From: Kristof Mattei <kristofmattei@outlook.com>
To: "wireguard@lists.zx2c4.com" <wireguard@lists.zx2c4.com>
Subject: [wireguard-apple] [iOS] 464xlat networks and On-demand roaming issue
Date: Sun, 3 Oct 2021 22:15:25 +0000 [thread overview]
Message-ID: <BY5PR04MB6833078C93B5AE04028574EEA2AD9@BY5PR04MB6833.namprd04.prod.outlook.com> (raw)
I have an issue with the wireguard-apple on 464xlat connecting to a DNS endpoint with both an A and an AAAA record.
The following line: https://git.zx2c4.com/wireguard-apple/tree/Sources/WireGuardKit/DNSResolver.swift#n81 causes WireGuard to prefer the IPv4 address.
Is there any reason why WireGuard prefers the IPv4 address?
Why is this causing trouble? But this is what happens:
When connecting to IPv6 the IPv4 address gets mapped to an IPv6 address which then acts as an IPv6->IPv4 proxy. The IP looks like [2607:7700:0:1a::17f3:f750]:51820.
This causes issues when roaming from my home WiFi (on which WireGuard is disabled) to cellular (on which WireGuard is set to on-Demand).
The initial connection that is set up for some reason does not work. There are reports about this on Reddit, e.g. https://www.reddit.com/r/WireGuard/comments/nk2o7m/anyone_got_it_working_with_tmobile_lte/
I can fix it by setting the endpoint to the actual IPv6 address, and then it works like a charm, but that fails when I connect to a non-IPv6 network.
Thanks,
Kristof
next reply other threads:[~2021-10-04 5:39 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-03 22:15 Kristof Mattei [this message]
2021-10-09 6:43 ` [wireguard-apple] [iOS] 464xlat networks and On-demand roaming issue Jérémy Prego
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BY5PR04MB6833078C93B5AE04028574EEA2AD9@BY5PR04MB6833.namprd04.prod.outlook.com \
--to=kristofmattei@outlook.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.