New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Hosthatch - IPv6 via WireGuard not working
Hi,
My Hosthatch KVM VPS in Zurich just got provisioned and they assigned an IPv6 for me.
I‘d like to use it as a WireGuard Server, but I can’t get IPv6 to work.
It‘s working just fine on the host, but not on my clients.
Does anyone have an idea?
IPv4 and IPv6 routing is enabled.
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 45.xx.xx.19
gateway 45.xx.xx.1
netmask 255.255.255.0
dns-nameservers 1.1.1.1 8.8.8.8 2606:4700:4700::1111
up ip addr add 2a0e:xxx:6:3::2/64 dev eth0
up ip -6 route add 2a0e:xxx:0006:0000:0000:0000:0000:0001 dev eth0
up ip -6 route add default via 2a0e:xxxx:0006:0000:0000:0000:0000:0001
Wireguard server config
[Interface]
Address = 10.1.1.1/32,fd00::1/128
PrivateKey = 123123123123123+zG1IW8=
ListenPort = 51280
# Mac
[Peer]
PublicKey = ZM/123123123123123123123123123+cQBM4MaJ/CQ=
AllowedIPs = 10.1.1.2/32, fd00::2/128
Wireguard client config
[Interface]
Address = 10.1.1.2/32, fd00::2/128
PrivateKey = asdadasdiujoit+5R3oznNT32H5JY/TJ7KRjt/2LBmzcls=
DNS = 1.1.1.1, 2606:4700:4700::1111
[Peer]
Endpoint = 45.xx.xx.19:51280
PublicKey = asdasdasdadad+raPGTivwKFklWPnLFpDA=
AllowedIPs = ::/0, 0.0.0.0/0
PersistentKeepalive = 15
Comments
Wireguard config does not support # for comments. Remove that '# Mac'.
And here is library of examples:
https://wiki.archlinux.org/index.php/WireGuard
still the same issue
Says who? I've got lots of #'s in my config as comments.
sure that
net.ipv6.conf.all.forwarding=1
is set ?
also try set NAT rules in iptables
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
on the INTERFACE block on Server
Yes, IPv6 forwarding is set to true.
I'm using a script for the setup, it's working just fine on my Hetzer VPS.
iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE
ip6tables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE
Those are my iptables rules
Looks like even IPv4 isn't working anymore after they've enabled IPv6 support.
The client can't even ping the internal IPv4 or IPv6 of the Wireguard Server.
~~
Wireguard allows only one address to listen. You need to create wg1 interface separately to listen on both ipv4 and ipv6.~~
Says who? Mine perfectly okay with both IPv4 & IPv6.
I don't think this is right, as per the wg-quick manpage:
It doesn't say you need separate interfaces for IPv4 and IPv6, and AFAIK WireGuard's network device is dual-stack so it should work fine with both.
I'm using one interface that's listening on both v4 and v6 and it's working fine. I don't route anything through my WireGuard VPN though; I just use it as a point-to-point VPN so I don't have to do any of the manual route configuration nor enable forwarding.
my wrong, it can listen without specifying local address... (The limitation was applied on the remote address
Endpoint=
)Do you get any errors?
I had an issue with my HostHatch Zurich Wireguard handshakes not being done and it worked after doing two things:
1. Restarting my router after finding out that it connects on mobile network.
2. Setting MTU to 1360.
The strange thing is that my other WG servers are working fine on the same router (like on Hetzner).
Just open support ticket and clarify everything with engineering team.
Just did a clean reinstall, works fine now.