* [PATCH proxmox-ve-rs] sdn: use service endpoints for internal WireGuard peers
@ 2026-05-19 19:07 Gabriel Goller
0 siblings, 0 replies; only message in thread
From: Gabriel Goller @ 2026-05-19 19:07 UTC (permalink / raw)
To: pve-devel
Store internal WireGuard node and peer endpoints as full service
endpoints, including the port, and pass them through directly when
generating WireGuard peer configuration (this avoids the "ip:port:port"
construct in the wireguard config).
Update WireGuard fabric tests to use host:port endpoints for internal
nodes.
Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
---
.../src/sdn/fabric/section_config/mod.rs | 4 ++--
.../fabric/section_config/protocol/wireguard.rs | 6 +++---
proxmox-ve-config/src/sdn/wireguard.rs | 15 ++++-----------
3 files changed, 9 insertions(+), 16 deletions(-)
diff --git a/proxmox-ve-config/src/sdn/fabric/section_config/mod.rs b/proxmox-ve-config/src/sdn/fabric/section_config/mod.rs
index e7134414bfa7..9833369149c2 100644
--- a/proxmox-ve-config/src/sdn/fabric/section_config/mod.rs
+++ b/proxmox-ve-config/src/sdn/fabric/section_config/mod.rs
@@ -168,13 +168,13 @@ wireguard_node: wireg_external
wireguard_node: wireg_pve1
role internal
- endpoint 192.0.2.2
+ endpoint 192.0.2.2:51111
interfaces name=wg0,listen_port=51111,public_key=Kay64UG8yvCyLhqU000LxzYeUm0L/hLIl5S8kyKWbdc=
peers type=internal,node=pve2,node_iface=wg0,iface=wg0
wireguard_node: wireg_pve2
role internal
- endpoint 192.0.2.3
+ endpoint 192.0.2.3:51111
interfaces name=wg0,listen_port=51111,public_key=Kay64UG8yvCyLhqU000LxzYeUm0L/hLIl5S8kyKWbdc=
peers type=internal,node=pve1,node_iface=wg0,iface=wg0
"#;
diff --git a/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs b/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs
index 0c32c0c747f8..f01b7e73a406 100644
--- a/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs
+++ b/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs
@@ -34,7 +34,7 @@ use std::ops::{Deref, DerefMut};
use anyhow::Result;
use const_format::concatcp;
-use proxmox_network_types::endpoint::{HostnameOrIpAddr, ServiceEndpoint};
+use proxmox_network_types::endpoint::ServiceEndpoint;
use proxmox_network_types::ip_address::{Cidr, Ipv4Cidr, Ipv6Cidr};
use proxmox_schema::api_types::CIDR_SCHEMA;
use proxmox_schema::{api, property_string::PropertyString, ApiStringFormat, Updater, UpdaterType};
@@ -274,7 +274,7 @@ pub struct InternalWireGuardNode {
/// The endpoint used for connecting to this node.
#[serde(default, skip_serializing_if = "Option::is_none")]
#[updater(serde(skip_serializing_if = "Option::is_none"))]
- pub(crate) endpoint: Option<HostnameOrIpAddr>,
+ pub(crate) endpoint: Option<ServiceEndpoint>,
/// The interfaces that should get created on this node.
#[serde(default, skip_serializing_if = "Vec::is_empty")]
@@ -378,7 +378,7 @@ pub struct InternalPeer {
/// Override for the endpoint settings in the node section.
#[serde(default, skip_serializing_if = "Option::is_none")]
#[updater(serde(skip_serializing_if = "Option::is_none"))]
- pub(crate) endpoint: Option<HostnameOrIpAddr>,
+ pub(crate) endpoint: Option<ServiceEndpoint>,
/// Additional allowed IPs for this peer
#[serde(default, skip_serializing_if = "Vec::is_empty")]
#[updater(serde(skip_serializing_if = "Option::is_none"))]
diff --git a/proxmox-ve-config/src/sdn/wireguard.rs b/proxmox-ve-config/src/sdn/wireguard.rs
index 61be336e1dfb..6182944375b4 100644
--- a/proxmox-ve-config/src/sdn/wireguard.rs
+++ b/proxmox-ve-config/src/sdn/wireguard.rs
@@ -3,7 +3,6 @@ use std::ops::Deref;
use anyhow::bail;
-use proxmox_network_types::endpoint::ServiceEndpoint;
use proxmox_network_types::ip_address::{Ipv4Cidr, Ipv6Cidr};
use proxmox_sdn_types::wireguard::PersistentKeepalive;
use proxmox_wireguard::{WireGuardConfig, WireGuardInterface, WireGuardPeer};
@@ -90,14 +89,8 @@ impl WireGuardConfigBuilder {
let endpoint = peer
.endpoint
- .as_ref()
- .or(wireguard_node.endpoint.as_ref())
- .map(|endpoint| {
- ServiceEndpoint::new(
- endpoint.to_string(),
- peer_interface.listen_port,
- )
- });
+ .clone()
+ .or_else(|| wireguard_node.endpoint.clone());
let mut allowed_ips = Vec::new();
@@ -233,14 +226,14 @@ wireguard_node: wireg_external
wireguard_node: wireg_pve1
role internal
- endpoint 192.0.2.2
+ endpoint 192.0.2.2:51111
allowed_ips 203.0.113.0/25
interfaces name=wg0,listen_port=51111,public_key=GDPUAnPOY5xGIjYXmcGyXZXbocjBr21dGQ5vwnjmdzA=,ip=198.51.100.1/24
peers type=internal,node=pve2,node_iface=wg0,iface=wg0
wireguard_node: wireg_pve2
role internal
- endpoint 192.0.2.3
+ endpoint 192.0.2.3:51111
interfaces name=wg0,listen_port=51111,public_key=y0kOpXfo9ff4KoUwO3H1cRuwObbKwsK8mAkwXxNvKUc=
peers type=internal,node=pve1,node_iface=wg0,iface=wg0
peers type=external,node=external,iface=wg0
--
2.47.3
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-05-19 19:07 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-19 19:07 [PATCH proxmox-ve-rs] sdn: use service endpoints for internal WireGuard peers Gabriel Goller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.