[Warning: DMARC Fail Email] Re: ipv6 connexion fail - ipv4 OK

Daniel tech at tootai.net
Mon Aug 30 10:24:01 UTC 2021


Le 27/08/2021 à 23:44, Roman Mamedov a écrit :
> On Sat, 28 Aug 2021 07:05:45 +0930
> Mike O'Connor <mike at pineview.net> wrote:
>> On a 1500 link I'm having to use 1280 to get ipv6 to successfully go
>> over a wireguard link.
> Then it is not a true 1500 MTU link, something in-between drops packets at a
> lower bar. Or maybe not all of them, but just UDP, for example.
> But yeah, 1280 is worth trying as well, maybe Daniel has a similar issue.
> As for me I am using MTU 1412 WG over IPv6 on a 1492 MTU underlying link just
> fine.

After lot of few testings, I think the problem is elsewhere. Setup of 
the server:

. eth0 with one public ipv4 IP and ipv6 /64

. 2 tunnels (one gre, one sit), each of them having one ipv4 and one 
ipv6 /64. They take care on trafic from/to our /48 ipv6 range

. 2 tun openvpn interfaces for customers with ipv6 address from our /48 

. wireguard interface with ipv6 address from our /48 range

Using tcpdump -i any I see the trafic coming to the gre interface and 
that's all. But netstat show

udp6       0      0 :::12345 :::*                                
0          125391     -

and ps aux output is

dh at peech:~$ ps ax|grep wg
    6969 ?        I<     0:00 [wg-crypt-wig4to]
    7026 ?        I      0:00 [kworker/1:2-wg-kex-wig4tootai]

Question: is wireguard really listening on all ipv6 addresses ? If not, 
how is the address choosen ?


Thanks for your help


More information about the WireGuard mailing list