Choosing local IP address

[Daniel]

Hi

Le 26/03/2022 à 21:27, Erwan David a écrit :
> Hello
>
> I have a wireguard setup between my home router (and the home network 
> behind) and a distant FreeBSD servers with several jails.
>
> I use IPv6 fir transport, but I have a routing problem because whan at 
> home I need to ssh to the server, and if I use for endpoint address 
> (on the home router) the main IPv6 address it ends up with a traffic 
> half out of the tunnel (from home to server), and half in the tunnel 
> (from server to home).
>
>
> So I chose to add an IPv6 address to the server, route it outside the 
> tunnel and use it only for the tunnel. But I cannot specify to 
> wireguard on the server to use this address, thus I get packets from 
> the main address, my router changes the endpoint address and tunnel 
> does not work.
>
> How can I say to wireguard which IP address to use when sending ths 
> encrypted packets to the endpoint ?

Not sure I understand your problem but you can't use the ip address used 
to mount the tunnel to access the other end. You have to give an ipv6 
ULA address to each endpoint. In your case, this should be GUA Home <> 
GUA FreeBSD to mount the tunnel. To access the other end in ipv6, give 
an ULA address to each wg and you're done.

Also be sure that you put the right address in your config file

-- 
Daniel