Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Sunday, 1 November 2020 14:37, Matt Dunwoodie <ncon@noconroy.net> wrote:
> On Sat, 31 Oct 2020 21:31:50 +0000
> Laura Smith n5d9xq3ti233xiyif2vp@protonmail.ch wrote:
>
> > Hi,
> > I currently have a fully functional dual-stack Wireguard instance
> > running on Debian. However given the recent release of OpenBSD 6.8
> > with Wireguard in base, I thought it would be a good opportunity to
> > switch over from the dark side. ;-)
> > Anyway, so on Debian I have a no-NAT setup, with the host announcing
> > the VPN subnets to upstream router. All works great.
> > I'm no stranger to OpenBSD and OpenBGPD, but I've only managed to get
> > 2/3 of the way :
> >
> > - The OpenBSD host is config fully functional dual-stack, IPv4 and
> > IPv6 work perfectly
> >
> > - wg(4) IPv4 config works perfectly, clients can connect and browse
> > the internet
> >
> > - wg(4) IPv6 config does not work, clients can connect but no
> > routing, not even able to ping loopback IPs or the wg interface IP.
> >
> > - I have verified upstream routers can ping test loopback IPv6 IPs,
> > so dual-stack BGP is functional
> >
> > - I have tried a IPv6 only wireguard client config (as shown below)
> > and that has no effect ( i thought maybe a dual-stack client config
> > was the problem with OpenBSD)
> >
>
> Firstly, there should be no issues with any combination of v4+v6
> with wg(4), so I presume it is a misconfiguration somewhere.
>
> Having a quick look at the config, the endpoint should not be the same
> as the inet6 addr on the server wg1. But I might guess that was a
> mistake when sanitising your configs?
>
> Unfortunately, without more information it would be difficult to
> diagnose. Route tables from both ends would be a start. I would also
> suggest doing a tcpdump on wg interfaces on both ends to see where
> traffic is leaving/arriving.
>
> Cheers,
> Matt
Hi Matt
I retried with a different endpoint and it seemed to work this time.
Thanks
No comments:
Post a Comment