Hello,
With the recent addition of IPv6 support, I’m trying to get IPv6 working with the WireGuard client. If I log into the AR750S and do a ip addr add <addr> dev wg0 with the IPv6 everything works great, but it looks like the web interface and /etc/config/wireguard only supports one value for the Address= value of the WireGuard configuration. Is there a way set both? Or perhaps use a PostUp rule to manually add the second IP address to the WireGuard client configuration?
After reading through /etc/init.d/wireguard, I see the problem.
First off, it looks like the UI does support multiple addresses using a comma based delimiter. The problem, however, is this check in /etc/init.d/wireguard:
ipv6_status="$(ifstatus wan6 2>/dev/null|grep '\"up\": true')"
This incorrectly assumes that IPv6 is necessary on the wan interface in order to use IPv6 over Wireguard. You can use IPv6 on the inside of a tunnel, which uses an IPv4 endpoint on the outside for the Wireguard endpoint.
Instead, I wonder if a better check would be to see if there is an IPv6 address assigned to the lan interface? Maybe something like:
ifstatus lan | grep -A 9 ipv6-prefix-assignment
Which would support the use of IPv6 static assignments.
As a temporary workaround for the glinet bug, I think you can swap out:
ipv6_status="$(ifstatus wan6 2>/dev/null|grep '\"up\": true')"
With something like:
ipv6_status="true"
in /etc/init.d/wireguard. I also had to add some static routes in luci to get things working, but now I’m able to get both IPv4 and IPv6 working with Wireguard.
Alternatively, removing any line in /etc/init.d/wireguard that has ipv6_status also solves the problem.