Multiple WireGuard Addresses


With the recent addition of IPv6 support, I’m trying to get IPv6 working with the WireGuard client. If I log into the AR750S and do a ip addr add <addr> dev wg0 with the IPv6 everything works great, but it looks like the web interface and /etc/config/wireguard only supports one value for the Address= value of the WireGuard configuration. Is there a way set both? Or perhaps use a PostUp rule to manually add the second IP address to the WireGuard client configuration?

After reading through /etc/init.d/wireguard, I see the problem.

First off, it looks like the UI does support multiple addresses using a comma based delimiter. The problem, however, is this check in /etc/init.d/wireguard:

ipv6_status="$(ifstatus wan6 2>/dev/null|grep '\"up\": true')"

This incorrectly assumes that IPv6 is necessary on the wan interface in order to use IPv6 over Wireguard. You can use IPv6 on the inside of a tunnel, which uses an IPv4 endpoint on the outside for the Wireguard endpoint.

Instead, I wonder if a better check would be to see if there is an IPv6 address assigned to the lan interface? Maybe something like:

ifstatus lan | grep -A 9 ipv6-prefix-assignment

Which would support the use of IPv6 static assignments.

As a temporary workaround for the glinet bug, I think you can swap out:

ipv6_status="$(ifstatus wan6 2>/dev/null|grep '\"up\": true')"

With something like:


in /etc/init.d/wireguard. I also had to add some static routes in luci to get things working, but now I’m able to get both IPv4 and IPv6 working with Wireguard.

1 Like

Alternatively, removing any line in /etc/init.d/wireguard that has ipv6_status also solves the problem.