search

jordanpotter / docker-wireguard

Simple image for running a WireGuard client with a kill switch
MIT License
143 stars 37 forks source link

ipv6 error in podman #40

Closed ypopovych closed 3 months ago

ypopovych commented 7 months ago

Hello, I have strange ipv6 error in podman and container fails to start properly.

[#] ip link add wg-luxembourg type wireguard
[#] wg setconf wg-luxembourg /dev/fd/63
[#] ip -4 address add 172.16.0.2/32 dev wg-luxembourg
[#] ip -6 address add fdf5:6028:947d:29a4::2/128 dev wg-luxembourg
[#] ip link set mtu 1420 up dev wg-luxembourg
[#] resolvconf -a wg-luxembourg -m 0 -x
[#] wg set wg-luxembourg fwmark 51820
[#] ip -6 route add ::/0 dev wg-luxembourg table 51820
[#] ip -6 rule add not fwmark 51820 table 51820
[#] ip -6 rule add table main suppress_prefixlength 0
[#] ip6tables-restore -n
[#] ip -4 route add 0.0.0.0/0 dev wg-luxembourg table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] echo Skipping setting net.ipv4.conf.all.src_valid_mark
Skipping setting net.ipv4.conf.all.src_valid_mark
[#] iptables-restore -n
Bad argument `fe80::68ec:a8ff:fe2a:cb22/64'
Try `ip6tables -h' or 'ip6tables --help' for more information.
ypopovych commented 7 months ago

I think I found the problem. Podman ethernet interface can have more than one IPv6. One of them will be global, and other are local ones.

So line:

container_ipv6_network="$(ip -o addr show dev eth0 | awk '$3 == "inet6" {print $4}')"

should be updated to:

container_ipv6_network="$(ip -o addr show dev eth0 | awk '$3 == "inet6" && $6 == "global" {print $4}')"
jordanpotter commented 6 months ago

Hey @ypopovych , sorry for the late reply. This looks like an excellent fix!

Would you like to open the PR, or shall I?