Feature #14652
open
FRR OSPF6 not working over wireguard
0%
Description
FRR OSPF6 is unable to form neighborship without adding link-local alias to wireguard interface.
Unless i perform:
r1:
[2.7.0-RELEASE][admin@pfSense]/root: ifconfig tun_wg3 inet6 fe80:ffff::1 prefixlen 64 alias
r2:
[2.7.0-RELEASE][admin@pfSense]/root: ifconfig tun_wg3 inet6 fe80:ffff::2 prefixlen 64 alias
The ospf6 neighborship will not start to build at all.
Related issues
Updated by beermount beermount 9 months ago
Updated by Kris Phillips 9 months ago
Hello,
Are you relying on neighbor discovery or do you have neighbors manually programmed in across the link? Typically the latter is needed for OSPF in FRR across VPN links and this is the same on IPSec VTI tunnels.
Updated by beermount beermount 9 months ago
Correct, I am relying on neighbor discovery. But even if I wanted to define a static neighbor, there would not be any possibility to configure it under the OSPF6 tab. As in, as far as I can see, there is no option to define neighbors for OSPF6 in the FRR section of the pfSense WebUI?
At the moment I have manually added a link-local VIP alias to the tun_wg, but not tried to reboot yet. I guess this request might be regarded as a feature request to add link-local ipv6 to the tun_wg interface by default? Or to add the possibility to define static neighbor IPv6s?
As for IPSEC VTI, I have not needed to define static neighbor in that configuration either. I just run them in ptp mode(on IPv4, have not tried it with IPv6). But I suspect it would work, since I can see link-local addresses on the ipsec vti interface.
Updated by Marcos M 7 months ago
- Has duplicate Todo #14881: for wiregaurd interface add linklocal IPv6 address added
Updated by Marcos M 7 months ago
- Related to Bug #12760: Link-local addresses disallowed on Wireguard interfaces added
Updated by