On 28.01.2024 12:28, Axel Braun wrote:
Am Sonntag, 28. Januar 2024, 10:13:39 CET schrieb Andrei Borzenkov:
Well, as is obvious, your VPN interface does not have any global IPv6 address so it cannot have normal IPv6 connectivity, nor there are any IPv6 routing rules to forward traffic via VPN interface. Does your provider support IPv6 over WireGuard at all? E.g. ProtonVPN does not. It explicitly blocks all IPv6 traffic over VPN.
yes, this is to be expected. I'm currently in Maroc, they seem to have IPv4 only. The point is, in both cases (IPv6 connection in Germany) it did not work. But wireguard looks like everything is right. Bug?
The only thing WireGuard does is to forward packets between your system and the peer. The IP addresses, routing tables, firewall rules etc are explicitly out of scope for WireGuard. It is up to you (or tools you use) to create working configuration by configuring suitable IP address on the WireGuard interface, by making sure routing table matches allowed IPs in the WireGuard configuration and your firewall allows traffic to/from the WireGuard interface. What do you use to set up WireGuard (wg-quick, NetworkManager, anything else)?
Even if your provider is using some kind of NAT, lack of routing still means IPv6 will not go over VPN.
And your VPN interface does not have any IPv4 address so even IPv4 should not work.
31501: not from all fwmark 0xcaca lookup 51914
Show
ip route show table 51914
X1E:~ # ip route show table 51914 Error: ipv4: FIB table does not exist. Dump terminated
I will follow up once I'm on a IPv6 Connection
Well, WireGuard can tunnel IPv6 over IPv4 so you do not need IPv6 connectivity to establish IPv6 WireGuard tunnel. But you do need the correct WireGuard configuration to do it. Post configuration you are using (obfuscating any private keys).