Menu
What's new
By:
Filters Better Search

Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. Z

    WireGuard client with IPv6 enabled

    Ok here is where our outputs differs. I have to give up. Either the "suppress_prefixlength 0" rule don't work on your router, or I'm missing something. Perhaps someone more knowledgeable than me could take a peak and see what I missing? @ColinTaylor , @eibgrad ? so you don't have to read the...
  2. Z

    WireGuard client with IPv6 enabled

    Ok, since you changed routing, I need to change the command as well. We need to use a FROM ipv6 that is actually set to use wgc1. I conveniently snapped router br0 ipv6 from nvram but that is not covered by your rules anymore. So, try these instead (after adding the suppress_prefixlength 0...
  3. Z

    WireGuard client with IPv6 enabled

    Sounds almost like the supress_prefixlength 0 does not do anything at all on your setup. Ok, one last try. Put the rule back: ip -6 rule add from all lookup main suppress_prefixlength 0 prio 10000 Then what do you get from an arbitrary ipv6 route lookup: ip -6 route get 2600:: from $(nvram...
  4. Z

    WireGuard client with IPv6 enabled

    Alright. Altough I don't understand why. "Lookup main suppress_prefixlength 0" should mean lookup route in main table but don't use default route. There are no routes pointing to any internet ip in your router table and it still finds a route... What we are really after is to find routes to...
  5. Z

    Wireguard server on Asus AX58U

    Sure, just add the wg client IP (10.6.0.2 and/or 10.6.0.3?) As LocalIP in vpndirector and select outgoing interface as you like. Leave remoteIp blank.
  6. Z

    WireGuard client with IPv6 enabled

    Ok, but when you add the 10000 rule it shows you WAN? You should try to add the rule back because you have (probably) broken your ipv6 connection between lan and wg server without it. If you add it back and then execute: ip route flush cache Does it change anything? That's easier since it's...
  7. Z

    WireGuard client with IPv6 enabled

    Yes, sorry, I was in a hurry. Strange, there are no special routes in there. How are you testing this? A webpage? Which one? I did a test on my router: admin@RT-AX86U_Pro:/tmp/home/root# ip -6 rule 0: from all lookup local 10000: from all lookup main suppress_prefixlength 0 11230...
  8. Z

    WireGuard client with IPv6 enabled

    yep, but you also potentially created a routing issue.... but your test shows that your internet usage is using something other than prefix 0 in main routing table. we should hunt that down and see how it is setup so we could bypass it properly. you can list the main route table by: ip route...
  9. Z

    WireGuard client with IPv6 enabled

    Yea, I have a vague memory of these but I don't think wgm puts them there and route table 220 has always been empty so it should not interfere. Probably some Asus remnant. Make sure wgc1 actually gets the interface ipv6 by ifconfig wgc1 It's usually a ula address, starting with fd or fc. And...
  10. Z

    WireGuard client with IPv6 enabled

    So, what happens? Still over wan, or broken ipv6 connectivity? What is that 220 rule? I don't have that. Did you put it there? Or fw? What is in route table 220? If it's empty it shouldn't do any harm. ip route show table 220 You may try to remove the 220 rules but if the route table is empty...
  11. Z

    WireGuard client with IPv6 enabled

    Well, almost.... ofcource you will need an imported client which has ipv6 ip. First I would advice you to look at you current rules to get an understanding on how they look and work: List your ipv4 rules (from vpndirector and fw): ip rule And for ipv6, altough at this stage it's probably empty...
  12. Z

    WireGuard client with IPv6 enabled

    If someone reads this and tries to follow it to send local lan to wgc1 it will not work good. The reason is that the policy route table only contains routes to wgcX, not even to br0 (lan interface) so you might end up breaking your network connectivity. Luckily, as long as you don't setup the...
  13. Z

    WireGuard client with IPv6 enabled

    Well, I just tested this on my router and it works: ip -6 rule add from all to 2600:: table wgc1 prio 11210 Repeat for each ip/range and increase prio number by 1. To list your rules: ip -6 rule To delete a rule: ip -6 rule del prio 11210 They will not be persistent across reboots unless you...
  14. Z

    WireGuard client with IPv6 enabled

    Wireguard is vpn-director only and vpn-director is not setup for ipv6. You could setup the rules yourself via ssh if you want but beware that the policy route table is not as updated as ipv4 but for specific internet destinations ip it should work fine.
  15. Z

    Wireguard client doesn't work

    While it is not a big thing to have vpn-director accept and use Ipv6, infact, you can put these in yourself via SSH easily... duplicate the route tables for ipv6 - same thing. most of the other stuff is already in place for IPv6 over Wireguard. fyi, Wireguard Manager Addon have full ipv6...
  16. Z

    Restart WireGuard client when fails

    I did update the watchdog script so it produces 2 log files. 1 before the interface restarts and 1 after. If the tests fails and the interface is restarted, the script produces log files here: /tmp/wgc-watcdog_wgc1_before.log for system state before the interface was restarted. And here...
  17. Z

    Wireguard max number of clients

    While you can duplicate, modify and mount your own web-page it's not going to cut it. the web page itself does nothing more than populate the nvram variables and restart services. The firmware will still not use any extra variables you put in place. what I had in mind is for you to use i.e...
  18. Z

    Restart WireGuard client when fails

    If you want to, you could add a logger -t $(basename $0) $(ip route get 101.102.103.104) Just before the "service restart...." command to get a log output of the route path for the wg tunnel before the restart happens. Replace the ip with your wgc1 endpoint ip. It may provide some useful...
  19. Z

    Restart WireGuard client when fails

    Alright, cool! Atleast it shows that the tunnel is failing on a low level, not even handshake is working anymore. Like the kernel has trouble reaching the endpoint. Wonder if there have been some kind of WAN event going on. You wouldn't be running dual-wan or something? Firewall rules are not...
  20. Z

    RT-AX88U Pro Wireguard

    Wireguard does not have all different options that ovpn does. This was a design choice. It only works with vpndirector rules - this is the most flexible way altough requires the user to add the rules in vpndirector. It will only use "Exclusive" dns redirect when needed - that is using firewall...
Top