15.09.2018 14:09, Adam Mizerski пишет:
W dniu 15.09.2018 o 09:18, Andrei Borzenkov pisze:
11.09.2018 01:21, Adam Mizerski пишет:
W dniu 09.09.2018 o 08:49, Andrei Borzenkov pisze:
09.09.2018 00:13, Adam Mizerski пишет:
Earlier you said that connectivity to outside world works correctly. Does it mean only ping fails? Can you connect to any IPv6 using TCP/UDP?
strace of both successful and failed ping invocations would be useful.
Pings and everything works correctly before I start (and after I stop) WireGuard interface.
here are strace outputs: https://etam.homelinux.com/index.php/s/wmJxaDps6Y3KrA9
sendto() fails immediately with EDESTADDRREQ which makes no sense because destination address *is* provided. I cannot reproduce it at all. If I create the same configuration (to the extent rather scarce details you provided allow) I get "Network is unreachable" when explicitly selecting the second interface without default route. And for the first interface I either get timeout or address unreachable depending on which gateway I set (I get address unreachable if I set dummy gateway with real public address).
Something must be different on your system. You say VPS - is it some sort of container? What platform does it run on?
It's a KVM virtual machine, with openSUSE Leap 15, which I installed by myself from ISO.
"to the extent rather scarce details you provided allow" - I tried to provide enough info to describe the situation, without dumping half of my system in one email. If you need more info, I can provide it, just tell me what you need.
Full "ip a" and "ip r" output would be helpful. Also full output of "journalctl -b" in case there is something in logs.
Here you go: https://etam.homelinux.com/index.php/s/EWRQ8XP2rxcASX6
Sep 15 12:57:41 etam-hitme wg-quick[2210]: [#] ip link set mtu 1420 dev wg0 Sep 15 12:57:41 etam-hitme wg-quick[2210]: [#] ip link set wg0 up Sep 15 12:57:41 etam-hitme wg-quick[2210]: [#] wg set wg0 fwmark 51820 Sep 15 12:57:41 etam-hitme wg-quick[2210]: [#] ip -6 route add ::/0 dev wg0 table 51820 Sep 15 12:57:41 etam-hitme wg-quick[2210]: [#] ip -6 rule add not fwmark 51820 table 51820 Sep 15 12:57:41 etam-hitme wg-quick[2210]: [#] ip -6 rule add table main suppress_prefixlength 0 This makes wg0 default interface while allowing only packets to directly connected LAN on other interfaces. My understanding is that you need exactly opposite. You probably need to change your WireGuard configuration to not declare wg0 as default route.
It's not only ping failing. "curl -6 sixxs.net" gives error: curl: (7) Failed to connect to sixxs.net port 80: No route to host