From: Daniel <tech@tootai.net>
To: wireguard@lists.zx2c4.com
Subject: WG ipv6tunnel - ipv4 and ipv6 issues
Date: Mon, 6 Sep 2021 17:51:08 +0200 [thread overview]
Message-ID: <e490b0c3-ef5f-2725-e1a5-5cdc1b10da2e@tootai.net> (raw)
Hi list,
I setup a wg connection using only ipv6 addresses for wg IFACE. One end
is fd99:1234:beef:cafe::10:1/64 -named S1- other one being
fd99:1234:beef:cafe::70:1/64 -named S2- Each end can ping or ssh to the
other one.
1. I would like to pass ipv4 traffic inside so I add on S1
sudo ip r add 10.0.70.0/24 via inet6 fd99:1234:beef:cafe::70:1 dev wig0
Destination server has a virbr0 bridge (kvm libvirt) with 2 addresses:
10.0.70.1/32 and fd99:1234:beef:cafe::70:ff1/120
From S1 I can ping or ssh the ipv6 address from virbr0 but get no
answer when pinging or ssh the ipv4 address despite the fact that
wig0@S2 get's the original traffic (tcpdump -ni wig0)
2. VMs from server S2 have ipv6 addresses like
fd99:1234:beef:cafe::70:ff1[2-9]/120 They can ping S2 and virbr0 ipv6
addresses but are not reachable from S1 nor they can ping ipv6 endpoints
behind S1 (network fd53:9b48:337:8b38::/64) despite the fact that route
exist
fd53:9b48:337:8b38::/64 via fd99:1234:beef:cafe::10:1 dev wig0 metric
1024 pref medium
and there is no problem from S2. From iptables vue wig0 is accepted in
INPUT, FORWARD and OUTPUT on S2. Both servers are running Debian11 with
5.10 kernel.
What am I missing here ?
--
Daniel
reply other threads:[~2021-09-06 15:51 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e490b0c3-ef5f-2725-e1a5-5cdc1b10da2e@tootai.net \
--to=tech@tootai.net \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).