On 18.02.2024 13:32, Axel Braun wrote:
Hello Andrei,
Am Sonntag, 28. Januar 2024, 15:07:43 CET schrieb Andrei Borzenkov:
On 28.01.2024 12:28, Axel Braun wrote:
Am Sonntag, 28. Januar 2024, 10:13:39 CET schrieb Andrei Borzenkov:
Well, as is obvious, your VPN interface does not have any global IPv6 address so it cannot have normal IPv6 connectivity, nor there are any IPv6 routing rules to forward traffic via VPN interface. Does your provider support IPv6 over WireGuard at all? E.g. ProtonVPN does not. It explicitly blocks all IPv6 traffic over VPN.
yes, this is to be expected. I'm currently in Maroc, they seem to have IPv4 only. The point is, in both cases (IPv6 connection in Germany) it did not work. But wireguard looks like everything is right. Bug?
The only thing WireGuard does is to forward packets between your system and the peer. The IP addresses, routing tables, firewall rules etc are explicitly out of scope for WireGuard. It is up to you (or tools you use) to create working configuration by configuring suitable IP address on the WireGuard interface, by making sure routing table matches allowed IPs in the WireGuard configuration and your firewall allows traffic to/from the WireGuard interface.
What do you use to set up WireGuard (wg-quick, NetworkManager, anything else)?
I'm using Network Manager Find the settings here: https://c.gmx.net/@329946484294293704/8_Ohi_kLT3OGDdFy8JVVUQ
Not sure if the IPv6 Tab needs to be adjusted: except the Method 'ignored', all other are 'not supported'
I will follow up once I'm on a IPv6 Connection
Here is the output:
docb@X1E:~> ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host noprefixroute valid_lft forever preferred_lft forever 2: enp0s31f6: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 link/ether 48:2a:e3:7b:f5:ce brd ff:ff:ff:ff:ff:ff 3: wlp82s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether dc:71:96:f1:57:61 brd ff:ff:ff:ff:ff:ff inet 192.168.2.49/24 brd 192.168.2.255 scope global dynamic noprefixroute wlp82s0 valid_lft 1814321sec preferred_lft 1814321sec inet6 2003:ee:3f10:f9d4:3ee9:c46b:d45c:2c6/64 scope global temporary dynamic valid_lft 172796sec preferred_lft 85982sec inet6 2003:ee:3f10:f9d4:62a4:7868:df2d:292/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 172796sec preferred_lft 86396sec inet6 fe80::1d56:2c2f:68d9:e428/64 scope link noprefixroute valid_lft forever preferred_lft forever 4: Wireguard: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet6 fe80::38f3:bb5c:ca2:65bb/64 scope link stable-privacy proto kernel_ll valid_lft forever preferred_lft forever
There is no address on this interface. I am not sure whether it is supposed to work at all. Most likely not. Do you have any traffic on this interface at all? What is the source address of packets sent via this interface?
docb@X1E:~> ip -4 r default via 192.168.2.1 dev wlp82s0 proto dhcp src 192.168.2.49 metric 600 192.168.2.0/24 dev wlp82s0 proto kernel scope link src 192.168.2.49 metric 600 docb@X1E:~> ip -6 r 2003:ee:3f10:f9d4::/64 dev wlp82s0 proto ra metric 600 pref medium fe80::/64 dev Gorden proto kernel metric 256 pref medium fe80::/64 dev wlp82s0 proto kernel metric 1024 pref medium default via fe80::1 dev wlp82s0 proto ra metric 600 pref medium docb@X1E:~> ip rule 0: from all lookup local 31500: from all lookup main suppress_prefixlength 0 31501: not from all fwmark 0xcaca lookup 51914 32766: from all lookup main 32767: from all lookup default docb@X1E:~> ip -6 rule 0: from all lookup local 32766: from all lookup main