Menu
What's new
By:
Filters Better Search

WireGuard client with IPv6 enabled

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

juanantonio said:
Morning.

I've tried, as you asked, the prefixlength rule, starting with 63, and continuing with 30, 15, 7, 3, 1 and 0, with the same result. At the moment I launch the command, my Firefox addon tell me that traffic is going through WAN. And this only change if I delete the rule.

Greetings.
Click to expand...
Sounds almost like the supress_prefixlength 0 does not do anything at all on your setup.

Ok, one last try.

Put the rule back:
Code: 
ip -6 rule add from all lookup main suppress_prefixlength 0 prio 10000

Then what do you get from an arbitrary ipv6 route lookup:
Code: 
ip -6 route get 2600:: from $(nvram get ipv6_rtr_addr) iif br0

And from ip.me:
Code: 
ip -6 route get 2a02:6ea0:c035::11 from $(nvram get ipv6_rtr_addr) iif br0

Will it say ppoe or wgc1?

Now, remove the rule and try again. Any change?
 
ZebMcKayhan said:
Sounds almost like the supress_prefixlength 0 does not do anything at all on your setup.

Ok, one last try.

Put the rule back:
Code: 
ip -6 rule add from all lookup main suppress_prefixlength 0 prio 10000

Then what do you get from an arbitrary ipv6 route lookup:
Code: 
ip -6 route get 2600:: from $(nvram get ipv6_rtr_addr) iif br0

And from ip.me:
Code: 
ip -6 route get 2a02:6ea0:c035::11 from $(nvram get ipv6_rtr_addr) iif br0

Will it say ppoe or wgc1?

Now, remove the rule and try again. Any change?
Click to expand...
Okay. First I deleted all my ip -6 rules (I had to add by device and not by prefix, only to get my Google Nest working).

Bash: 
juanantonio@RT-AX86U-6C38:/tmp/home/root# ip -6 rule
0:      from all lookup local
32766:  from all lookup main
juanantonio@RT-AX86U-6C38:/tmp/home/root#

After running wgclient-start, they look like this:

Bash: 
juanantonio@RT-AX86U-6C38:/tmp/home/root# ip -6 rule
0:      from all lookup local
10000:  from all lookup main suppress_prefixlength 0
11210:  from 2a0c:5a80:4806:f600:d54f:93c:2f4a:a6e lookup wgc1
11210:  from 2a0c:5a80:4806:f600:211:32ff:fea3:fd55 lookup wgc1
11210:  from 2a0c:5a80:4806:f600:f167:7338:e7e7:c230 lookup wgc1
11210:  from 2a0c:5a80:4806:f600:1846:f050:b34c:748 lookup wgc1
11210:  from 2a0c:5a80:4806:f600:8ddb:7e9b:e868:154d lookup wgc1
11210:  from 2a0c:5a80:4806:f600:b08d:d3c8:c33f:4073 lookup wgc1
11240:  from 2a0c:5a80:4601:e00:1::/120 lookup wgc1
32766:  from all lookup main

Here I note that the IPv6 address has not changed (I would note immediatly thanks to my firefox addon).

And then, the output of the commands you asked for:

Bash: 
juanantonio@RT-AX86U-6C38:/tmp/home/root# ip -6 route get 2600:: from $(nvram get ipv6_rtr_addr) iif br0

2600:: via fe80::1 dev ppp0 metric 0 hoplimit 64 iif br0 pref medium

juanantonio@RT-AX86U-6C38:/tmp/home/root# ip -6 route get 2a02:6ea0:c035::11 from $(nvram get ipv6_rtr_addr) iif br0

2a02:6ea0:c035::11 via fe80::1 dev ppp0 metric 0 hoplimit 64 iif br0 pref medium

juanantonio@RT-AX86U-6C38:/tmp/home/root#

Greetings.
 
juanantonio said:
After running wgclient-start, they look like this:
Click to expand...
Ok, since you changed routing, I need to change the command as well. We need to use a FROM ipv6 that is actually set to use wgc1. I conveniently snapped router br0 ipv6 from nvram but that is not covered by your rules anymore.

So, try these instead (after adding the suppress_prefixlength 0 rule), get route from your first wgc1 ip:
Code: 
ip -6 route get 2600:: from 2a0c:5a80:4806:f600:d54f:93c:2f4a:a6e ipv6_ iif br0
ip -6 route get 2a02:6ea0:c035::11 from 2a0c:5a80:4806:f600:d54f:93c:2f4a:a6e iif br0
 
ZebMcKayhan said:
Ok, since you changed routing, I need to change the command as well. We need to use a FROM ipv6 that is actually set to use wgc1. I conveniently snapped router br0 ipv6 from nvram but that is not covered by your rules anymore.

