* Choosing local IP address
@ 2022-03-26 20:27 Erwan David
2022-04-22 7:13 ` Daniel
0 siblings, 1 reply; 2+ messages in thread
From: Erwan David @ 2022-03-26 20:27 UTC (permalink / raw)
To: Wireguard
Hello
I have a wireguard setup between my home router (and the home network
behind) and a distant FreeBSD servers with several jails.
I use IPv6 fir transport, but I have a routing problem because whan at
home I need to ssh to the server, and if I use for endpoint address (on
the home router) the main IPv6 address it ends up with a traffic half
out of the tunnel (from home to server), and half in the tunnel (from
server to home).
So I chose to add an IPv6 address to the server, route it outside the
tunnel and use it only for the tunnel. But I cannot specify to wireguard
on the server to use this address, thus I get packets from the main
address, my router changes the endpoint address and tunnel does not work.
How can I say to wireguard which IP address to use when sending ths
encrypted packets to the endpoint ?
--
Erwan
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Choosing local IP address
2022-03-26 20:27 Choosing local IP address Erwan David
@ 2022-04-22 7:13 ` Daniel
0 siblings, 0 replies; 2+ messages in thread
From: Daniel @ 2022-04-22 7:13 UTC (permalink / raw)
To: wireguard
Hi
Le 26/03/2022 à 21:27, Erwan David a écrit :
> Hello
>
> I have a wireguard setup between my home router (and the home network
> behind) and a distant FreeBSD servers with several jails.
>
> I use IPv6 fir transport, but I have a routing problem because whan at
> home I need to ssh to the server, and if I use for endpoint address
> (on the home router) the main IPv6 address it ends up with a traffic
> half out of the tunnel (from home to server), and half in the tunnel
> (from server to home).
>
>
> So I chose to add an IPv6 address to the server, route it outside the
> tunnel and use it only for the tunnel. But I cannot specify to
> wireguard on the server to use this address, thus I get packets from
> the main address, my router changes the endpoint address and tunnel
> does not work.
>
> How can I say to wireguard which IP address to use when sending ths
> encrypted packets to the endpoint ?
Not sure I understand your problem but you can't use the ip address used
to mount the tunnel to access the other end. You have to give an ipv6
ULA address to each endpoint. In your case, this should be GUA Home <>
GUA FreeBSD to mount the tunnel. To access the other end in ipv6, give
an ULA address to each wg and you're done.
Also be sure that you put the right address in your config file
--
Daniel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-04-22 7:13 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-26 20:27 Choosing local IP address Erwan David
2022-04-22 7:13 ` Daniel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).