Development discussion of WireGuard
 help / color / mirror / Atom feed
From: Daniel <tech@tootai.net>
To: wireguard@lists.zx2c4.com
Subject: Re: Choosing local IP address
Date: Fri, 22 Apr 2022 09:13:44 +0200	[thread overview]
Message-ID: <c202757f-99eb-215f-9e22-4b473a2b9f98@tootai.net> (raw)
In-Reply-To: <91765b65-5daa-c699-4a72-b59b0f6f9ebb@rail.eu.org>

Hi

Le 26/03/2022 à 21:27, Erwan David a écrit :
> Hello
>
> I have a wireguard setup between my home router (and the home network 
> behind) and a distant FreeBSD servers with several jails.
>
> I use IPv6 fir transport, but I have a routing problem because whan at 
> home I need to ssh to the server, and if I use for endpoint address 
> (on the home router) the main IPv6 address it ends up with a traffic 
> half out of the tunnel (from home to server), and half in the tunnel 
> (from server to home).
>
>
> So I chose to add an IPv6 address to the server, route it outside the 
> tunnel and use it only for the tunnel. But I cannot specify to 
> wireguard on the server to use this address, thus I get packets from 
> the main address, my router changes the endpoint address and tunnel 
> does not work.
>
> How can I say to wireguard which IP address to use when sending ths 
> encrypted packets to the endpoint ?

Not sure I understand your problem but you can't use the ip address used 
to mount the tunnel to access the other end. You have to give an ipv6 
ULA address to each endpoint. In your case, this should be GUA Home <> 
GUA FreeBSD to mount the tunnel. To access the other end in ipv6, give 
an ULA address to each wg and you're done.

Also be sure that you put the right address in your config file

-- 
Daniel

      reply	other threads:[~2022-04-22  7:13 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-03-26 20:27 Erwan David
2022-04-22  7:13 ` Daniel [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c202757f-99eb-215f-9e22-4b473a2b9f98@tootai.net \
    --to=tech@tootai.net \
    --cc=wireguard@lists.zx2c4.com \
    --subject='Re: Choosing local IP address' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).