Wireguard Interface doesn't receive IPv6 link-local address #148
Labels
bug/possible
A possible bug that has not yet been confirmed
Comments
|
I noticed this myself, and Wireguard configured with systemd doesn't create a link-local address by default either. However, you can just create a random link-local address yourself and set that on the interface directly. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Package version
1.0.20220627
Firmware version
4.4.57
Device
UniFi Security Gateway - UGW3
Issue description
I have multiple Wireguard tunnels that I am in the process of switching to IPv6 connectivity.
As they are only point-to-point tunnels I intend to use the IPv6 link-local address of the Wireguard Interfaces to route my traffic.
This works fine on my VyOS routers, but trying to connect my 1 UGW3 I noticed that the Wireguard Interfaces don't receive a IPv6 link-local address, even though all of my other interfaces do.
I don't see any option to enable this in the config and it also doesn't receive one, when I explicitly assign the Interface an IPv6 ULA.
I could use IPv6 ULAs to route the traffic to the UGW3, but I think not receiving a link-local address is a bug as Wireguard interfaces on all of my other systems receive a link-local address.
Configuration and log output
Config: wireguard wg0 { address 10.0.100.3/32 address fd48:e380:751a:100::3/128 firewall { in { name LAN_IN } local { name LAN_LOCAL } out { name LAN_OUT } } mtu 1412 peer xxx { allowed-ips 10.0.100.0/24 allowed-ips 10.0.101.0/24 allowed-ips 10.0.0.0/24 allowed-ips fd48:e380:751a:100::/64 allowed-ips fd48:e380:751a:101::/64 allowed-ips fd48:e380:751a:0::/64 endpoint xxx:51820 persistent-keepalive 45 } private-key xxx route-allowed-ips true } Result: 9: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1412 qdisc noqueue state UNKNOWN link/none inet 10.0.100.3/32 scope global wg0 valid_lft forever preferred_lft forever inet6 fd48:e380:751a:100::3/128 scope global valid_lft forever preferred_lft forever To compare, here is what VyOS on the other side of the tunnel does: wireguard wg0 { address 10.0.100.9/24 address fd48:e380:751a:100::9/64 description "Main VPN" mtu 1400 peer xxx { allowed-ips 10.0.100.3/32 allowed-ips 10.0.10.0/24 allowed-ips fd48:e380:751a:100::3/128 allowed-ips fd48:e380:751a:10::/64 persistent-keepalive 45 public-key xxx } 4: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1400 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 10.0.100.9/24 brd 10.0.100.255 scope global wg0 valid_lft forever preferred_lft forever inet6 fd48:e380:751a:100::9/64 scope global valid_lft forever preferred_lft forever inet6 fe80::fdb5:14ff:fecb:6c5c/64 scope link valid_lft forever preferred_lft foreverThe text was updated successfully, but these errors were encountered: