[PATCH proxmox-ve-rs] sdn: use service endpoints for internal WireGuard peers

public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed

* [PATCH proxmox-ve-rs] sdn: use service endpoints for internal WireGuard peers
@ 2026-05-19 19:07 Gabriel Goller
  2026-05-20  2:46 ` applied: " Thomas Lamprecht
  0 siblings, 1 reply; 2+ messages in thread
From: Gabriel Goller @ 2026-05-19 19:07 UTC (permalink / raw)
  To: pve-devel

Store internal WireGuard node and peer endpoints as full service
endpoints, including the port, and pass them through directly when
generating WireGuard peer configuration (this avoids the "ip:port:port"
construct in the wireguard config).

Update WireGuard fabric tests to use host:port endpoints for internal
nodes.

Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
---

 .../src/sdn/fabric/section_config/mod.rs          |  4 ++--
 .../fabric/section_config/protocol/wireguard.rs   |  6 +++---
 proxmox-ve-config/src/sdn/wireguard.rs            | 15 ++++-----------
 3 files changed, 9 insertions(+), 16 deletions(-)

diff --git a/proxmox-ve-config/src/sdn/fabric/section_config/mod.rs b/proxmox-ve-config/src/sdn/fabric/section_config/mod.rs
index e7134414bfa7..9833369149c2 100644
--- a/proxmox-ve-config/src/sdn/fabric/section_config/mod.rs
+++ b/proxmox-ve-config/src/sdn/fabric/section_config/mod.rs
@@ -168,13 +168,13 @@ wireguard_node: wireg_external
 
 wireguard_node: wireg_pve1
     role internal
-    endpoint 192.0.2.2
+    endpoint 192.0.2.2:51111
     interfaces name=wg0,listen_port=51111,public_key=Kay64UG8yvCyLhqU000LxzYeUm0L/hLIl5S8kyKWbdc=
     peers type=internal,node=pve2,node_iface=wg0,iface=wg0
 
 wireguard_node: wireg_pve2
     role internal
-    endpoint 192.0.2.3
+    endpoint 192.0.2.3:51111
     interfaces name=wg0,listen_port=51111,public_key=Kay64UG8yvCyLhqU000LxzYeUm0L/hLIl5S8kyKWbdc=
     peers type=internal,node=pve1,node_iface=wg0,iface=wg0
 "#;
diff --git a/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs b/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs
index 0c32c0c747f8..f01b7e73a406 100644
--- a/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs
+++ b/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs
@@ -34,7 +34,7 @@ use std::ops::{Deref, DerefMut};
 use anyhow::Result;
 
 use const_format::concatcp;
-use proxmox_network_types::endpoint::{HostnameOrIpAddr, ServiceEndpoint};
+use proxmox_network_types::endpoint::ServiceEndpoint;
 use proxmox_network_types::ip_address::{Cidr, Ipv4Cidr, Ipv6Cidr};
 use proxmox_schema::api_types::CIDR_SCHEMA;
 use proxmox_schema::{api, property_string::PropertyString, ApiStringFormat, Updater, UpdaterType};
@@ -274,7 +274,7 @@ pub struct InternalWireGuardNode {
     /// The endpoint used for connecting to this node.
     #[serde(default, skip_serializing_if = "Option::is_none")]
     #[updater(serde(skip_serializing_if = "Option::is_none"))]
-    pub(crate) endpoint: Option<HostnameOrIpAddr>,
+    pub(crate) endpoint: Option<ServiceEndpoint>,
 
