rootbeerdan
commented
2 years ago I would add that this should be an option along with being able to choose your IP space, as utilizing ULA space will by default prioritize IPv4 over IPv6.
(see: #290)
Open mcatanzaro opened 2 years ago
rootbeerdan
commented
2 years ago I would add that this should be an option along with being able to choose your IP space, as utilizing ULA space will by default prioritize IPv4 over IPv6.
(see: #290)
ghost
commented
2 years ago @angristan @rootbeerdan @mcatanzaro step 2(b) explains this configuration https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-ubuntu-20-04
The problem is I created a new VPS with local unique IPv6 and set it up but problem persisted.
After that, I choosed an local IPv6 range 2602:: and problem has been solved.
mcatanzaro
commented
2 years ago step 2(b) explains this configuration https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-ubuntu-20-04
I would make one tweak: I don't recommend depending on the existence of /var/lib/dbus/machine-id, since that smells like it might be an implementation detail of dbus-daemon, which is going away in the future. There already exists /etc/machine-id which is provided by systemd and therefore a standard that's not going away.
wireguard-install defaults to using 10.66.66.1 as the IPv4 address of the Wireguard server and fd42:42:42::1 as the IPv6 address. 10.66.66.1 is as good a default as any for IPv4. It's going to conflict with other VPNs, but routing conflicts are par for the course for IPv4, so that is normal and expected and users just gotta deal. (It's not just going to conflict with other VPNs created using wireguard-install. Many VPNs use the entire 10.0.0.0/8 range. It's basically impossible to avoid routing conflicts in IPv4.)
But IPv6 is designed to avoid these woes because the address space is so large: as long as the default is randomized, it's extremely unlikely to conflict with any other private network's address space. Picking one particular hardcoded default defeats this goal. Ideally in the mythical Glorious Future where IPv4 no longer matters, I should be able to connect to two different Wireguard servers that were both configured with wireguard-install and not have to worry about routing conflicts. Currently if both networks are configured using wireguard-install, they are quite likely to both use that same fd42:42:42::/48 range simply because it's the default, which is a shame because there is so much IPv6 available to avoid this! Anyway, the solution is to generate the default following the algorithm specified by RFC 4193 section 3.2.2. It seems like overkill to me vs. picking something at random, but whatever, that's what the smart people came up with. If anybody is bored, implementing that in wireguard-install would be interesting.