Package version
1.0.20220627
Firmware version
4.4.57
Device
UniFi Security Gateway - UGW3
Issue description
I have multiple Wireguard tunnels that I am in the process of switching to IPv6 connectivity.
As they are only point-to-point tunnels I intend to use the IPv6 link-local address of the Wireguard Interfaces to route my traffic.
This works fine on my VyOS routers, but trying to connect my 1 UGW3 I noticed that the Wireguard Interfaces don't receive a IPv6 link-local address, even though all of my other interfaces do.
I don't see any option to enable this in the config and it also doesn't receive one, when I explicitly assign the Interface an IPv6 ULA.
I could use IPv6 ULAs to route the traffic to the UGW3, but I think not receiving a link-local address is a bug as Wireguard interfaces on all of my other systems receive a link-local address.
Configuration and log output
Config:
wireguard wg0 {
address 10.0.100.3/32
address fd48:e380:751a:100::3/128
firewall {
in {
name LAN_IN
}
local {
name LAN_LOCAL
}
out {
name LAN_OUT
}
}
mtu 1412
peer xxx {
allowed-ips 10.0.100.0/24
allowed-ips 10.0.101.0/24
allowed-ips 10.0.0.0/24
allowed-ips fd48:e380:751a:100::/64
allowed-ips fd48:e380:751a:101::/64
allowed-ips fd48:e380:751a:0::/64
endpoint xxx:51820
persistent-keepalive 45
}
private-key xxx
route-allowed-ips true
}
Result:
9: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1412 qdisc noqueue state UNKNOWN
link/none
inet 10.0.100.3/32 scope global wg0
valid_lft forever preferred_lft forever
inet6 fd48:e380:751a:100::3/128 scope global
valid_lft forever preferred_lft forever
To compare, here is what VyOS on the other side of the tunnel does:
wireguard wg0 {
address 10.0.100.9/24
address fd48:e380:751a:100::9/64
description "Main VPN"
mtu 1400
peer xxx {
allowed-ips 10.0.100.3/32
allowed-ips 10.0.10.0/24
allowed-ips fd48:e380:751a:100::3/128
allowed-ips fd48:e380:751a:10::/64
persistent-keepalive 45
public-key xxx
}
4: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1400 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.0.100.9/24 brd 10.0.100.255 scope global wg0
valid_lft forever preferred_lft forever
inet6 fd48:e380:751a:100::9/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::fdb5:14ff:fecb:6c5c/64 scope link
valid_lft forever preferred_lft forever
Package version
1.0.20220627
Firmware version
4.4.57
Device
UniFi Security Gateway - UGW3
Issue description
I have multiple Wireguard tunnels that I am in the process of switching to IPv6 connectivity.
As they are only point-to-point tunnels I intend to use the IPv6 link-local address of the Wireguard Interfaces to route my traffic.
This works fine on my VyOS routers, but trying to connect my 1 UGW3 I noticed that the Wireguard Interfaces don't receive a IPv6 link-local address, even though all of my other interfaces do.
I don't see any option to enable this in the config and it also doesn't receive one, when I explicitly assign the Interface an IPv6 ULA.
I could use IPv6 ULAs to route the traffic to the UGW3, but I think not receiving a link-local address is a bug as Wireguard interfaces on all of my other systems receive a link-local address.
Configuration and log output
Config: wireguard wg0 { address 10.0.100.3/32 address fd48:e380:751a:100::3/128 firewall { in { name LAN_IN } local { name LAN_LOCAL } out { name LAN_OUT } } mtu 1412 peer xxx { allowed-ips 10.0.100.0/24 allowed-ips 10.0.101.0/24 allowed-ips 10.0.0.0/24 allowed-ips fd48:e380:751a:100::/64 allowed-ips fd48:e380:751a:101::/64 allowed-ips fd48:e380:751a:0::/64 endpoint xxx:51820 persistent-keepalive 45 } private-key xxx route-allowed-ips true } Result: 9: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1412 qdisc noqueue state UNKNOWN link/none inet 10.0.100.3/32 scope global wg0 valid_lft forever preferred_lft forever inet6 fd48:e380:751a:100::3/128 scope global valid_lft forever preferred_lft forever To compare, here is what VyOS on the other side of the tunnel does: wireguard wg0 { address 10.0.100.9/24 address fd48:e380:751a:100::9/64 description "Main VPN" mtu 1400 peer xxx { allowed-ips 10.0.100.3/32 allowed-ips 10.0.10.0/24 allowed-ips fd48:e380:751a:100::3/128 allowed-ips fd48:e380:751a:10::/64 persistent-keepalive 45 public-key xxx } 4: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1400 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 10.0.100.9/24 brd 10.0.100.255 scope global wg0 valid_lft forever preferred_lft forever inet6 fd48:e380:751a:100::9/64 scope global valid_lft forever preferred_lft forever inet6 fe80::fdb5:14ff:fecb:6c5c/64 scope link valid_lft forever preferred_lft forever