Bug report: WireGuard iOS prioritizes IPv4 over IPv6

Maurice Walker maurice at walker.earth
Sun Feb 23 17:25:26 CET 2020


Hi Matthias,

Thanks for the explanation.

I did some more testing on Windows. If the peer FQDN resolves to both AAAA and
A, WireGuard seems to check for an interface with an IPv4 address (other than
link-local or loopback). If there is one, it uses IPv4, otherwise IPv6. The
issue is that it doesn't seem to check whether there actually is an IPv4 route
to the peer. So as long as there is any IPv4 address on any interface, WG
doesn't use IPv6 - even if there is no IPv4 default gateway (or other IPv4
route to the peer).
Since it already seems to perform some rudimentary IPv4 connectivity check,
a simple check of the routing table could be a stopgap fix.

> Thus the frontend needs to remember all addresses, send one to the
> driver, wait a bit, check whether a link could be established, then try
> with another peer address. Repeat until success.

Right, that would ultimately be what one would wish for. But until this is
implemented, WG should at least prefer IPv6 over IPv4.

Cheers,

Maurice

(Sorry for double posting. I mailed again after the first mail had been on
hold for moderator approval for three days. I will be more patient this time.)


More information about the WireGuard mailing list