Hello,
With the recent addition of IPv6 support, I’m trying to get IPv6 working with the WireGuard client. If I log into the AR750S and do a ip addr add <addr> dev wg0
with the IPv6 everything works great, but it looks like the web interface and /etc/config/wireguard
only supports one value for the Address=
value of the WireGuard configuration. Is there a way set both? Or perhaps use a PostUp
rule to manually add the second IP address to the WireGuard client configuration?
After reading through /etc/init.d/wireguard, I see the problem.
First off, it looks like the UI does support multiple addresses using a comma based delimiter. The problem, however, is this check in /etc/init.d/wireguard:
ipv6_status="$(ifstatus wan6 2>/dev/null|grep '\"up\": true')"
This incorrectly assumes that IPv6 is necessary on the wan interface in order to use IPv6 over Wireguard. You can use IPv6 on the inside of a tunnel, which uses an IPv4 endpoint on the outside for the Wireguard endpoint.
Instead, I wonder if a better check would be to see if there is an IPv6 address assigned to the lan interface? Maybe something like:
ifstatus lan | grep -A 9 ipv6-prefix-assignment
Which would support the use of IPv6 static assignments.
As a temporary workaround for the glinet bug, I think you can swap out:
ipv6_status="$(ifstatus wan6 2>/dev/null|grep '\"up\": true')"
With something like:
ipv6_status="true"
in /etc/init.d/wireguard. I also had to add some static routes in luci to get things working, but now I’m able to get both IPv4 and IPv6 working with Wireguard.
1 Like
Alternatively, removing any line in /etc/init.d/wireguard
that has ipv6_status
also solves the problem.