[Warning: DMARC Fail Email] Re: ipv6 connexion fail - ipv4 OK
Daniel
tech at tootai.net
Mon Aug 30 10:24:01 UTC 2021
Hi
Le 27/08/2021 à 23:44, Roman Mamedov a écrit :
> On Sat, 28 Aug 2021 07:05:45 +0930
> Mike O'Connor <mike at pineview.net> wrote:
>
>> On a 1500 link I'm having to use 1280 to get ipv6 to successfully go
>> over a wireguard link.
> Then it is not a true 1500 MTU link, something in-between drops packets at a
> lower bar. Or maybe not all of them, but just UDP, for example.
>
> But yeah, 1280 is worth trying as well, maybe Daniel has a similar issue.
>
> As for me I am using MTU 1412 WG over IPv6 on a 1492 MTU underlying link just
> fine.
After lot of few testings, I think the problem is elsewhere. Setup of
the server:
. eth0 with one public ipv4 IP and ipv6 /64
. 2 tunnels (one gre, one sit), each of them having one ipv4 and one
ipv6 /64. They take care on trafic from/to our /48 ipv6 range
. 2 tun openvpn interfaces for customers with ipv6 address from our /48
range
. wireguard interface with ipv6 address from our /48 range
Using tcpdump -i any I see the trafic coming to the gre interface and
that's all. But netstat show
udp6 0 0 :::12345 :::*
0 125391 -
and ps aux output is
dh at peech:~$ ps ax|grep wg
6969 ? I< 0:00 [wg-crypt-wig4to]
7026 ? I 0:00 [kworker/1:2-wg-kex-wig4tootai]
Question: is wireguard really listening on all ipv6 addresses ? If not,
how is the address choosen ?
[...]
Thanks for your help
--
Daniel
More information about the WireGuard
mailing list