From: Roman Mamedov <rm@romanrm.net>
To: Daniel <tech@tootai.net>
Cc: wireguard@lists.zx2c4.com
Subject: Re: ipv6 connexion fail - ipv4 OK
Date: Fri, 27 Aug 2021 21:14:12 +0500 [thread overview]
Message-ID: <20210827211412.3ed5f170@natsu> (raw)
In-Reply-To: <e4b50341-6f90-92fe-7728-a518768a1b51@tootai.net>
On Thu, 26 Aug 2021 13:14:00 +0200
Daniel <tech@tootai.net> wrote:
> Correction
>
> Le 25/08/2021 à 17:25, Daniel a écrit :
> > Hi list,
> >
> > I setup wireguard on a server running Debian 11 and get it to work with
> > 2 clients (Debian 11 and Ubuntu 20.04). Clients and server are on
> > separate networks, one client behind a FW the other direct on Internet,
> > no FW at all (VPS).
> >
> > With this setup and ipv4 connection to the public IP of the server,
> > everything is working as expected, ipv4 as well as ipv6 are passing
> > smoothly.
> >
> > Now I want to connect using the ipv6 address of the wg interface as both
> > clients and server have ULA ipv6.
>
> Here is GUA to read.
>
> > This fail, wg show that connection is
> > established but VPN is not usable. It's not a FW problem as I can ssh to
> > the ipv6 address, as well as a netcat test from/to server IP -from each
> > client- on an UDP port is working properly. Also,
> > net.ipv6.conf.all.forwarding=1 is activated in sysctl.conf
> >
> > All network stuff is done in /etc/network/interfaces which call the
> > config file. The ipv6 address of the server is affected _to the
> > wireguard interface_ (in ipv4 it's another interface who take care of
> > the public address)
> >
> > Server version is wireguard-tools v1.0.20210223.
> >
> > If someone have any hint, thanks to share ;)
>
IPv6 requires the in-WG MTU to be 20 bytes less than when running over IPv4.
Try reducing it accordingly.
--
With respect,
Roman
next prev parent reply other threads:[~2021-08-27 16:14 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-25 15:25 ipv6 connexion fail - ipv4 OK Daniel
2021-08-26 11:14 ` Daniel
2021-08-27 16:14 ` Roman Mamedov [this message]
2021-08-27 17:16 ` Daniel
2021-08-27 21:35 ` [Warning: DMARC Fail Email] " Mike O'Connor
2021-08-27 21:44 ` Roman Mamedov
2021-08-27 21:54 ` Mike O'Connor
2021-08-30 10:24 ` Daniel
2021-08-30 12:55 ` Skyler Mäntysaari
2021-08-30 16:43 ` Roman Mamedov
2021-08-30 17:28 ` Daniel
2021-08-30 17:38 ` Roman Mamedov
2021-08-30 17:44 ` Daniel
2021-08-30 17:59 ` Roman Mamedov
2021-08-31 17:50 ` Daniel
2021-09-01 17:44 ` Daniel
2021-09-03 13:59 ` ipv6 connexion fail - ipv4 OK (SOLVED) Daniel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210827211412.3ed5f170@natsu \
--to=rm@romanrm.net \
--cc=tech@tootai.net \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.