From: Daniel <tech@tootai.net>
To: wireguard@lists.zx2c4.com
Subject: Re: Choosing local IP address
Date: Fri, 22 Apr 2022 09:13:44 +0200 [thread overview]
Message-ID: <c202757f-99eb-215f-9e22-4b473a2b9f98@tootai.net> (raw)
In-Reply-To: <91765b65-5daa-c699-4a72-b59b0f6f9ebb@rail.eu.org>
Hi
Le 26/03/2022 à 21:27, Erwan David a écrit :
> Hello
>
> I have a wireguard setup between my home router (and the home network
> behind) and a distant FreeBSD servers with several jails.
>
> I use IPv6 fir transport, but I have a routing problem because whan at
> home I need to ssh to the server, and if I use for endpoint address
> (on the home router) the main IPv6 address it ends up with a traffic
> half out of the tunnel (from home to server), and half in the tunnel
> (from server to home).
>
>
> So I chose to add an IPv6 address to the server, route it outside the
> tunnel and use it only for the tunnel. But I cannot specify to
> wireguard on the server to use this address, thus I get packets from
> the main address, my router changes the endpoint address and tunnel
> does not work.
>
> How can I say to wireguard which IP address to use when sending ths
> encrypted packets to the endpoint ?
Not sure I understand your problem but you can't use the ip address used
to mount the tunnel to access the other end. You have to give an ipv6
ULA address to each endpoint. In your case, this should be GUA Home <>
GUA FreeBSD to mount the tunnel. To access the other end in ipv6, give
an ULA address to each wg and you're done.
Also be sure that you put the right address in your config file
--
Daniel
prev parent reply other threads:[~2022-04-22 7:13 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-26 20:27 Erwan David
2022-04-22 7:13 ` Daniel [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c202757f-99eb-215f-9e22-4b473a2b9f98@tootai.net \
--to=tech@tootai.net \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).