bneijt
commented
4 years ago Multihop is not supported by Mullvad as far as I know, but you could use multipath routing by adding multiple servers. The python script does not support this (it only generates for wg0 from a single .conf file atm).
My personal internet connection does not support IPv6 which is the main reason for me to use a VPN in the first place (to be able to directly contact cheap VPS instances using only free IPv6 addresses). I do not know if the wireguard module supports IPv6 connectivity. Please contact the wireguard module writers to get more information on that.
I use a server connection via IPv4 but to get IPv6 support for my LAN network towards the internet, I use full-IPv6 NATting to have all LAN clients act as a single IPv6 address towards Mullvad. From mullvad you get a single IPv6 address that is allowed over the tunnel, so you can't have other IPv6 addresses exposed via the mullvad tunnel. Full IPv6 NAT is not supported by the configuration system from Ubiquity so you have to directly instruct the kernel via the iptables command to get the IPv6 masquerade working.
I think I should add a diagram of the current routing the configuration is proposing: I use the modify firewall called lanInModify to make sure that all incoming traffic (from LAN directed to the outside) is modified to start using a separate routing table 190. However, I still wanted my phone to be able to directly contact Mullvad and try out different other Wireguard connections, so I decided to make a few exception to the "use a different routing table" rule: access to my ISP modem (to be able to check modem status and config), UDP connections to port 51820 (common wireguard port), and access to local systems on the switch (LAN to LAN routing via the edgerouter). That last rule is probably bogus, I would have to check, but I don't think local systems should/would contact the edgerouter for access to networks in the same subnet :thinking: .
Hope that explains it all a bit more, I'll try to see if I can find the time to add a diagram and maybe split up the configuration and/or make the python script interactive? If you think either would help, consider opening a new issue requesting one of the two ;)
ahua92
Hi,
I used your Python code to create a command file from my Mullvad .conf. I am able to run the entire command file without any errors, but I am losing internet access after commiting the changes. I am wondering if perhaps my .conf file is the cause.
Does the Python code support multihop? Or should I be using only a single server? Also, does the server connection protocol need to be IPv4 or can IPv6 be used? I am tunneling traffic through both. I did
sudo ip6tables --table nat --append POSTROUTING --out-interface wg0 -j MASQUERADEafter committing the changes as well.I don't quite fully understand the firewall rule, and this may be the area causing problems too.
edit firewall modify lanInModify rule 187 set description 'do not mod wireguard ever' set action accept set destination port 51820 set protocol udp exit edit firewall modify lanInModify rule 188 set description 'allow access to ISP modem' set action accept set destination group address-group NETv4_eth0 exit edit firewall modify lanInModify rule 189 set description 'do not mod local targets' set action accept set destination group address-group NETv4_switch0 exit edit firewall modify lanInModify rule 190 set action modify set modify table 190 exitIf I have my modem connected to eth0 and my ASUS router connected to eth4, should this be changed?
Thank you. Completely out of my league here.
edit: I did rerun the Python code using a single server .conf and no modification of advanced settings, and everything is working perfectly.