Bug #12760
closed
Link-local addresses disallowed on Wireguard interfaces
Added by Alex Chang-Lam over 4 years ago.
Updated about 2 months ago.
Description
Wireguard supports link-local IPv6, however adding a static link-local to interfaces is not allowed, even for interfaces of type tun_wg.
This is particularly necessary for dn42.
- Project changed from pfSense to pfSense Packages
- Category changed from Interfaces to WireGuard
- Assignee set to Christian McDonald
- Release Notes deleted (
Default)
It's not possible on the Interface Assignments page, but you can configure the link-local address on the WireGuard / Tunnels / Edit > Interface Configuration
We should implement https://redmine.pfsense.org/issues/12243 to allow configuration of link-local addresses for specified interfaces
- Has duplicate Bug #16760: When a MAC address is configured for the wiregaurd network interface, but a corresponding IPv6 Link-local is not generated. added
- Status changed from New to Not a Bug
- Assignee deleted (
Christian McDonald)
WireGuard interfaces are purposefully not created with IPv6 link-local addresses. If this is needed for some configuration (e.g. for protocols configured in FRR) then it can already be done like so:
- Assign the WireGuard interface in pfSense (don't use the package interface config).
- Create a Virtual IP for the WireGuard interface - enter an IPv6 link-local address like
fe80::290:bff:fe7c:5fb%tun_wg0.
- Add the LL address as an allowed IP in the peer config.
Also available in: Atom
PDF
Updated by Viktor Gurov 
Updated by