From: Gabriel Goller <g.goller@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH proxmox-ve-rs] sdn: use service endpoints for internal WireGuard peers
Date: Tue, 19 May 2026 21:07:05 +0200 [thread overview]
Message-ID: <20260519190708.266138-1-g.goller@proxmox.com> (raw)
Store internal WireGuard node and peer endpoints as full service
endpoints, including the port, and pass them through directly when
generating WireGuard peer configuration (this avoids the "ip:port:port"
construct in the wireguard config).
Update WireGuard fabric tests to use host:port endpoints for internal
nodes.
Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
---
.../src/sdn/fabric/section_config/mod.rs | 4 ++--
.../fabric/section_config/protocol/wireguard.rs | 6 +++---
proxmox-ve-config/src/sdn/wireguard.rs | 15 ++++-----------
3 files changed, 9 insertions(+), 16 deletions(-)
diff --git a/proxmox-ve-config/src/sdn/fabric/section_config/mod.rs b/proxmox-ve-config/src/sdn/fabric/section_config/mod.rs
index e7134414bfa7..9833369149c2 100644
--- a/proxmox-ve-config/src/sdn/fabric/section_config/mod.rs
+++ b/proxmox-ve-config/src/sdn/fabric/section_config/mod.rs
@@ -168,13 +168,13 @@ wireguard_node: wireg_external
wireguard_node: wireg_pve1
role internal
- endpoint 192.0.2.2
+ endpoint 192.0.2.2:51111
interfaces name=wg0,listen_port=51111,public_key=Kay64UG8yvCyLhqU000LxzYeUm0L/hLIl5S8kyKWbdc=
peers type=internal,node=pve2,node_iface=wg0,iface=wg0
wireguard_node: wireg_pve2
role internal
- endpoint 192.0.2.3
+ endpoint 192.0.2.3:51111
interfaces name=wg0,listen_port=51111,public_key=Kay64UG8yvCyLhqU000LxzYeUm0L/hLIl5S8kyKWbdc=
peers type=internal,node=pve1,node_iface=wg0,iface=wg0
"#;
diff --git a/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs b/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs
index 0c32c0c747f8..f01b7e73a406 100644
--- a/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs
+++ b/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs
@@ -34,7 +34,7 @@ use std::ops::{Deref, DerefMut};
use anyhow::Result;
use const_format::concatcp;
-use proxmox_network_types::endpoint::{HostnameOrIpAddr, ServiceEndpoint};
+use proxmox_network_types::endpoint::ServiceEndpoint;
use proxmox_network_types::ip_address::{Cidr, Ipv4Cidr, Ipv6Cidr};
use proxmox_schema::api_types::CIDR_SCHEMA;
use proxmox_schema::{api, property_string::PropertyString, ApiStringFormat, Updater, UpdaterType};
@@ -274,7 +274,7 @@ pub struct InternalWireGuardNode {
/// The endpoint used for connecting to this node.
#[serde(default, skip_serializing_if = "Option::is_none")]
#[updater(serde(skip_serializing_if = "Option::is_none"))]
- pub(crate) endpoint: Option<HostnameOrIpAddr>,
+ pub(crate) endpoint: Option<ServiceEndpoint>,
/// The interfaces that should get created on this node.
#[serde(default, skip_serializing_if = "Vec::is_empty")]
@@ -378,7 +378,7 @@ pub struct InternalPeer {
/// Override for the endpoint settings in the node section.
#[serde(default, skip_serializing_if = "Option::is_none")]
#[updater(serde(skip_serializing_if = "Option::is_none"))]
- pub(crate) endpoint: Option<HostnameOrIpAddr>,
+ pub(crate) endpoint: Option<ServiceEndpoint>,
/// Additional allowed IPs for this peer
#[serde(default, skip_serializing_if = "Vec::is_empty")]
#[updater(serde(skip_serializing_if = "Option::is_none"))]
diff --git a/proxmox-ve-config/src/sdn/wireguard.rs b/proxmox-ve-config/src/sdn/wireguard.rs
index 61be336e1dfb..6182944375b4 100644
--- a/proxmox-ve-config/src/sdn/wireguard.rs
+++ b/proxmox-ve-config/src/sdn/wireguard.rs
@@ -3,7 +3,6 @@ use std::ops::Deref;
use anyhow::bail;
-use proxmox_network_types::endpoint::ServiceEndpoint;
use proxmox_network_types::ip_address::{Ipv4Cidr, Ipv6Cidr};
use proxmox_sdn_types::wireguard::PersistentKeepalive;
use proxmox_wireguard::{WireGuardConfig, WireGuardInterface, WireGuardPeer};
@@ -90,14 +89,8 @@ impl WireGuardConfigBuilder {
let endpoint = peer
.endpoint
- .as_ref()
- .or(wireguard_node.endpoint.as_ref())
- .map(|endpoint| {
- ServiceEndpoint::new(
- endpoint.to_string(),
- peer_interface.listen_port,
- )
- });
+ .clone()
+ .or_else(|| wireguard_node.endpoint.clone());
let mut allowed_ips = Vec::new();
@@ -233,14 +226,14 @@ wireguard_node: wireg_external
wireguard_node: wireg_pve1
role internal
- endpoint 192.0.2.2
+ endpoint 192.0.2.2:51111
allowed_ips 203.0.113.0/25
interfaces name=wg0,listen_port=51111,public_key=GDPUAnPOY5xGIjYXmcGyXZXbocjBr21dGQ5vwnjmdzA=,ip=198.51.100.1/24
peers type=internal,node=pve2,node_iface=wg0,iface=wg0
wireguard_node: wireg_pve2
role internal
- endpoint 192.0.2.3
+ endpoint 192.0.2.3:51111
interfaces name=wg0,listen_port=51111,public_key=y0kOpXfo9ff4KoUwO3H1cRuwObbKwsK8mAkwXxNvKUc=
peers type=internal,node=pve1,node_iface=wg0,iface=wg0
peers type=external,node=external,iface=wg0
--
2.47.3
reply other threads:[~2026-05-19 19:07 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260519190708.266138-1-g.goller@proxmox.com \
--to=g.goller@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.