Hello Andrei,
Am Sonntag, 28. Januar 2024, 15:07:43 CET schrieb Andrei Borzenkov:
On 28.01.2024 12:28, Axel Braun wrote:
Am Sonntag, 28. Januar 2024, 10:13:39 CET schrieb Andrei Borzenkov:
https://paste.opensuse.org/pastes/47b3ce0ce8d6
Well, as is obvious, your VPN interface does not have any global IPv6
address so it cannot have normal IPv6 connectivity, nor there are any
IPv6 routing rules to forward traffic via VPN interface. Does your
provider support IPv6 over WireGuard at all? E.g. ProtonVPN does not. It
explicitly blocks all IPv6 traffic over VPN.
yes, this is to be expected. I'm currently in Maroc, they seem to have IPv4 only.
The point is, in both cases (IPv6 connection in Germany) it did not work. But wireguard looks like everything is right. Bug?
The only thing WireGuard does is to forward packets between your system
and the peer. The IP addresses, routing tables, firewall rules etc are
explicitly out of scope for WireGuard. It is up to you (or tools you
use) to create working configuration by configuring suitable IP address
on the WireGuard interface, by making sure routing table matches allowed
IPs in the WireGuard configuration and your firewall allows traffic
to/from the WireGuard interface.
What do you use to set up WireGuard (wg-quick, NetworkManager, anything
else)?
I'm using Network Manager
Find the settings here: https://c.gmx.net/@329946484294293704/8_Ohi_kLT3OGDdFy8JVVUQ
Not sure if the IPv6 Tab needs to be adjusted: except the Method 'ignored', all other are 'not supported'
I will follow up once I'm on a IPv6 Connection
Here is the output:
docb@X1E:~> ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp0s31f6: mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether 48:2a:e3:7b:f5:ce brd ff:ff:ff:ff:ff:ff
3: wlp82s0: mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether dc:71:96:f1:57:61 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.49/24 brd 192.168.2.255 scope global dynamic noprefixroute wlp82s0
valid_lft 1814321sec preferred_lft 1814321sec
inet6 2003:ee:3f10:f9d4:3ee9:c46b:d45c:2c6/64 scope global temporary dynamic
valid_lft 172796sec preferred_lft 85982sec
inet6 2003:ee:3f10:f9d4:62a4:7868:df2d:292/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 172796sec preferred_lft 86396sec
inet6 fe80::1d56:2c2f:68d9:e428/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: Wireguard: mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet6 fe80::38f3:bb5c:ca2:65bb/64 scope link stable-privacy proto kernel_ll
valid_lft forever preferred_lft forever
docb@X1E:~> ip -4 r
default via 192.168.2.1 dev wlp82s0 proto dhcp src 192.168.2.49 metric 600
192.168.2.0/24 dev wlp82s0 proto kernel scope link src 192.168.2.49 metric 600
docb@X1E:~> ip -6 r
2003:ee:3f10:f9d4::/64 dev wlp82s0 proto ra metric 600 pref medium
fe80::/64 dev Gorden proto kernel metric 256 pref medium
fe80::/64 dev wlp82s0 proto kernel metric 1024 pref medium
default via fe80::1 dev wlp82s0 proto ra metric 600 pref medium
docb@X1E:~> ip rule
0: from all lookup local
31500: from all lookup main suppress_prefixlength 0
31501: not from all fwmark 0xcaca lookup 51914
32766: from all lookup main
32767: from all lookup default
docb@X1E:~> ip -6 rule
0: from all lookup local
32766: from all lookup main