Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

luci-proto-wireguard: Add the option for setting ip6prefix. #7548

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

luci-proto-wireguard: Add the option for setting ip6prefix. #7548

wants to merge 1 commit into from

Conversation

adelton
Copy link
Contributor

@adelton adelton commented Jan 9, 2025
edited by systemcrash
Loading

  • This PR is not from my main or master branch πŸ’©, but a separate branch βœ…
  • Each commit has a valid βœ’οΈ Signed-off-by: <[email protected]> row (via git commit --signoff)
  • Each commit and PR title has a valid πŸ“ <package name>: title first line subject for packages
  • Incremented πŸ†™ any PKG_VERSION in the Makefile
  • Tested on: local x86_64 VM with OpenWrt 23.05.5 (r24106-10cc5fcd00)
  • ( Preferred ) Mention: @ the original code author for feedback
  • ( Preferred ) Screenshot or mp4 of changes: Screenshot_2025-01-09_20-20-17
  • ( Optional ) Closes Feature request: WireGuard interface should allow for IPv6-PD inputΒ #7539
  • ( Optional ) Depends on: e.g. openwrt/packages#pr-number in sister repo
  • Description: Adds the option for setting ip6prefix for WireGuard interfaces.

@systemcrash
Copy link
Contributor

This won't see much usage, since it looks like clients should each have an IP statically set from that prefix anyway. Why not just use advanced->prefix filter (choose HE.net interface) and advanced->suffix?

@adelton
Copy link
Contributor Author

adelton commented Jan 10, 2025

This won't see much usage, since it looks like clients should each have an IP statically set from that prefix anyway.

Well this is the point -- our local community tunnel broker prescribes the static IP to be outside of the prefix. The address is 2a03:abcd:200::XXX, the prefix allocated for the tunnel is 2a03:abcf:XXX::/48 (where XXX != 200).

Why not just use advanced->prefix filter (choose HE.net interface) and advanced->suffix?

I tried to put the prefix to the IPv6 prefix filter, and ::1 to the IPv6 suffix. Diffing the /etc/config/network, this resulted in the prefix value being stored in list ip6class (instead of list ip6prefix), and ::1 in option ip6ifaceid.

The problem is, with this configuration, the br-lan interface did not get the 2a03:abcd:XXX::1/64 address as it gets with with ip6prefix. So while the tunnel gets established and IPv6 connectivity works from the router itself, it does not work from machines on the local network. Is there something else I should be setting in the prefix filter and/or suffix to get the same behaviour as ip6prefix provides?

@adelton
Copy link
Contributor Author

adelton commented Jan 11, 2025

I notice #5059 actually describes setup very similar to mine -- the IPv6 address (in my case 2a03:abcd:XXX::1) on br-lan, while prefix handled by the wan6 (in my case the WireGuard setup).

@systemcrash
Copy link
Contributor

I could have sworn I had this working. But I have pure IPv6 now, and my recommendation doesn't seem to work on my he.net tunnel... maybe it was just a static IPv6 I had assigned. :/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Feature request: WireGuard interface should allow for IPv6-PD input
2 participants
@adelton @systemcrash