On Sat, 31 Oct 2020 21:31:50 +0000
Laura Smith <n5d9xq3ti233xiyif2vp@protonmail.ch> wrote:
> Hi,
>
> I currently have a fully functional dual-stack Wireguard instance
> running on Debian. However given the recent release of OpenBSD 6.8
> with Wireguard in base, I thought it would be a good opportunity to
> switch over from the dark side. ;-)
>
> Anyway, so on Debian I have a no-NAT setup, with the host announcing
> the VPN subnets to upstream router. All works great.
>
> I'm no stranger to OpenBSD and OpenBGPD, but I've only managed to get
> 2/3 of the way :
> - The OpenBSD host is config fully functional dual-stack, IPv4 and
> IPv6 work perfectly
> - wg(4) IPv4 config works perfectly, clients can connect and browse
> the internet
> - wg(4) IPv6 config does not work, clients can connect but no
> routing, not even able to ping loopback IPs or the wg interface IP.
> - I have verified upstream routers can ping test loopback IPv6 IPs,
> so dual-stack BGP is functional
> - I have tried a IPv6 only wireguard client config (as shown below)
> and that has no effect ( i thought maybe a dual-stack client config
> was the problem with OpenBSD)
Firstly, there should be no issues with any combination of v4+v6
with wg(4), so I presume it is a misconfiguration somewhere.
Having a quick look at the config, the endpoint should not be the same
as the inet6 addr on the server wg1. But I might guess that was a
mistake when sanitising your configs?
Unfortunately, without more information it would be difficult to
diagnose. Route tables from both ends would be a start. I would also
suggest doing a tcpdump on wg interfaces on both ends to see where
traffic is leaving/arriving.
Cheers,
Matt
No comments:
Post a Comment