     /// The interfaces that should get created on this node.
     #[serde(default, skip_serializing_if = "Vec::is_empty")]
@@ -378,7 +378,7 @@ pub struct InternalPeer {
     /// Override for the endpoint settings in the node section.
     #[serde(default, skip_serializing_if = "Option::is_none")]
     #[updater(serde(skip_serializing_if = "Option::is_none"))]
-    pub(crate) endpoint: Option<HostnameOrIpAddr>,
+    pub(crate) endpoint: Option<ServiceEndpoint>,
     /// Additional allowed IPs for this peer
     #[serde(default, skip_serializing_if = "Vec::is_empty")]
     #[updater(serde(skip_serializing_if = "Option::is_none"))]
diff --git a/proxmox-ve-config/src/sdn/wireguard.rs b/proxmox-ve-config/src/sdn/wireguard.rs
index 61be336e1dfb..6182944375b4 100644
--- a/proxmox-ve-config/src/sdn/wireguard.rs
+++ b/proxmox-ve-config/src/sdn/wireguard.rs
@@ -3,7 +3,6 @@ use std::ops::Deref;
 
 use anyhow::bail;
 
-use proxmox_network_types::endpoint::ServiceEndpoint;
 use proxmox_network_types::ip_address::{Ipv4Cidr, Ipv6Cidr};
 use proxmox_sdn_types::wireguard::PersistentKeepalive;
 use proxmox_wireguard::{WireGuardConfig, WireGuardInterface, WireGuardPeer};
@@ -90,14 +89,8 @@ impl WireGuardConfigBuilder {
 
                             let endpoint = peer
                                 .endpoint
-                                .as_ref()
-                                .or(wireguard_node.endpoint.as_ref())
-                                .map(|endpoint| {
-                                    ServiceEndpoint::new(
-                                        endpoint.to_string(),
-                                        peer_interface.listen_port,
-                                    )
-                                });
+                                .clone()
+                                .or_else(|| wireguard_node.endpoint.clone());
 
                             let mut allowed_ips = Vec::new();
 
@@ -233,14 +226,14 @@ wireguard_node: wireg_external
 
 wireguard_node: wireg_pve1
     role internal
-    endpoint 192.0.2.2
+    endpoint 192.0.2.2:51111
     allowed_ips 203.0.113.0/25
     interfaces name=wg0,listen_port=51111,public_key=GDPUAnPOY5xGIjYXmcGyXZXbocjBr21dGQ5vwnjmdzA=,ip=198.51.100.1/24
     peers type=internal,node=pve2,node_iface=wg0,iface=wg0
 
 wireguard_node: wireg_pve2
     role internal
-    endpoint 192.0.2.3
+    endpoint 192.0.2.3:51111
     interfaces name=wg0,listen_port=51111,public_key=y0kOpXfo9ff4KoUwO3H1cRuwObbKwsK8mAkwXxNvKUc=
     peers type=internal,node=pve1,node_iface=wg0,iface=wg0
     peers type=external,node=external,iface=wg0
-- 
2.47.3





^ permalink raw reply related	[flat|nested] 2+ messages in thread

* applied: [PATCH proxmox-ve-rs] sdn: use service endpoints for internal WireGuard peers
  2026-05-19 19:07 [PATCH proxmox-ve-rs] sdn: use service endpoints for internal WireGuard peers Gabriel Goller
@ 2026-05-20  2:46 ` Thomas Lamprecht
  0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2026-05-20  2:46 UTC (permalink / raw)
  To: pve-devel, Gabriel Goller

On Tue, 19 May 2026 21:07:05 +0200, Gabriel Goller wrote:
> Store internal WireGuard node and peer endpoints as full service
> endpoints, including the port, and pass them through directly when
> generating WireGuard peer configuration (this avoids the "ip:port:port"
> construct in the wireguard config).
> 
> Update WireGuard fabric tests to use host:port endpoints for internal
> nodes.
> 
> [...]

The previous port-less endpoint format already shipped in libpve-network-perl
1.5.0, so I added a migration there (1.6.3) that fills in the port when reading
those older entries, keeping (most, well the sensible ones) existing fabrics
working after an upgrade.  pve-manager also got a separate endpoint-port field
to match.

Applied, thanks!

[1/1] sdn: use service endpoints for internal WireGuard peers
      commit: 1f5e778b10aebf71e90e41dea3d5763f5b2752b8




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-05-20  2:50 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-19 19:07 [PATCH proxmox-ve-rs] sdn: use service endpoints for internal WireGuard peers Gabriel Goller
2026-05-20  2:46 ` applied: " Thomas Lamprecht

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal