Skip to content

Add WireGuard network support#2778

Open
xlmnxp wants to merge 12 commits intolxc:mainfrom
xlmnxp:wireguard-support
Open

Add WireGuard network support#2778
xlmnxp wants to merge 12 commits intolxc:mainfrom
xlmnxp:wireguard-support

Conversation

@xlmnxp
Copy link
Contributor

@xlmnxp xlmnxp commented Dec 20, 2025

  • Introduced a new network type: WireGuard.
  • Updated network type definitions and handling in various components.
  • Implemented the nicWireguard device type for managing WireGuard interfaces.
  • Added validation and configuration logic for WireGuard networks.
  • Enhanced network loading and management to include WireGuard functionality.

This update allows users to create and manage WireGuard networks within the system, expanding the networking capabilities significantly.

@xlmnxp xlmnxp requested a review from stgraber as a code owner December 20, 2025 06:12
@github-actions github-actions bot added the Documentation Documentation needs updating label Dec 20, 2025
@xlmnxp xlmnxp force-pushed the wireguard-support branch 2 times, most recently from b3f1d8b to a8d24db Compare December 20, 2025 06:18
@xlmnxp
Add WireGuard network support
bedb05d 
- Introduced a new network type: WireGuard.
- Updated network type definitions and handling in various components.
- Implemented the `nicWireguard` device type for managing WireGuard interfaces.
- Added validation and configuration logic for WireGuard networks.
- Enhanced network loading and management to include WireGuard functionality.

This update allows users to create and manage WireGuard networks within the system, expanding the networking capabilities significantly.

Signed-off-by: Salem Yaslem <[email protected]>
xlmnxp added 10 commits December 20, 2025 21:45
@xlmnxp
fix: update document lint
be89a0f 
Signed-off-by: Salem Yaslem <[email protected]>
@xlmnxp
fix: update go code to follow golint
0278e19 
Signed-off-by: Salem Yaslem <[email protected]>
@xlmnxp
lint: remove embedded field "common"
bed9607 
Signed-off-by: Salem Yaslem <[email protected]>
@xlmnxp
doc: update wordlist with new VPN technologies
827a561 
Added WireGuard, OpenVPN, and IPSec to the wordlist to enhance documentation and support for these networking technologies.

Signed-off-by: Salem Yaslem <[email protected]>
@xlmnxp
doc: update wordlist with new VPN technologies
19453c2 
Added WireGuard, OpenVPN, and IPSec to the wordlist to enhance documentation and support for these networking technologies.

Signed-off-by: Salem Yaslem <[email protected]>
@xlmnxp
update metadata
2ef1d1d 
Signed-off-by: Salem Yaslem <[email protected]>
@xlmnxp
doc: fix spellchecker
b8b8247 
Signed-off-by: Salem Yaslem <[email protected]>
@xlmnxp
doc: add detailed documentation for WireGuard NIC type
64438ad 
Signed-off-by: Salem Yaslem <[email protected]>
@xlmnxp
doc: add peers options and update metadata
da906f3 
Signed-off-by: Salem Yaslem <[email protected]>
@xlmnxp
lint: add missing new lines
6c23ab2 
Signed-off-by: Salem Yaslem <[email protected]>
@xlmnxp
Copy link
Contributor Author

xlmnxp commented Dec 22, 2025

@stgraber Hello, I currently facing issues with Tests / System checks because they fail when try to download openfga from github, I don't think it related to my contribution

@bensmrs
Copy link
Contributor

bensmrs commented Dec 22, 2025

@xlmnxp yeah that’s a known problem, unrelated to your contribution

@stgraber
Copy link
Member

stgraber commented Jan 4, 2026

I must say I'm pretty confused about what the goal is behind this network and NIC type.
I think we'd have pretty strongly benefited from having an open issue or forum thread to discuss the actual need before jumping into implementation here :)

Wireguard is a layer 3 VPN technology, Incus networks are layer 2, so the two aren't likely to mix all that well.

The usual approach would be for each server to have its own network with its own subnet, then configure Wireguard on the host (which is the router for the network) to then route those subnets between servers over the tunnel.

Could you describe your needs so we can look into the best way to meet them?

@xlmnxp
Copy link
Contributor Author

xlmnxp commented Jan 12, 2026
edited
Loading

I must say I'm pretty confused about what the goal is behind this network and NIC type. I think we'd have pretty strongly benefited from having an open issue or forum thread to discuss the actual need before jumping into implementation here :)

Wireguard is a layer 3 VPN technology, Incus networks are layer 2, so the two aren't likely to mix all that well.

The usual approach would be for each server to have its own network with its own subnet, then configure Wireguard on the host (which is the router for the network) to then route those subnets between servers over the tunnel.

Could you describe your needs so we can look into the best way to meet them?

Hello, my main issue was how to announce/distrobute the subnet to incus instances because the routed didn't do it for me, also needed a way to manage WireGuard for Incus and connect multiple cluster nodes together (as alternative for OVN)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stgraber stgraber Awaiting requested review from stgraber stgraber is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Documentation Documentation needs updating

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@xlmnxp @bensmrs @stgraber