Wireguard , udp2raw and traefik. No docker. Error while dialing backend error="dial udp: lookup udp/51820/udp: unknown port"

I've always used CentOS7.
The relevant configuration is shown in the figure.

001911×1053 190 KB

[root@traefik0 ~]# tcpdump -i ens36
ARP, Request who-has traefik0 tell udp2raw0, length 46
ARP, Reply traefik0  is-at 00:0c:29:ef:4f:c8 (oui Unknown), length 28
IP udp2raw0.52259 > traefik0.51820: UDP, length 148
IP udp2raw0 .52259 > traefik0.51820: UDP, length 148


[root@traefik0 ~]# cat traefik/traefik.log
INF github.com/traefik/traefik/v3/cmd/traefik/traefik.go:101 > Traefik version 3.0.0-rc1 built on 2024-02-13T13:41:20Z version=3.0.0-rc1
DBG github.com/traefik/traefik/v3/cmd/traefik/traefik.go:108 > Static configuration loaded [json] staticConfiguration={"api":{},"entryPoints":{"wireguard":{"address":":51820/udp","forwardedHeaders":{},"http":{},"http2":{"maxConcurrentStreams":250},"transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"idleTimeout":"3m0s"}},"udp":{"timeout":"3s"}}},"global":{"checkNewVersion":true},"log":{"filePath":"traefik/traefik.log","format":"common","level":"DEBUG"},"providers":{"file":{"filename":"dynamic.yml","watch":true},"providersThrottleDuration":"2s"},"serversTransport":{"maxIdleConnsPerHost":200},"tcpServersTransport":{"dialKeepAlive":"15s","dialTimeout":"30s"}}
INF github.com/traefik/traefik/v3/cmd/traefik/traefik.go:599 >
Stats collection is disabled.
Help us improve Traefik by turning this feature on :)
More details on: https://doc.traefik.io/traefik/contributing/data-collection/

INF github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:73 > Starting provider aggregator aggregator.ProviderAggregator
DBG github.com/traefik/traefik/v3/pkg/server/server_entrypoint_udp.go:100 > Start UDP Server entryPointName=wireguard
INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > Starting provider *file.Provider
DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:204 > *file.Provider provider configuration config={"filename":"dynamic.yml","watch":true}
DBG github.com/traefik/traefik/v3/pkg/provider/file/file.go:122 > add watcher on: .
DBG github.com/traefik/traefik/v3/pkg/provider/file/file.go:122 > add watcher on: dynamic.yml
INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > Starting provider *traefik.Provider
DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:204 > *traefik.Provider provider configuration config={}
DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{"serversTransports":{"default":{"maxIdleConnsPerHost":200}},"services":{"api":{},"noop":{}}},"tcp":{"serversTransports":{"default":{"dialKeepAlive":"15s","dialTimeout":"30s"}}},"tls":{},"udp":{}} providerName=internal
DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{},"tcp":{},"tls":{},"udp":{"routers":{"wg-in":{"entryPoints":["wireguard"],"service":"wg-in"}},"services":{"wg-in":{"loadBalancer":{"servers":[{"address":“wg0:51820/udp"}]}}}}} providerName=file
INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > Starting provider *acme.ChallengeTLSALPN
DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:204 > *acme.ChallengeTLSALPN provider configuration config={}
DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:320 > No default certificate, fallback to the internal generated certificate tlsStoreName=default
DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:320 > No default certificate, fallback to the internal generated certificate tlsStoreName=default
DBG github.com/traefik/traefik/v3/pkg/server/service/udp/service.go:71 > Creating UDP server entryPointName=wireguard routerName=wg-in@file serverAddress=wg0:51820/udp serverIndex=0 serviceName=wg-in@file


**> DBG github.com/traefik/traefik/v3/pkg/udp/proxy.go:23 > Handling UDP stream from udp2raw0.52259  to wg0:51820/udp**
**> ERR github.com/traefik/traefik/v3/pkg/udp/proxy.go:30 > Error while dialing backend error="dial udp: lookup udp/51820/udp: unknown port"**

How to fix this error？

In fact, I'm not sure if I'm doing the right thing. If it's not right, what should I do？
thinks.

Service target address might be wrong, remove /udp (link):

## Dynamic configuration
udp:
  services:
    app:
      weighted:
        services:
        - name: appv1
          weight: 3
        - name: appv2
          weight: 1

    appv1:
      loadBalancer:
        servers:
        - address: "xxx.xxx.xxx.xxx:8080"

    appv2:
      loadBalancer:
        servers:
        - address: "xxx.xxx.xxx.xxx:8080"

With your help, WGs successfully achieved the handshake.

I have another question I would like to ask, if two PCs want to ping each other, is it possible to configure a round-trip forwarding route in traefiks?

ping uses ICMP, not TCP or UDP, so I don’t think Traefik can forward it.

Really appreciate your answer. On the basis of the picture, PC1 ping PC2, packet loss. I will continue to work on it and will leave a message if there is any new development.
thinks.

We use wg-easy for WireGuard, but it’s our only service (besides email), that does not go through Traefik, but can use own external ports.

When looking at your image, ping from pc1 to pc2 should go through WireGuard, so it not directly Traefik dependent.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.