Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 3 Feb 2021 21:12:46 +0100
From:      Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
To:        freebsd-net@freebsd.org
Subject:   Re: new in-kernel wireguard and IPv6 endpoint
Message-ID:  <c9267bd0-7504-0448-fee3-7c12abc8076b@plan-b.pwste.edu.pl>
In-Reply-To: <6d9afa54-d0be-df3e-9377-e19243279a70@plan-b.pwste.edu.pl>
References:  <6d9afa54-d0be-df3e-9377-e19243279a70@plan-b.pwste.edu.pl>
next in thread | previous in thread | raw e-mail | index | archive | help 
W dniu 21.01.2021 o=C2=A020:03, Marek Zarychta pisze:
> Dear subscribers,
>
> please let me know if is it possible to use IPv6 addressed endpoint=20
> for the tunnel? I have tried to specify the address enclosed in []=20
> followed by the port number, for example: [2001:db8:0:1::1]:54333,=20
> have tried without it: 2001:db8:0:1::1:54333. I have also tried to=20
> specify it with prefix length, like this one:=20
> [2001:db8:0:1::1]/128:54333, but neither works.
>
> I got only some errors:
>
> matchaddr failed
> peer not found - dropping 0xfffff802099b6700
> wg0: wg_peer_add bad length for endpoint 28
>
> Is it possible to utilize IPv6 address as an endpoint for the tunnel=20
> with this implementation?
>
>
There was not much feedback on the mailing list, so I changed the code a =

bit to not validate endpoint length so strictly and check if IPv6=20
address as endpoint is supported. This resulted in a partial success.=20
The handshake over IPv6 looks like established from the endpoint (as=20
it's reported by "wg show" command), but the tunnel is neither capable=20
to carry any data nor keepalives are send.

Here is the handshake as sniffed on the endpoint:

00:00:00.000000 IP6 (hlim 57, next-header UDP (17) payload length: 156)=20
2001:db8:d47::c:100d.12345 > 2001:db8::b.55667: [udp sum ok] UDP, length =
148
00:00:00.002860 IP6 (hlim 64, next-header UDP (17) payload length: 100)=20
2001:db8::b.55667 > 2001:db8:d47::c:100d.12345: [bad udp cksum 0x6f50 -> =

0x62b4!] UDP, length 92
00:00:00.000892 IP6 (hlim 57, next-header UDP (17) payload length: 120)=20
2001:db8:d47::c:100d.12345 > 2001:db8::b.55667: [udp sum ok] UDP, length =
112

Perhaps the incompatibility with IPv6 should be mentioned at least in=20
just added wg(4) manual page[1]?

[1] https://cgit.freebsd.org/src/commit/?id=3De59d9cb41284

--=20
Marek Zarychta

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c9267bd0-7504-0448-fee3-7c12abc8076b>