[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: krijg Wireguard niet naar verwachting aan de gang met IPv6

On 18 September 2021 10:48 Geert Stappers, wrote:

> On Sat, Sep 18, 2021 at 09:42:13AM +0200, Geert Stappers wrote:
>> On Sat, Sep 18, 2021 at 08:51:32AM +0200, Gijs Hillenius wrote:
>   [...] knip
>> > client
>> > ,----
>> > | [Interface]
>> > | Address = 10.93.15.2/24, fdab:9205:cf78:f608::2/64
>> > | PrivateKey = <snip>
>> > | 
>> > 
>   <knip/>
>> > 
>> > en dan testen met ping
>> > ping6 ping.xs4all.nl
>> > PING ping.xs4all.nl(ping.xs4all.nl (2001:888:0:5::1)) 56 data bytes
>> > ^C
>> > --- ping.xs4all.nl ping statistics ---
>> > 5 packets transmitted, 0 received, 100% packet loss, time 4077ms
>> > 
>
> Netwerkpakketten vanaf fdab:9205:cf78:f608::2 bereiken
> misschien wel 2001:888:0:5::1, maar pakketen van 2001:888:0:5::1
> vinden niet hun weg terug naar fdab:9205:cf78:f608::2.
>
> [1]
>
> Iets om te proberen:
> Onder 2a01:4f8:200:546b/64 bijvoorbeeld 2a01:4f8:200:546b:4653/80
> hangen. Aan wireguard server geef je 2a01:4f8:200:546b:4653::1
> Aan wireguard client geef je 2a01:4f8:200:546b:4653::2  [2]


Met andere woorden, je wilt dat ik dit probeer. (spoiler: het wil niet,
zie onder)


wg0 op de client

,----
| [Interface]
| Address= 10.93.15.2/24, 2a01:4f8:200:546b:4653::2/64
| PrivateKey = <snip>
| 
| [Peer]
| PublicKey = P3GrgaFCxj6gc6CnOUPo8vxBtKaOcKa7wa8LoL1oUl0=
| Endpoint = [2a01:4f8:200:546b::9e15:1]:51820
| AllowedIPs = 0.0.0.0/0, ::/0
| 
| PersistentKeepalive = 25
`----

wg0 op de server

,----
| [Interface]
| Address = 10.93.15.1/24, 2a01:4f8:200:546b:4653::1/64
| PrivateKey = <snip>
| ListenPort = 51820
| 
| [Peer]
| PublicKey = nRwfI98C+AFDaLZuaF1i7YWrj7yQDHrQO07XvivGn2U=
| AllowedIPs = 10.93.15.2/32, fdab:9205:cf78:f608::2/128
`----

Beiden aangezet, maar de client moppert meteen:

server

wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.93.15.1/24 dev wg0
[#] ip -6 address add 2a01:4f8:200:546b:4653::1/64 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] ip -6 route add fdab:9205:cf78:f608::2/128 dev wg0


dan de client:

wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.93.15.2/24 dev wg0
[#] ip -6 address add 2a01:4f8:200:546b:4653::2/64 dev wg0
RTNETLINK answers: Network is unreachable
[#] ip link set mtu 1420 up dev wg0
[#] wg set wg0 fwmark 51820
[#] ip -6 route add ::/0 dev wg0 table 51820
[#] ip -6 rule add not fwmark 51820 table 51820
[#] ip -6 rule add table main suppress_prefixlength 0
[#] ip6tables-restore -n
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] iptables-restore -n

Network unreachable, maar eigenwijs toch ping6 geprobeerd:

ping6 ping.xs4all.nl
PING ping.xs4all.nl(ping.xs4all.nl (2001:888:0:5::1)) 56 data bytes
^C
--- ping.xs4all.nl ping statistics ---
13 packets transmitted, 0 received, 100% packet loss, time 12294ms
Reply to: