From: "Skyler Mäntysaari" <samip537@kapsi.fi>
To: wireguard@lists.zx2c4.com
Subject: Re: [Warning: DMARC Fail Email] Re: ipv6 connexion fail - ipv4 OK
Date: Mon, 30 Aug 2021 15:55:36 +0300 [thread overview]
Message-ID: <ba7f90b7-0810-7f1f-a1b9-285bee046a4a@kapsi.fi> (raw)
In-Reply-To: <7437f3e0-26ba-5e33-a175-0cf233635b3f@tootai.net>
On 8/30/21 1:24 PM, Daniel wrote:
> Hi
>
> Le 27/08/2021 à 23:44, Roman Mamedov a écrit :
>> On Sat, 28 Aug 2021 07:05:45 +0930
>> Mike O'Connor <mike@pineview.net> wrote:
>>
>>> On a 1500 link I'm having to use 1280 to get ipv6 to successfully go
>>> over a wireguard link.
>> Then it is not a true 1500 MTU link, something in-between drops
>> packets at a
>> lower bar. Or maybe not all of them, but just UDP, for example.
>>
>> But yeah, 1280 is worth trying as well, maybe Daniel has a similar
>> issue.
>>
>> As for me I am using MTU 1412 WG over IPv6 on a 1492 MTU underlying
>> link just
>> fine.
>
> After lot of few testings, I think the problem is elsewhere. Setup of
> the server:
>
> . eth0 with one public ipv4 IP and ipv6 /64
>
> . 2 tunnels (one gre, one sit), each of them having one ipv4 and one
> ipv6 /64. They take care on trafic from/to our /48 ipv6 range
>
> . 2 tun openvpn interfaces for customers with ipv6 address from our
> /48 range
>
> . wireguard interface with ipv6 address from our /48 range
>
> Using tcpdump -i any I see the trafic coming to the gre interface and
> that's all. But netstat show
>
> udp6 0 0 :::12345 :::* 0 125391 -
>
> and ps aux output is
>
> dh@peech:~$ ps ax|grep wg
> 6969 ? I< 0:00 [wg-crypt-wig4to]
> 7026 ? I 0:00 [kworker/1:2-wg-kex-wig4tootai]
>
> Question: is wireguard really listening on all ipv6 addresses ? If
> not, how is the address choosen ?
>
> [...]
>
> Thanks for your help
>
Hi,
I'm having to use MSS 1380 for IPv4 and MSS 1360 for IPv6 with
Wireguard, and it works great. However I'm not entirely sure what the
underlying link MTU actually is because WAN says 1500, but pinging with
`-m DO` sometimes doesn't work like it is in fact MTU 1500 all the way.
next prev parent reply other threads:[~2021-08-30 12:56 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-25 15:25 Daniel
2021-08-26 11:14 ` Daniel
2021-08-27 16:14 ` Roman Mamedov
2021-08-27 17:16 ` Daniel
2021-08-27 21:35 ` [Warning: DMARC Fail Email] " Mike O'Connor
2021-08-27 21:44 ` Roman Mamedov
2021-08-27 21:54 ` Mike O'Connor
2021-08-30 10:24 ` Daniel
2021-08-30 12:55 ` Skyler Mäntysaari [this message]
2021-08-30 16:43 ` Roman Mamedov
2021-08-30 17:28 ` Daniel
2021-08-30 17:38 ` Roman Mamedov
2021-08-30 17:44 ` Daniel
2021-08-30 17:59 ` Roman Mamedov
2021-08-31 17:50 ` Daniel
2021-09-01 17:44 ` Daniel
2021-09-03 13:59 ` ipv6 connexion fail - ipv4 OK (SOLVED) Daniel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ba7f90b7-0810-7f1f-a1b9-285bee046a4a@kapsi.fi \
--to=samip537@kapsi.fi \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).