search

masipcat / wireguard-go-docker

Wireguard docker image
https://hub.docker.com/r/masipcat/wireguard-go
GNU General Public License v3.0
195 stars 41 forks source link

IPV6 not working #4

Closed Rohmilchkaese closed 2 years ago

Rohmilchkaese commented 4 years ago

Hey, Could it be that ipv6 is not working ?

masipcat commented 4 years ago

I never tried wireguard with ipv6. Can you provide more information (for example, the client and server config)? Have you tried the same config without wireguard-go / docker ?

If the problem is the server is not routing, maybe can be solved adding net.ipv6.conf.all.forwarding=1 to sysctls in docker-compose.yaml.

masipcat commented 4 years ago

Maybe you were facing this problem https://git.zx2c4.com/wireguard-go/commit/?id=024d6ea4c2a5f4727e0d483db695ec91c5629af8

danopia commented 4 years ago

Hello, I'm attempting to bring IPv6 networking into a Google Cloud server via Wireguard (GCE still doesn't have native IPv6)

It seems like there's some incompatibilities between wireguard and the ip command provided by the image, here's a full log trying to set up a default IPv6 route:

INFO: (wg0) 2020/05/17 15:12:06 Starting wireguard-go version 0.0.20200320
[#] wg setconf wg0 /dev/fd/63
INFO: (wg0) 2020/05/17 15:12:06 Starting wireguard-go version 0.0.20200320
INFO: (wg0) 2020/05/17 15:12:06 Interface set up
INFO: (wg0) 2020/05/17 15:12:06 Device started
INFO: (wg0) 2020/05/17 15:12:06 UAPI listener started
[#] ip -4 address add 10.69.4.68/32 dev wg0
[#] ip -6 address add 2001:19f0:xx:yy:69::4:44/128 dev wg0
[#] ip link set mtu 1380 up dev wg0
INFO: (wg0) 2020/05/17 15:12:06 Interface set down
INFO: (wg0) 2020/05/17 15:12:06 MTU updated: 1380
INFO: (wg0) 2020/05/17 15:12:06 Interface set up
[#] ip -4 route add 10.69.0.0/20 dev wg0
[#] wg set wg0 fwmark 51820
[#] ip -6 route add ::/0 dev wg0 table 51820
ip: invalid argument '51820' to 'table'
[#] ip link delete dev wg0
INFO: (wg0) 2020/05/17 15:12:06 Interface set down
ERROR: (wg0) 2020/05/17 15:12:06 Failed to read packet from TUN device: read : file descriptor in bad state
INFO: (wg0) 2020/05/17 15:12:06 Device closing
INFO: (wg0) 2020/05/17 15:12:06 Shutting down

The config was pretty straightforward:

[Interface]
Address = 10.69.4.68/32, 2001:19f0:xx:yy:69::4:44/128
PostUp = wg set wg0 private-key /secret/wg-key/PrivateKey

[Peer]
PublicKey = ......
AllowedIPs = 10.69.0.0/20, ::/0
Endpoint = ......
PersistentKeepalive = 55

It seems like non-default routes work so I added 2000::/3 (the Addressable Unicast Internet). I also tried my own attempts to replace the default PostUp = ip -6 route replace default via 2001:19f0:xx:yy:69::/96 dev wg0 which crashed (ip: an inet address is expected rather than "2001:19f0:xx:yy:69::/96"). Still figuring out the rest of the setup here.

Anyway, not sure what needs to be changed on the image or in Wireguard to fix the default route setup.

danopia commented 4 years ago

I have IPv6 working fine now with 2000::/3 routed instead of ::/0, for anyone else who ends up here:

[Interface]
Address = 10.x.y.z/32
Address = 2001:x:y:z::43/128
PostUp = wg set wg0 private-key /secret/wg-key/PrivateKey

[Peer]
PublicKey = ......
AllowedIPs = 10.x.y.z/20
AllowedIPs = 2000::/3
Endpoint = .....:51820
PersistentKeepalive = 55

Cheers

masipcat commented 4 years ago

Hi @danopia! Thank you for your debugging. It seems this was happening as well with ipv4 and I could reproduce it (#11).

I just fixed it in latest. You will need to uncomment this line in your docker-compose.yaml: https://github.com/masipcat/wireguard-go-docker/blob/93a1aa175adcb0ed6a2867d44ffc98e6e5d2d4db/docker-compose.yml#L17-L18

Can you give it a try?