this post was submitted on 08 Jan 2024
1 points (100.0% liked)

WireGuard

3 readers
1 users here now

WireGuard - a fast, modern, secure VPN Tunnel.

founded 1 year ago
MODERATORS
[email protected]
1
systemd-networkd, ip forwarding (ipv4 and ipv6), ivp6 weirdness (zerobytes.monster)
submitted 10 months ago by [email protected] to c/[email protected]
0 comments fedilink hide all child comments
 
This is an automated archive.

The original was posted on /r/wireguard by /u/comma_girl on 2024-01-08 18:13:16+00:00.

Hi,

My NAS is on Debian. I use systemd-networkd for network config. I have 2 wireguard VPNs configured on the NAS: one VPN to connect to Mullvad VPN (for torrents); one VPN to share my home network with my devices (laptop, smartphone) and to direct all traffic through my home network (so that laptop/smartphone's traffic goes through home when connected on this VPN). I turn them up via wg-quick because last I remembered, I had issues with routes and the weird-ish setup I have regarding the Mullvad config when I configured wireguard via systemd.

Weirdness/feature no. 1: I have a [RoutingPolicyRule] block in my /etc/systemd/networkd/ file (so that only certain traffic goes through Mullvad based on source IP/interface) that covers a specific ipv4 From address (with another bit of config needed on the /etc/wireguard/mullvad.conf file for wg-quick). This works nicely. I've noticed that enabling this block automatically turns on ip forwarding for ipv4 (# sysctl net.ipv4.ip_forward shows 1 despite zero override in /etc/sysctl.conf or /etc/sysctl.d/). Okay, good to know. This doesn't affect ipv6 ip forwarding.

Weirdness no. 2: I realised that with my config, laptop/smartphone traffic was nicely all going through my home connection, but only ipv4 worked, not ipv6 (as reflected by or ipv{4,6}.icanhazip.com. So I added IPForward=yes in /etc/systemd/networkd/enp2s0.network, and I noticed that enp2s0 was not getting its ipv6 from my home router anymore. But after I added IPv6AcceptRA=yes to , things restarted working nicely.

So I guess that weirdness no.1 is just a feature and I just need to be aware of it. I had ipv4 ip forwarding enabled accidentally, which made me believe that my home connection sharing was working properly, when it happened to be accidentally working.

But weirdness no. 2... Could someone explain to me what this IPv6AcceptRA actually does, or why it's disabled by default when IPForward gets enabled? Or am I interpreting things wrongly? (I have read but this if very cryptic to me)

Thank you.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here