* Re: AllowedIPs = ::/0 routes IPv4 - on Android?
2023-10-24 9:37 ` Marek Küthe
@ 2023-10-24 11:08 ` Nico Schottelius
2023-10-24 11:13 ` Valentijn Sessink
1 sibling, 0 replies; 4+ messages in thread
From: Nico Schottelius @ 2023-10-24 11:08 UTC (permalink / raw)
To: Marek Küthe; +Cc: v, wireguard
Hello Marek,
since when does ::/0 refer to IPv4 addresses? To my knowledge,
::/0 is the IPv6 all route and does not include any IPv4.
Best regards,
Nico
Marek Küthe <m-k-mailling-list@mk16.de> writes:
> [[PGP Signed Part:Undecided]]
> Hello Valentijn,
>
> ::/0 does not describe no IPv4 address, but all IP addresses. So when
> you write ::/0, all IPv4 addresses are routed through the tunnel. If
> you don't want IPv4 routes, you can simply omit them in AllowedIPs (so
> only put IPv6 addresses there, or only address which should go through
> the tunnel).
>
> Greetings
> Marek Küthe
>
> On Tue, 5 Sep 2023 16:04:34 +0200
> Valentijn Sessink <v@sess.ink> wrote:
>
>> Hi List,
>>
>> I have a WG endpoint configured with
>> AllowedIPs = ::/0
>> ... on an Android phone.
>>
>> To my surprise, I found out that this also tries to route IPv4 addresses
>> to the other WG side.
>>
>> I was able to change that with a single "bogus" IPv4 address,
>> "AllowedIPs = ::/0, 192.0.2.99/32"
>>
>> Is this a known feature? Android 13, WireGuard for Android
>> v1.0.20230707, (from AOSP).
>>
>> Best regards,
>>
>> Valentijn
--
Sustainable and modern Infrastructures by ungleich.ch
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: AllowedIPs = ::/0 routes IPv4 - on Android?
2023-10-24 9:37 ` Marek Küthe
2023-10-24 11:08 ` Nico Schottelius
@ 2023-10-24 11:13 ` Valentijn Sessink
1 sibling, 0 replies; 4+ messages in thread
From: Valentijn Sessink @ 2023-10-24 11:13 UTC (permalink / raw)
To: Marek Küthe, wireguard
Hi Marek,
Do you have any sources for that? AFAIK, ::/0 is a convenient way to
describe "any IPv6 address".
Still, if you are correct and should ::/0 include IPv4, then the exact
same setup under Linux operates differently, because here ::/0 only
routes IPv6, not IPv4. Note the empty result for the ipv4 routing table:
# AllowedIPs = ::/0
v@lnx:~$ ip ro li ta 51820
v@lnx:~$ ip -6 ro li ta 51820
default dev wgip6 metric 1024 pref medium
# AllowedIPs = ::/0, 0.0.0.0/0
v@lnx:~$ ip ro li ta 51820
default dev wgip6 scope link
v@lnx:~$ ip -6 ro li ta 51820
default dev wgip6 metric 1024 pref medium
So the question remains: ::/0 under Android routes all IPv4 traffic to
the WG interface, while under Linux, it will only route IPv6.
Is this known behaviour?
The wg-quick manpage is ambiguous, saying that "if one of those routes
is the default route (0.0.0.0/0 or ::/0), then it uses ip-rule(8) to
handle overriding of the default gateway." No information on routing
IPv4 or IPv6 differently.
A rephrase could be something like "if one of those routes is 0.0.0.0/0,
or ::/0, it uses ip-rule(8) to handle overriding the default route for
IPv4 or IPv6 respectivally."
Best regards,
Valentijn
On 24-10-2023 11:37, Marek Küthe wrote:
> ::/0 does not describe no IPv4 address, but all IP addresses. So when
[...]
> On Tue, 5 Sep 2023 16:04:34 +0200
> Valentijn Sessink <v@sess.ink> wrote:
>> AllowedIPs = ::/0
[...]
>> To my surprise, I found out that this also tries to route IPv4 addresses
>> to the other WG side.
>> Is this a known feature? Android 13, WireGuard for Android
>> v1.0.20230707, (from AOSP).--
http://www.openoffice.nl/ Open Office - Linux Office Solutions
Valentijn Sessink v.sessink@openoffice.nl +31(0)20-4214059
^ permalink raw reply [flat|nested] 4+ messages in thread