Had to learn about these the hard way when trying to set up a Wireguard tunnel on machines that are also Kubernetes nodes.
Turns out that kubernetes (specifically flannel? I forget exactly) aggressively colonizes half of the fwmark namespace, and Wireguard was trying to use a value in that range. For a non networking guy that was hard to figure out.
Turns out that kubernetes (specifically flannel? I forget exactly) aggressively colonizes half of the fwmark namespace, and Wireguard was trying to use a value in that range. For a non networking guy that was hard to figure out.