So, try these instead (after adding the suppress_prefixlength 0 rule), get route from your first wgc1 ip:
Code: 
ip -6 route get 2600:: from 2a0c:5a80:4806:f600:d54f:93c:2f4a:a6e ipv6_ iif br0
ip -6 route get 2a02:6ea0:c035::11 from 2a0c:5a80:4806:f600:d54f:93c:2f4a:a6e iif br0
Click to expand...
Ok, here is the output:

Bash: 
juanantonio@RT-AX86U-6C38:/tmp/home/root# ip -6 rule add from all lookup main suppress_prefixlength 0 prio 10000
juanantonio@RT-AX86U-6C38:/tmp/home/root# ip -6 route get 2600:: from 2a0c:5a80:4806:f600:d54f:93c:2f4a:a6e iif br0
2600:: via fe80::1 dev ppp0 metric 0 hoplimit 64 iif br0 pref medium
juanantonio@RT-AX86U-6C38:/tmp/home/root# ip -6 route get 2a02:6ea0:c035::11 from 2a0c:5a80:4806:f600:d54f:93c:2f4a:a6e iif br0
2a02:6ea0:c035::11 via fe80::1 dev ppp0 metric 0 hoplimit 64 iif br0 pref medium
juanantonio@RT-AX86U-6C38:/tmp/home/root#
 
juanantonio said:
Ok, here is the output:

Bash: 
juanantonio@RT-AX86U-6C38:/tmp/home/root# ip -6 rule add from all lookup main suppress_prefixlength 0 prio 10000
juanantonio@RT-AX86U-6C38:/tmp/home/root# ip -6 route get 2600:: from 2a0c:5a80:4806:f600:d54f:93c:2f4a:a6e iif br0
2600:: via fe80::1 dev ppp0 metric 0 hoplimit 64 iif br0 pref medium
juanantonio@RT-AX86U-6C38:/tmp/home/root# ip -6 route get 2a02:6ea0:c035::11 from 2a0c:5a80:4806:f600:d54f:93c:2f4a:a6e iif br0
2a02:6ea0:c035::11 via fe80::1 dev ppp0 metric 0 hoplimit 64 iif br0 pref medium
juanantonio@RT-AX86U-6C38:/tmp/home/root#
Click to expand...
Ok here is where our outputs differs. I have to give up. Either the "suppress_prefixlength 0" rule don't work on your router, or I'm missing something.

Perhaps someone more knowledgeable than me could take a peak and see what I missing? @ColinTaylor , @eibgrad ?
so you don't have to read the entire thread, here is a short recap:
@juanantonio wants to route ipv6 internet data and all is setup from fw side except policy route table wgc1 is only populated with wgc1 routes, nothing else but it should cover all assigned internet addresses. When using "suppress_prefixlength 0" rule to get local routes, all gets internet routes from main table as well. Removing the "suppress_prefixlength 0" rule and it works.
Please find main routing table in #14
Code: 
juanantonio@RT-AX86U-6C38:/jffs/scripts# ip -6 route show table main
2a0c:5a80:4601:e00:1::1 dev wgs1 proto kernel metric 256 pref medium
2a0c:5a80:4806:f600::/64 dev br0 proto kernel metric 256 pref medium
2a0c:5a80:48ff:ffff::4f75:1225 dev ppp0 proto kernel metric 256 pref medium
fd7d:76ee:e68f:a993::1 dev wgc1 metric 1024 pref medium
fd7d:76ee:e68f:a993:d0c0:1334:273a:628b dev wgc1 proto kernel metric 256 pref medium
fd7d:76ee:e68f:a993:d0c0:1334:273a:628b dev wgc2 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth5 proto kernel metric 256 pref medium
fe80::/64 dev eth6 proto kernel metric 256 pref medium
fe80::/64 dev eth7 proto kernel metric 256 pref medium
fe80::/64 dev br0 proto kernel metric 256 pref medium
fe80::/64 dev bcmsw proto kernel metric 256 pref medium
fe80::/64 dev bcmswlpbk0 proto kernel metric 256 pref medium
fe80::/64 dev dpsta proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev eth2 proto kernel metric 256 pref medium
fe80::/64 dev eth3 proto kernel metric 256 pref medium
fe80::/64 dev eth4 proto kernel metric 256 pref medium
fe80::/64 dev ifb0 proto kernel metric 256 pref medium
fe80::/64 dev ifb1 proto kernel metric 256 pref medium
fe80::/64 dev imq0 proto kernel metric 256 pref medium
fe80::/64 dev imq1 proto kernel metric 256 pref medium
fe80::/64 dev imq2 proto kernel metric 256 pref medium
fe80::/64 dev ip6_vti0 proto kernel metric 256 pref medium
fe80::/64 dev ip6gre0 proto kernel metric 256 pref medium
fe80::/64 dev ip6tnl0 proto kernel metric 256 pref medium
fe80::/64 dev ip_vti0 proto kernel metric 256 pref medium
fe80::/64 dev sit0 proto kernel metric 256 pref medium
fe80::/64 dev spu_ds_dummy proto kernel metric 256 pref medium
fe80::/64 dev spu_us_dummy proto kernel metric 256 pref medium
fe80::/64 dev wl0.3 proto kernel metric 256 pref medium
fe80::/10 dev ppp0 metric 1 pref medium
fe80::/10 dev ppp0 proto kernel metric 256 pref medium
default via fe80::1 dev ppp0 proto ra metric 1024 expires 1514sec hoplimit 64 pref medium

