* [PATCH proxmox-ve-rs] sdn: use service endpoints for internal WireGuard peers
@ 2026-05-19 19:07 Gabriel Goller
0 siblings, 0 replies; only message in thread
From: Gabriel Goller @ 2026-05-19 19:07 UTC (permalink / raw)
To: pve-devel
Store internal WireGuard node and peer endpoints as full service
endpoints, including the port, and pass them through directly when
generating WireGuard peer configuration (this avoids the "ip:port:port"
construct in the wireguard config).
Update WireGuard fabric tests to use host:port endpoints for internal
nodes.
Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
---
.../src/sdn/fabric/section_config/mod.rs | 4 ++--
.../fabric/section_config/protocol/wireguard.rs | 6 +++---
proxmox-ve-config/src/sdn/wireguard.rs | 15 ++++-----------
3 files changed, 9 insertions(+), 16 deletions(-)
diff --git a/proxmox-ve-config/src/sdn/fabric/section_config/mod.rs b/proxmox-ve-config/src/sdn/fabric/section_config/mod.rs
index e7134414bfa7..9833369149c2 100644
--- a/proxmox-ve-config/src/sdn/fabric/section_config/mod.rs
+++ b/proxmox-ve-config/src/sdn/fabric/section_config/mod.rs
@@ -168,13 +168,13 @@ wireguard_node: wireg_external
wireguard_node: wireg_pve1
role internal
- endpoint 192.0.2.2
+ endpoint 192.0.2.2:51111
interfaces name=wg0,listen_port=51111,public_key=Kay64UG8yvCyLhqU000LxzYeUm0L/hLIl5S8kyKWbdc=
peers type=internal,node=pve2,node_iface=wg0,iface=wg0
wireguard_node: wireg_pve2
role internal
- endpoint 192.0.2.3
+ endpoint 192.0.2.3:51111
interfaces name=wg0,listen_port=51111,public_key=Kay64UG8yvCyLhqU000LxzYeUm0L/hLIl5S8kyKWbdc=
peers type=internal,node=pve1,node_iface=wg0,iface=wg0
"#;
diff --git a/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs b/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs
index 0c32c0c747f8..f01b7e73a406 100644
--- a/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs
+++ b/proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs
@@ -34,7 +34,7 @@ use std::ops::{Deref, DerefMut};
use anyhow::Result;
use const_format::concatcp;
-use proxmox_network_types::endpoint::{HostnameOrIpAddr, ServiceEndpoint};
+use proxmox_network_types::endpoint::ServiceEndpoint;
use proxmox_network_types::ip_address::{Cidr, Ipv4Cidr, Ipv6Cidr};
use proxmox_schema::api_types::CIDR_SCHEMA;
use proxmox_schema::{api, property_string::PropertyString, ApiStringFormat, Updater, UpdaterType};
@@ -274,7 +274,7 @@ pub struct InternalWireGuardNode {
/// The endpoint used for connecting to this node.
#[serde(default, skip_serializing_if = "Option::is_none")]
#[updater(serde(skip_serializing_if = "Option::is_none"))]
- pub(crate) endpoint: Option<HostnameOrIpAddr>,
+ pub(crate) endpoint: Option<ServiceEndpoint>,
/// The interfaces that should get created on this node.
#[serde(default, skip_serializing_if = "Vec::is_empty")]
@@ -378,7 +378,7 @@ pub struct InternalPeer {
/// Override for the endpoint settings in the node section.
#[serde(default, skip_serializing_if = "Option::is_none")]
#[updater(serde(skip_serializing_if = "Option::is_none"))]
- pub(crate) endpoint: Option<HostnameOrIpAddr>,
+ pub(crate) endpoint: Option<ServiceEndpoint>,
/// Additional allowed IPs for this peer
#[serde(default, skip_serializing_if = "Vec::is_empty")]
#[updater(serde(skip_serializing_if = "Option::is_none"))]
diff --git a/proxmox-ve-config/src/sdn/wireguard.rs b/proxmox-ve-config/src/sdn/wireguard.rs
index 61be336e1dfb..6182944375b4 100644
--- a/proxmox-ve-config/src/sdn/wireguard.rs
+++ b/proxmox-ve-config/src/sdn/wireguard.rs
@@ -3,7 +3,6 @@ use std::ops::Deref;
use anyhow::bail;
-use proxmox_network_types::endpoint::ServiceEndpoint;
use proxmox_network_types::ip_address::{Ipv4Cidr, Ipv6Cidr};
use proxmox_sdn_types::wireguard::PersistentKeepalive;
use proxmox_wireguard::{WireGuardConfig, WireGuardInterface, WireGuardPeer};
@@ -90,14 +89,8 @@ impl WireGuardConfigBuilder {
let endpoint = peer
.endpoint
- .as_ref()
- .or(wireguard_node.endpoint.as_ref())
- .map(|endpoint| {
- ServiceEndpoint::new(
- endpoint.to_string(),
- peer_interface.listen_port,
- )
- });
+ .clone()
+ .or_else(|| wireguard_node.endpoint.clone());
let mut allowed_ips = Vec::new();
@@ -233,14 +226,14 @@ wireguard_node: wireg_external
wireguard_node: wireg_pve1
role internal
- endpoint 192.0.2.2
+ endpoint 192.0.2.2:51111
allowed_ips 203.0.113.0/25
interfaces name=wg0,listen_port=51111,public_key=GDPUAnPOY5xGIjYXmcGyXZXbocjBr21dGQ5vwnjmdzA=,ip=198.51.100.1/24
peers type=internal,node=pve2,node_iface=wg0,iface=wg0
wireguard_node: wireg_pve2
role internal
- endpoint 192.0.2.3
+ endpoint 192.0.2.3:51111
interfaces name=wg0,listen_port=51111,public_key=y0kOpXfo9ff4KoUwO3H1cRuwObbKwsK8mAkwXxNvKUc=
peers type=internal,node=pve1,node_iface=wg0,iface=wg0
peers type=external,node=external,iface=wg0
--
2.47.3
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-05-19 19:07 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-19 19:07 [PATCH proxmox-ve-rs] sdn: use service endpoints for internal WireGuard peers Gabriel Goller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox