From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 599631FF136 for ; Mon, 04 May 2026 17:02:04 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id E066A267B1; Mon, 4 May 2026 17:02:01 +0200 (CEST) Message-ID: <6e6c5f96-3c42-40d3-8c67-95ab6dde60d7@proxmox.com> Date: Mon, 4 May 2026 17:01:27 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [RFC manager/network/proxmox{,-ve-rs,-perl-rs} v2 00/25] Add WireGuard as protocol to SDN fabrics To: pve-devel@lists.proxmox.com References: <20260402081148.76276-1-s.hanreich@proxmox.com> Content-Language: en-US From: Stefan Hanreich In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.678 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: OWFOBCMQURQ5SNZM6WM4PMIZDNOGBGXT X-Message-ID-Hash: OWFOBCMQURQ5SNZM6WM4PMIZDNOGBGXT X-MailFrom: s.hanreich@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 4/2/26 3:57 PM, Gabriel Goller wrote: > Will have a look at the code later, but some high-level (mostly ui) stuff in > the meantime: > > * when deleting a node referenced as a peer by another node, one gets this > confusing message: "deleting node failed: peer configuration references > non-existing interface (500)" (maybe include which node uses the peer) done > * "Endpoint" is a bit confusing, maybe add a tooltip or default text (same on "Allowed IPs") done, added a default text on both > * maybe a nicer error message when the first wg command (wg genkey) fails > (mention that wireguard-tools has to be installed) done > * would it be possible (and sensible) that a peer is autoselected so > bidirectional traffic is possible by default. e.g. when creating a node and > adding a peer, the new node is added as a peer in the existing nodes (which have > been selected as peers from the new node). Otherwise it's quite exhausting > right now adding a new node, selecting all the peers and then needing to go > through and edit all the other existing nodes and checking the newly > added peer. Of course it's maybe a bit magicky, but at least it improves the > usability? I guess it makes sense, but isn't necessarily required? I'd rather keep the current behavior and implement something like the "auto-fullmeshify" UI function mentioned in the cover letter in PVE/PDM. > * when generating the ifupdown2 config, a newline above `auto wg0` would be nice. done > * when setting an ipv6 address we need to add a warning "enable ipv6 forwarding > globally" like in the other fabrics. It isn't unconditionally required, since if you just configure a subnet on the interface and only want to reach the hosts inside that subnet forwarding doesn't need to be enabled. It could actually be a bit of a security issues then imo if some less-knowledgable users see the warning and then enabling routing for IPv6 on their hosts even if it isn't required. Showing this conditionally (only if required) could also be hard in the UI :/. Potentially add this to the documentation instead?