logoalt Hacker News

stevefan1999yesterday at 10:17 PM3 repliesview on HN

Is there a WireGuard equivalent that does L2 instead of L3? Need this for a virtual mesh network for homelabbing. I have this exact setup, running VXLAN or GENEVE over WireGuard tunnel using KubeSpan from Talos Linux but I simply think having L2 access would make load balancer much easier

Replies

kjuulhyesterday at 10:28 PM

You can see my reply below: https://news.ycombinator.com/item?id=46609044 I believe our setups are pretty equivalent.

I achieve load balancing by running native wireguard on a vps at hetzner, I've got a native wireguard mesh, I believe Talos can do the same, where the peers are manually set up, or via. tailscale etc. I then tell k3s that it should use the wireguard interface for vxlan, and boom my kubernetes mesh is now connected.

flannel-iface: "wg0" # Talos might have something similar.

I do use some node-labels and affinities to make sure the right pods end up in the right spot. For example the metallb annoucer always has to come from the hetzner node. As mentioned in my reply below, it takes about 20ms roundtrip back to my homelab, so my sites can take a bit of time to load, but it works pretty well otherwise, sort of similar to how cloudflare tunnels would work, except not as polished.

My setup is here if it is of help

https://git.kjuulh.io/kjuulh/clank-homelab-flux/src/branch/m...

viraptoryesterday at 10:32 PM

ZeroTier does L2.