search

wg-easy / wg-easy

The easiest way to run WireGuard VPN + Web-based Admin UI.
Other
12.78k stars 1.27k forks source link

IPv6 support #138

Open andrey0001 opened 2 years ago

andrey0001 commented 2 years ago

I am missing an option with IPV6 addresses. Please add this feature.

WeeJeWel commented 2 years ago

Create a PR :)

joelheaps commented 2 years ago

Just dropping a comment to express support for this. I appreciate all the work you've put into the project, and I understand why this might not be high on the list. I also think that a lack of IPv6 support in 2022 puts a fairly significant limit on the project's functionality though. If I can learn the ropes of the code here I may work on a PR.

lucyrose39 commented 8 months ago

Also adding a comment asking for IPv6 support. non dual stack systems aren't useful on my network.

github-actions[bot] commented 6 months ago

This issue is stale because it has been open for 30 days with no activity.

kaaax0815 commented 6 months ago

This issue shouldnt be stale

GrauBlitz commented 6 months ago

Maybe I am missing something, but why is the container despite this listening on IPv6?

# lsof -i:51820
COMMAND       PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
docker-pr X root    4u  IPv4 X 0t0  UDP *:51820
docker-pr X root    4u  IPv6 X 0t0  UDP *:51820
# lsof -i:51821
COMMAND       PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
docker-pr X root    4u  IPv4 X 0t0  TCP *:51821 (LISTEN)
docker-pr X root    4u  IPv6 X 0t0  TCP *:51821 (LISTEN)
alvolalex commented 6 months ago

As a temporary solution I can advise an ipv6-to-ipv4 proxy. E.g. "tayga" or "socat". An example below was generated by ChatGPT and wasn't tested yet by me and it comes with no warranty.

sudo apt-get update
sudo apt-get install tayga
echo 'ipv4-addr = 192.168.255.1
dynamic-pool = 192.168.255.0/24
prefix = fd00:1234::/96
allow-own-ranges = yes' | sudo tee /etc/tayga.conf
sudo ip tuntap add mode tun dev tun0
sudo ip addr add 192.168.255.1/24 dev tun0
sudo ip link set dev tun0 up
sudo ip route add 192.168.255.0/24 dev tun0
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE  
sudo tayga -d
github-actions[bot] commented 5 months ago

This issue is stale because it has been open for 30 days with no activity.

Jie2GG commented 5 months ago

@andrey0001 @WeeJeWel @alvolalex I implemented dual-stack support for wg-easy using the 'docker-compose.yml' configuration file.

Steps:

  1. Enable docker IPv6 NAT.
  2. Test this machine is support IPv6.
  3. Configuration nginx config & cert.
  4. Use my docker-compose.yml file start wg-easy container.

docker-compose.yml file:

version: '3.8'  
services:  
  wg-easy:  
    image: ghcr.io/wg-easy/wg-easy  
    container_name: wg-easy  
    network_mode: bridge
    restart: always
    privileged: true
    environment:  
      - WG_HOST=********  
      - PASSWORD=********
      - WG_DEFAULT_DNS=********
      - WG_DEFAULT_ADDRESS=********
    volumes:  
      -  /data/wireguard:/etc/wireguard  
    ports:  
      - 51820:51820/udp
    cap_add:
      - NET_ADMIN
      - SYS_MODULE 
    sysctls:  
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv6.conf.all.forwarding=1
  wg-nginx:
    image: nginx
    container_name: wg-nginx
    privileged: true
    restart: always
    hostname: nginx
    network_mode: bridge
    ports:
      - 51821:51821/tcp
    volumes:
      - /data/nginx/conf/:/etc/nginx/
      - /data/nginx/cert/:/etc/cert/
      - /data/nginx/www/:/usr/share/nginx/html/
      - /data/nginx/logs/:/var/log/nginx/
    depends_on:
      - wg-easy
    links:
      - wg-easy:wg-easy

nginx config:

worker_processes  auto;
error_log  /dev/null;

events {
    worker_connections  1024;
}

http {
    server {
        listen 51821 ssl;
        listen [::]:51821 ssl;

        server_name YOU_HOST;

        ssl_certificate /etc/cert/********.pem;
        ssl_certificate_key /etc/cert/********.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;

        # Proxy wg-easy web page
        location / {
            proxy_pass http://wg-easy:51821;
        }        
    }
}
github-actions[bot] commented 4 months ago

This issue is stale because it has been open for 30 days with no activity.

github-actions[bot] commented 3 months ago

This issue is stale because it has been open for 30 days with no activity.

Linuxy95 commented 3 months ago

IPv6 is a very important topic, please do not forget it.

1RandomDev commented 3 months ago

How about just start adding support for specifying IPv6 addresses in the UI and letting the user take care of the routing later? Btw even though it's not the best solution you can use local addresses and NAT IPv6 just like v4 in a container that's in a IPv6 network. Just add a ULA address to the server and every client and translate it using ip6tables -A POSTROUTING -s fd..........::/64 -o eth0 -j MASQUERADE.

github-actions[bot] commented 2 months ago

This issue is stale because it has been open for 30 days with no activity.

MeesJ commented 2 months ago

There's no reason to have this being stale ;-)

pheiduck commented 2 months ago

There's no reason to have this being stale ;-)

Yup, but It's need a Developer as well, I do not have enough time currently to work on this. And currently we prepare v13 which does not have this. Maybe the next version...

kaaax0815 commented 2 months ago

There's no reason to have this being stale ;-)

Yup, but It's need a Developer as well, I do not have enough time currently to work on this. And currently we prepare v13 which does not have this. Maybe the next version...

I have some free time and would be willing to work on this. As I don't have much experience with wireguard I would appreciate some guidance

github-actions[bot] commented 1 month ago

This issue is stale because it has been open for 30 days with no activity.

github-actions[bot] commented 3 weeks ago

This issue was closed because it has been inactive for 14 days since being marked as stale.

gschintgen commented 3 weeks ago

Hello bot, please reconsider 😉

1RandomDev commented 3 weeks ago

By now I've just switched to a regular Wireguard config, being able to quickly create new accounts and monitoring data usage via the UI is nice but no IPv6 is a no go for me.

lucyrose39 commented 3 weeks ago

Reconsider, please

kaaax0815 commented 3 weeks ago

I don't think the feature is off the table just because this issue is closed. The underlying issue is that the pr needs work. And nobody has the required time

pheiduck commented 3 weeks ago

By now I've just switched to a regular Wireguard config, being able to quickly create new accounts and monitoring data usage via the UI is nice but no IPv6 is a no go for me.

I understand your thoughts. But we need someone to work on that feature as the existing PR is out of date…