* IPv6 endpoint AND IPv4 fallback endpoint in roadwarrior scenario? @ 2019-05-27 18:10 Rene 'Renne' Bartsch, B.Sc. Informatics 2019-09-29 14:27 ` Ulrich Kalloch 0 siblings, 1 reply; 7+ messages in thread From: Rene 'Renne' Bartsch, B.Sc. Informatics @ 2019-05-27 18:10 UTC (permalink / raw) To: wireguard Hi, is it meanwhile possible to define an IPv6 endpoint AND and an IPv4 endpoint as fallback in case a road warrior does not get IPv6 connectivity when switching internet sockets? Regards, Renne _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: IPv6 endpoint AND IPv4 fallback endpoint in roadwarrior scenario? 2019-05-27 18:10 IPv6 endpoint AND IPv4 fallback endpoint in roadwarrior scenario? Rene 'Renne' Bartsch, B.Sc. Informatics @ 2019-09-29 14:27 ` Ulrich Kalloch 2019-09-29 19:31 ` Henning Reich 0 siblings, 1 reply; 7+ messages in thread From: Ulrich Kalloch @ 2019-09-29 14:27 UTC (permalink / raw) To: wireguard [-- Attachment #1.1.1.1: Type: text/plain, Size: 526 bytes --] Hello @ all i am interested in this too. Regards Ulli Am 27.05.19 um 20:10 schrieb Rene 'Renne' Bartsch, B.Sc. Informatics: > Hi, > > is it meanwhile possible to define an IPv6 endpoint AND and an IPv4 > endpoint as fallback > in case a road warrior does not get IPv6 connectivity when switching > internet sockets? > > Regards, > > Renne > _______________________________________________ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard [-- Attachment #1.1.1.2: 0x44BE4EB74E7625C8.asc --] [-- Type: application/pgp-keys, Size: 3987 bytes --] [-- Attachment #1.2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 833 bytes --] [-- Attachment #2: Type: text/plain, Size: 148 bytes --] _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: IPv6 endpoint AND IPv4 fallback endpoint in roadwarrior scenario? 2019-09-29 14:27 ` Ulrich Kalloch @ 2019-09-29 19:31 ` Henning Reich 2019-09-29 20:46 ` Rene 'Renne' Bartsch, B.Sc. Informatics 2019-09-30 7:52 ` Nico Schottelius 0 siblings, 2 replies; 7+ messages in thread From: Henning Reich @ 2019-09-29 19:31 UTC (permalink / raw) To: Ulrich Kalloch; +Cc: WireGuard mailing list [-- Attachment #1.1: Type: text/plain, Size: 894 bytes --] Should a DNS entry Wirth one AAAA record and one A record solve thus problem? So the OS decide the best way to connect? Ulrich Kalloch <ulli@noc23.de> schrieb am So., 29. Sep. 2019, 16:29: > Hello @ all > > i am interested in this too. > > Regards > > Ulli > > Am 27.05.19 um 20:10 schrieb Rene 'Renne' Bartsch, B.Sc. Informatics: > > Hi, > > > > is it meanwhile possible to define an IPv6 endpoint AND and an IPv4 > > endpoint as fallback > > in case a road warrior does not get IPv6 connectivity when switching > > internet sockets? > > > > Regards, > > > > Renne > > _______________________________________________ > > WireGuard mailing list > > WireGuard@lists.zx2c4.com > > https://lists.zx2c4.com/mailman/listinfo/wireguard > > > _______________________________________________ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard > [-- Attachment #1.2: Type: text/html, Size: 1689 bytes --] [-- Attachment #2: Type: text/plain, Size: 148 bytes --] _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: IPv6 endpoint AND IPv4 fallback endpoint in roadwarrior scenario? 2019-09-29 19:31 ` Henning Reich @ 2019-09-29 20:46 ` Rene 'Renne' Bartsch, B.Sc. Informatics 2019-09-30 7:52 ` Nico Schottelius 1 sibling, 0 replies; 7+ messages in thread From: Rene 'Renne' Bartsch, B.Sc. Informatics @ 2019-09-29 20:46 UTC (permalink / raw) To: wireguard [-- Attachment #1.1: Type: text/plain, Size: 1496 bytes --] What happens if the DNS-lookup fails (e.g broken or manipulated DNS)? In my opinion it should be possible to work with static IPv6 addresses and fall back to static IPv4 addresses. Regards, Renne Am 29.09.19 um 21:31 schrieb Henning Reich: > Should a DNS entry Wirth one > AAAA record and one A record solve thus problem? So the OS decide the > best way to connect? > > Ulrich Kalloch <ulli@noc23.de <mailto:ulli@noc23.de>> schrieb am So., > 29. Sep. 2019, 16:29: > > Hello @ all > > i am interested in this too. > > Regards > > Ulli > > Am 27.05.19 um 20:10 schrieb Rene 'Renne' Bartsch, B.Sc. Informatics: > > Hi, > > > > is it meanwhile possible to define an IPv6 endpoint AND and an IPv4 > > endpoint as fallback > > in case a road warrior does not get IPv6 connectivity when switching > > internet sockets? > > > > Regards, > > > > Renne > > _______________________________________________ > > WireGuard mailing list > > WireGuard@lists.zx2c4.com <mailto:WireGuard@lists.zx2c4.com> > > https://lists.zx2c4.com/mailman/listinfo/wireguard > > > _______________________________________________ > WireGuard mailing list > WireGuard@lists.zx2c4.com <mailto:WireGuard@lists.zx2c4.com> > https://lists.zx2c4.com/mailman/listinfo/wireguard > > > _______________________________________________ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard [-- Attachment #1.2: Type: text/html, Size: 3445 bytes --] [-- Attachment #2: Type: text/plain, Size: 148 bytes --] _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: IPv6 endpoint AND IPv4 fallback endpoint in roadwarrior scenario? 2019-09-29 19:31 ` Henning Reich 2019-09-29 20:46 ` Rene 'Renne' Bartsch, B.Sc. Informatics @ 2019-09-30 7:52 ` Nico Schottelius 2019-09-30 8:44 ` Kalin KOZHUHAROV 2019-09-30 11:16 ` mikma.wg 1 sibling, 2 replies; 7+ messages in thread From: Nico Schottelius @ 2019-09-30 7:52 UTC (permalink / raw) To: Henning Reich; +Cc: WireGuard mailing list At lookup time this works already. The problem is, if the underlying network topology changes and you need to reconnect via IPv4, when you had IPv6 underlying before. This is the feature that is - afaik- not currently implemented in wireguard. Henning Reich <henning.reich@gmail.com> writes: > Should a DNS entry Wirth one > AAAA record and one A record solve thus problem? So the OS decide the best > way to connect? > > Ulrich Kalloch <ulli@noc23.de> schrieb am So., 29. Sep. 2019, 16:29: > >> Hello @ all >> >> i am interested in this too. >> >> Regards >> >> Ulli >> >> Am 27.05.19 um 20:10 schrieb Rene 'Renne' Bartsch, B.Sc. Informatics: >> > Hi, >> > >> > is it meanwhile possible to define an IPv6 endpoint AND and an IPv4 >> > endpoint as fallback >> > in case a road warrior does not get IPv6 connectivity when switching >> > internet sockets? >> > >> > Regards, >> > >> > Renne >> > _______________________________________________ >> > WireGuard mailing list >> > WireGuard@lists.zx2c4.com >> > https://lists.zx2c4.com/mailman/listinfo/wireguard >> >> >> _______________________________________________ >> WireGuard mailing list >> WireGuard@lists.zx2c4.com >> https://lists.zx2c4.com/mailman/listinfo/wireguard >> > _______________________________________________ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard -- Your Swiss, Open Source and IPv6 Virtual Machine. Now on www.datacenterlight.ch. _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: IPv6 endpoint AND IPv4 fallback endpoint in roadwarrior scenario? 