On Sat, 31 Oct 2020 21:31:50 +0000 Laura Smith <n5d9xq3ti233xiyif...@protonmail.ch> wrote:
> Hi, > > I currently have a fully functional dual-stack Wireguard instance > running on Debian. However given the recent release of OpenBSD 6.8 > with Wireguard in base, I thought it would be a good opportunity to > switch over from the dark side. ;-) > > Anyway, so on Debian I have a no-NAT setup, with the host announcing > the VPN subnets to upstream router. All works great. > > I'm no stranger to OpenBSD and OpenBGPD, but I've only managed to get > 2/3 of the way : > - The OpenBSD host is config fully functional dual-stack, IPv4 and > IPv6 work perfectly > - wg(4) IPv4 config works perfectly, clients can connect and browse > the internet > - wg(4) IPv6 config does not work, clients can connect but no > routing, not even able to ping loopback IPs or the wg interface IP. > - I have verified upstream routers can ping test loopback IPv6 IPs, > so dual-stack BGP is functional > - I have tried a IPv6 only wireguard client config (as shown below) > and that has no effect ( i thought maybe a dual-stack client config > was the problem with OpenBSD) Firstly, there should be no issues with any combination of v4+v6 with wg(4), so I presume it is a misconfiguration somewhere. Having a quick look at the config, the endpoint should not be the same as the inet6 addr on the server wg1. But I might guess that was a mistake when sanitising your configs? Unfortunately, without more information it would be difficult to diagnose. Route tables from both ends would be a start. I would also suggest doing a tcpdump on wg interfaces on both ends to see where traffic is leaving/arriving. Cheers, Matt
