new in-kernel wireguard and IPv6 endpoint
Marek Zarychta
zarychtam at plan-b.pwste.edu.pl
Wed Feb 3 20:12:58 UTC 2021
W dniu 21.01.2021 o 20:03, Marek Zarychta pisze:
> Dear subscribers,
>
> please let me know if is it possible to use IPv6 addressed endpoint
> for the tunnel? I have tried to specify the address enclosed in []
> followed by the port number, for example: [2001:db8:0:1::1]:54333,
> have tried without it: 2001:db8:0:1::1:54333. I have also tried to
> specify it with prefix length, like this one:
> [2001:db8:0:1::1]/128:54333, but neither works.
>
> I got only some errors:
>
> matchaddr failed
> peer not found - dropping 0xfffff802099b6700
> wg0: wg_peer_add bad length for endpoint 28
>
> Is it possible to utilize IPv6 address as an endpoint for the tunnel
> with this implementation?
>
>
There was not much feedback on the mailing list, so I changed the code a
bit to not validate endpoint length so strictly and check if IPv6
address as endpoint is supported. This resulted in a partial success.
The handshake over IPv6 looks like established from the endpoint (as
it's reported by "wg show" command), but the tunnel is neither capable
to carry any data nor keepalives are send.
Here is the handshake as sniffed on the endpoint:
00:00:00.000000 IP6 (hlim 57, next-header UDP (17) payload length: 156)
2001:db8:d47::c:100d.12345 > 2001:db8::b.55667: [udp sum ok] UDP, length 148
00:00:00.002860 IP6 (hlim 64, next-header UDP (17) payload length: 100)
2001:db8::b.55667 > 2001:db8:d47::c:100d.12345: [bad udp cksum 0x6f50 ->
0x62b4!] UDP, length 92
00:00:00.000892 IP6 (hlim 57, next-header UDP (17) payload length: 120)
2001:db8:d47::c:100d.12345 > 2001:db8::b.55667: [udp sum ok] UDP, length 112
Perhaps the incompatibility with IPv6 should be mentioned at least in
just added wg(4) manual page[1]?
[1] https://cgit.freebsd.org/src/commit/?id=e59d9cb41284
--
Marek Zarychta
More information about the freebsd-net
mailing list