     peers type=internal,node=pve1,node_iface=wg0,iface=wg0
     peers type=external,node=external,iface=wg0
-- 
2.47.3





^ permalink raw reply related	[flat|nested] 2+ messages in thread

* applied: [PATCH proxmox-ve-rs] sdn: use service endpoints for internal WireGuard peers
  2026-05-19 19:07 [PATCH proxmox-ve-rs] sdn: use service endpoints for internal WireGuard peers Gabriel Goller
@ 2026-05-20  2:46 ` Thomas Lamprecht
  0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2026-05-20  2:46 UTC (permalink / raw)
  To: pve-devel, Gabriel Goller

On Tue, 19 May 2026 21:07:05 +0200, Gabriel Goller wrote:
> Store internal WireGuard node and peer endpoints as full service
> endpoints, including the port, and pass them through directly when
> generating WireGuard peer configuration (this avoids the "ip:port:port"
> construct in the wireguard config).
> 
> Update WireGuard fabric tests to use host:port endpoints for internal
> nodes.
> 
> [...]

The previous port-less endpoint format already shipped in libpve-network-perl
1.5.0, so I added a migration there (1.6.3) that fills in the port when reading
those older entries, keeping (most, well the sensible ones) existing fabrics
working after an upgrade.  pve-manager also got a separate endpoint-port field
to match.

Applied, thanks!

[1/1] sdn: use service endpoints for internal WireGuard peers
      commit: 1f5e778b10aebf71e90e41dea3d5763f5b2752b8




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-05-20  2:50 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-19 19:07 [PATCH proxmox-ve-rs] sdn: use service endpoints for internal WireGuard peers Gabriel Goller
2026-05-20  2:46 ` applied: " Thomas Lamprecht

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal