Actions
Bug #12760
closed
Link-local addresses disallowed on Wireguard interfaces
Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
WireGuard
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
Description
Wireguard supports link-local IPv6, however adding a static link-local to interfaces is not allowed, even for interfaces of type tun_wg.
This is particularly necessary for dn42.
Related issues
Updated by Viktor Gurov about 4 years ago
- Project changed from pfSense to pfSense Packages
- Category changed from Interfaces to WireGuard
- Assignee set to Christian McDonald
- Release Notes deleted (
Default)
It's not possible on the Interface Assignments page, but you can configure the link-local address on the WireGuard / Tunnels / Edit > Interface Configuration
We should implement https://redmine.pfsense.org/issues/12243 to allow configuration of link-local addresses for specified interfaces
Updated by Marcos M over 2 years ago
- Related to Feature #14652: FRR OSPF6 not working over wireguard added
Updated by Marcos M 7 days ago
- Has duplicate Bug #16760: When a MAC address is configured for the wiregaurd network interface, but a corresponding IPv6 Link-local is not generated. added
Updated by Marcos M 7 days ago
- Status changed from New to Not a Bug
- Assignee deleted (
Christian McDonald)
WireGuard interfaces are purposefully not created with IPv6 link-local addresses. If this is needed for some configuration (e.g. for protocols configured in FRR) then it can already be done like so:
- Assign the WireGuard interface in pfSense (don't use the package interface config).
- Create a Virtual IP for the WireGuard interface - enter an IPv6 link-local address like
fe80::290:bff:fe7c:5fb%tun_wg0. - Add the LL address as an allowed IP in the peer config.
Actions