Development discussion of WireGuard
 help / color / mirror / Atom feed
* WG ipv6tunnel - ipv4 and ipv6 issues
@ 2021-09-06 15:51 Daniel
  0 siblings, 0 replies; only message in thread
From: Daniel @ 2021-09-06 15:51 UTC (permalink / raw)
  To: wireguard

Hi list,

I setup a wg connection using only ipv6 addresses for wg IFACE. One end 
is fd99:1234:beef:cafe::10:1/64 -named S1- other one being 
fd99:1234:beef:cafe::70:1/64 -named S2- Each end can ping or ssh to the 
other one.

1. I would like to pass ipv4 traffic inside so I add on S1

sudo ip r add 10.0.70.0/24 via inet6 fd99:1234:beef:cafe::70:1 dev wig0

Destination server has a virbr0 bridge (kvm libvirt) with 2 addresses: 
10.0.70.1/32 and fd99:1234:beef:cafe::70:ff1/120

 From S1 I can ping or ssh the ipv6 address from virbr0 but get no 
answer when pinging or ssh the ipv4 address despite the fact that 
wig0@S2 get's the original traffic (tcpdump -ni wig0)

2. VMs from server S2 have ipv6 addresses like 
fd99:1234:beef:cafe::70:ff1[2-9]/120 They can ping S2 and virbr0 ipv6 
addresses but are not reachable from S1 nor they can ping ipv6 endpoints 
behind S1 (network fd53:9b48:337:8b38::/64) despite the fact that route 
exist

fd53:9b48:337:8b38::/64 via fd99:1234:beef:cafe::10:1 dev wig0 metric 
1024 pref medium

and there is no problem from S2. From iptables vue wig0 is accepted in 
INPUT, FORWARD and OUTPUT on S2. Both servers are running Debian11 with 
5.10 kernel.

What am I missing here ?


-- 
Daniel

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-09-06 15:51 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-06 15:51 WG ipv6tunnel - ipv4 and ipv6 issues Daniel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).