wgc1 route table in #12
Code: 
juanantonio@RT-AX86U-6C38:/jffs/scripts# ip -6 route show table wgc1
::/3 dev wgc1 metric 1024 pref medium
2000::/4 dev wgc1 metric 1024 pref medium
3000::/4 dev wgc1 metric 1024 pref medium
fc00::/7 dev wgc1 metric 1024 pref medium
routing rules in #22
Code: 
juanantonio@RT-AX86U-6C38:/tmp/home/root# ip -6 rule
0:      from all lookup local
10000:  from all lookup main suppress_prefixlength 0
11210:  from 2a0c:5a80:4806:f600:d54f:93c:2f4a:a6e lookup wgc1
11210:  from 2a0c:5a80:4806:f600:211:32ff:fea3:fd55 lookup wgc1
11210:  from 2a0c:5a80:4806:f600:f167:7338:e7e7:c230 lookup wgc1
11210:  from 2a0c:5a80:4806:f600:1846:f050:b34c:748 lookup wgc1
11210:  from 2a0c:5a80:4806:f600:8ddb:7e9b:e868:154d lookup wgc1
11210:  from 2a0c:5a80:4806:f600:b08d:d3c8:c33f:4073 lookup wgc1
11240:  from 2a0c:5a80:4601:e00:1::/120 lookup wgc1
32766:  from all lookup main
Failing route test in #24
Code: 
juanantonio@RT-AX86U-6C38:/tmp/home/root# ip -6 rule add from all lookup main suppress_prefixlength 0 prio 10000
juanantonio@RT-AX86U-6C38:/tmp/home/root# ip -6 route get 2600:: from 2a0c:5a80:4806:f600:d54f:93c:2f4a:a6e iif br0
2600:: via fe80::1 dev ppp0 metric 0 hoplimit 64 iif br0 pref medium
juanantonio@RT-AX86U-6C38:/tmp/home/root# ip -6 route get 2a02:6ea0:c035::11 from 2a0c:5a80:4806:f600:d54f:93c:2f4a:a6e iif br0
2a02:6ea0:c035::11 via fe80::1 dev ppp0 metric 0 hoplimit 64 iif br0 pref medium

How could it be that ip reports internet routes to ppoe due to routing rule that should suppress routes with prefix length 0? Is there some kind of issue with this methode when using ppoe? Or could it be that "suppress_prefixlength 0" rules don't work on AX86U, while it seems to work perfectly fine on my AX86U-Pro? Or is it just something I'm missing?
 
Last edited:
You must log in or register to reply here.

Similar threads

W
Need help to resolve VPN Director issue
2
Replies
27
Views
2K
RMerlin
RMerlin
U
High CPU usage after turning off Wireguard/VPN
Replies
2
Views
846
Ubimo
U
M
Wireguard client doesn't work
Replies
9
Views
347
RMerlin
RMerlin
T
Wireguard VPN Disable IPV6
Replies
0
Views
1K
treycortez
T
T
[GNUTON] RT-AX82U v1 Issue with Wireguard
Replies
2
Views
543
Tech9
Tech9
Similar threads
Thread starter Title Forum Replies Date
M Wireguard client doesn't work Asuswrt-Merlin 9
T Wireguard Client VPN not using DNS Asuswrt-Merlin 14
I Wireguard VPN client does not autostart after reboot Asuswrt-Merlin 2
Panic Button Wireguard client optional DNS Server setting Asuswrt-Merlin 2
G Wireguard VPN Client: killswitch activation -> LAN administration lock-out Asuswrt-Merlin 6
A Restart WireGuard client when fails Asuswrt-Merlin 24
D GT-AX6000 - 3004_388.6_0 - Wireguard client - No Access to Servers local LAN Asuswrt-Merlin 5
A Wireguard server on Asus AX58U Asuswrt-Merlin 2
PR3MIUM WireGuard removing OpenVPN on ASUS Routers ? Asuswrt-Merlin 2
StephanK RT-AX88U Pro Wireguard Asuswrt-Merlin 5

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 496 (members: 25, guests: 471)
Top