new in-kernel wireguard and IPv6 endpoint
Vasily Postnicov
shamaz.mazum at gmail.com
Thu Feb 4 04:25:31 UTC 2021
If the endpoint does not use the same WireGuard implementation from
FreeBSD, try to cherry-pick this commit first and then rebuild and
reinstall the kernel.
https://cgit.freebsd.org/src/commit/?id=5aaea4b99e5cc724e97e24a68876e8768d3d8012
ср, 3 февр. 2021 г., 23:13 Marek Zarychta <zarychtam at plan-b.pwste.edu.pl>:
> W dniu 21.01.2021 o 20:03, Marek Zarychta pisze:
> > Dear subscribers,
> >
> > please let me know if is it possible to use IPv6 addressed endpoint
> > for the tunnel? I have tried to specify the address enclosed in []
> > followed by the port number, for example: [2001:db8:0:1::1]:54333,
> > have tried without it: 2001:db8:0:1::1:54333. I have also tried to
> > specify it with prefix length, like this one:
> > [2001:db8:0:1::1]/128:54333, but neither works.
> >
> > I got only some errors:
> >
> > matchaddr failed
> > peer not found - dropping 0xfffff802099b6700
> > wg0: wg_peer_add bad length for endpoint 28
> >
> > Is it possible to utilize IPv6 address as an endpoint for the tunnel
> > with this implementation?
> >
> >
> There was not much feedback on the mailing list, so I changed the code a
> bit to not validate endpoint length so strictly and check if IPv6
> address as endpoint is supported. This resulted in a partial success.
> The handshake over IPv6 looks like established from the endpoint (as
> it's reported by "wg show" command), but the tunnel is neither capable
> to carry any data nor keepalives are send.
>
> Here is the handshake as sniffed on the endpoint:
>
> 00:00:00.000000 IP6 (hlim 57, next-header UDP (17) payload length: 156)
> 2001:db8:d47::c:100d.12345 > 2001:db8::b.55667: [udp sum ok] UDP, length
> 148
> 00:00:00.002860 IP6 (hlim 64, next-header UDP (17) payload length: 100)
> 2001:db8::b.55667 > 2001:db8:d47::c:100d.12345: [bad udp cksum 0x6f50 ->
> 0x62b4!] UDP, length 92
> 00:00:00.000892 IP6 (hlim 57, next-header UDP (17) payload length: 120)
> 2001:db8:d47::c:100d.12345 > 2001:db8::b.55667: [udp sum ok] UDP, length
> 112
>
> Perhaps the incompatibility with IPv6 should be mentioned at least in
> just added wg(4) manual page[1]?
>
> [1] https://cgit.freebsd.org/src/commit/?id=e59d9cb41284
>
> --
> Marek Zarychta
>
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
More information about the freebsd-net
mailing list