2019-09-30 7:52 ` Nico Schottelius @ 2019-09-30 8:44 ` Kalin KOZHUHAROV 2019-09-30 11:16 ` mikma.wg 1 sibling, 0 replies; 7+ messages in thread From: Kalin KOZHUHAROV @ 2019-09-30 8:44 UTC (permalink / raw) To: Nico Schottelius; +Cc: WireGuard mailing list On Mon, Sep 30, 2019 at 9:53 AM Nico Schottelius <nico.schottelius@ungleich.ch> wrote: > At lookup time this works already. > yup! > The problem is, if the underlying network topology changes and you need to reconnect via IPv4, > when you had IPv6 underlying before. > Well, "if the underlying network topology changes" it is better to detect and update things from OS level. A restart of the wg interface (and using A/AAAA DNS records) works, so it just needs to be initiated from whoever is taking care of the OS network reconfiguration. I would say that is "outside" feature, shouldn't be implemented at wg level. Or ... actually, if there are other use cases, a more generic "self-restart-timer" might be helpful. Something along the lines of persistent-keepalive, but the reverse. Persistent-keepalive is a packet send to the remote endpoint as a one-way throw-and-forget packet, there are many valid configurations that use it only on one of the ways (e.g. A --> B). Currently, keepalive packets are discarded on the receive end after updating the stats (e.g. https://github.com/WireGuard/WireGuard/blob/0d9758d1afe5f812d5ccfcbb4b7c74f42f50318b/src/receive.c#L362 ) /* A packet with length 0 is a keepalive packet */ if (unlikely(!skb->len)) { update_rx_stats(peer, message_data_len(0)); net_dbg_ratelimited("%s: Receiving keepalive packet from peer %llu (%pISpfsc)\n", dev->name, peer->internal_id, &peer->endpoint.addr); goto packet_processed; } I would say a reverse-keepalive (not the best wording) is to try to reconnect to the peer if it was off-line (no data or KA-packets) for some predefined time. This can be measured in number of seconds since last packet received (KA or data). If such a condition is met, resetting the interface (and thus redoing DNS lookup) may result in fixing the link disruption caused by topology change. Again, this may be better implemented outside wireguard since the timeout is available e.g. via `wg show <INTERFACE> latest-handshakes` command. Cheers, Kalin. _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: IPv6 endpoint AND IPv4 fallback endpoint in roadwarrior scenario? 2019-09-30 7:52 ` Nico Schottelius 2019-09-30 8:44 ` Kalin KOZHUHAROV @ 2019-09-30 11:16 ` mikma.wg 1 sibling, 0 replies; 7+ messages in thread From: mikma.wg @ 2019-09-30 11:16 UTC (permalink / raw) To: Nico Schottelius, Henning Reich; +Cc: WireGuard mailing list On 2019-09-30 09:52, Nico Schottelius wrote: > > At lookup time this works already. The problem is, if the underlying > network topology changes and you need to reconnect via IPv4, when you > had IPv6 underlying before. It doesn't work for me at least not with the Android app. I have a DNS name with both AAAA and A records that I use but the app seems to prefer IPv4 instead of IPv6. And I also can't detect any fallback to IPv6 if ICMP unreachable are sent for the IPv4 handshake attempts. /Mikma > > This is the feature that is - afaik- not currently implemented in > wireguard. > > > Henning Reich <henning.reich@gmail.com> writes: > >> Should a DNS entry Wirth one >> AAAA record and one A record solve thus problem? So the OS decide the best >> way to connect? >> _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-11-27 9:49 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-05-27 18:10 IPv6 endpoint AND IPv4 fallback endpoint in roadwarrior scenario? Rene 'Renne' Bartsch, B.Sc. Informatics 2019-09-29 14:27 ` Ulrich Kalloch 2019-09-29 19:31 ` Henning Reich 2019-09-29 20:46 ` Rene 'Renne' Bartsch, B.Sc. Informatics 2019-09-30 7:52 ` Nico Schottelius 2019-09-30 8:44 ` Kalin KOZHUHAROV 2019-09-30 11:16 ` mikma.wg
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).