wireguard android don't prefer IPV6 endpoint

tlhackque tlhackque at yahoo.com
Sun Sep 26 11:50:16 UTC 2021

On 26-Sep-21 07:02, Jérémy Prego wrote:
> Hello,
> I think it is useful that I revive this topic.
> is it possible to add an option so that i can use an ipv4 / ipv6
> endpoint but using ipv6 by default when available?
> With the shortage of ipv4, internet operators now very often provide
> subscribers with native ipv6 but ipv4 in tunnel, hence the performance
> of the wireguard tunnel is affected by this, as it uses ipv4 by default.
> if this is not possible in the official client, which wireguard client
> would allow me to have this behavior?
> Thanks,
> Jerem
> Le 03/01/2021 à 16:58, Jérémy Prego a écrit :
>> hello Harsh,
>>> The WireGuard Android client is designed to prefer IPv4 over IPv6 as
>>> of now
>> why did you make this choice? is there a known bug with ipv6? I think it
>> would be useful to put an option in the wireguard application, so that
>> we can choose.
>> if I want to use an ipv6 tunnel, do I have another solution than to
>> create 2 tunels, one in ipv6 only, and another in ipv4 in order to be
>> able to use ipv6 when available and ipv4 when the place where i am has
>> no ipv6?
>> I did not manage to add 2 endpoint in a single tunnel to put an endpoint
>> only ipv6 and another endpoint ipv4 / ipv6 to bypass the problem
>> thanks,
>> Jerem
>> Le 03/01/2021 à 14:48, Harsh Shandilya a écrit :
>>> Hey Jérémy,
>>> On 2021-01-02 08:27, Jérémy Prego wrote:
>>>> I confirm the same problem in wifi
>>>> Le 27/12/2020 à 07:02, Jérémy Prego a écrit :
>>>>> hello,
>>>>> I've always encountered a bug with android wireguard when using an
>>>>> ipv4
>>>>> / ipv6 endpoint.
>>>>> I tested with two phones:
>>>>> Huawei p10 lite android 8.0 emui 8
>>>>> Xiaomi poco m3 android 10.0 miui 12
>>>>> When i'm in LTE (not yet been able to test in wifi), wireguard
>>>>> connects
>>>>> to the endpoint in ipv4 and not in ipv6, and i don't understand
>>>>> why it
>>>>> is doing that.
>>> The WireGuard Android client is designed to prefer IPv4 over IPv6 as
>>> of now
>>> (https://git.zx2c4.com/wireguard-android/tree/tunnel/src/main/java/com/wireguard/config/InetEndpoint.java#n97).
>>> This may or may not change in the future, and we'll announce here if
>>> it does.
>>>>> However, chrome, for example, does use ipv6 by default and not ipv4.
>>>>> My phone does recover an ipv6 in 2a01: cb1a ........ / 64 and not an
>>>>> ipv6 type fc00 / fd00 / fe80 ...
>>>>> I also specify that if I only have an AAAA record, the tunnel works
>>>>> fine
>>>>> in ipv6. but suddenly, I can no longer connect to wifi which only
>>>>> have ipv4.
>>>>> I would like wireguard to favor ipv6 when it is available, and
>>>>> otherwise
>>>>> switch to ipv4.
>>>>> Is it possible ?
>>>>> Thanks,
>>>>> Jerem
>>> Cheers,
>>> Harsh
I agree that it should be selectable - but note that there are many
inverse situations, where IPv6 is tunneled and IPv4 is direct.  There
are still ISPs (including half of mine) that will not provide end users
with an IPv6 native connection. 

This is a bit difficult, since the situation can occur at both the
client and server end.  For the server end, if the client knows what's
best for the server, the tunnel configuration could be set to prefer the
best protocol.  But for a roaming client, it's not so easy.  E.g. Using
Cellphone wireless is almost always IPv6, but if connected via WiFi,
it's almost always IPv4.  And if you plug your portable machine into a
client's ethernet, you don't know what you'll get (or whether its
connection is tunneled).

So if the client does anything, it probably needs a 3-way switch: "Use
IPv4", "Use IPv6", "Autoselect".  (Or if you really want to complicate
things, you could break Autoselect into Auto-prefer IPv4 and Auto-prefer
IPv6.)  While this makes sense to technical people, it's not obvious
that the performance difference is worth exposing the complication to
all users.

Since there's also the issue of which DNS servers to use when resolving
the endpoint name - perhaps it's time for an "advanced" sub-panel of
options in the GUI.  Keeping things simple for the casual/first-time
user is a strength of WireGuard.

For what it's worth, you can specify a numeric IP address to force IPv6
- e.g. [2001:db8::1234]:5522

Of course, that doesn't work if your endpoint address is dynamic & you
need the DNS lookup.

With respect to Chrome - last I knew, it uses the "Happy Eyeballs"
(RFC6555/8305) algorithm, which tries to prefer IPv6.  And there's
no(longer) any way to influence it in Chrome.

Basic address selection is up to the OS - see rfc6724, 3484.  Most
provide a way to specify a global preference - which in the situation
you described, you probably want to do when not tunneled.  E.g. for
glib-based systems, see /etc/gai.conf, and for windows see the
registry key.

If you control the endpoint, another approach is to add a DNS record
that only returns the AAAA record (for the IPv6) address, e.g.
endpoint.v6.example.net.  For situations like this, I often have three
address records - the generic host.example.net, and host.v6.example.net
and host.v4.example.net.  But I try not to expose the latter two.

I wish things were simpler...

More information about the WireGuard mailing list