Project

General

Profile

Actions
Copy link

Feature #14652

open

FRR OSPF6 not working over wireguard

Added by beermount beermount over 1 year ago. Updated about 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
WireGuard
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

FRR OSPF6 is unable to form neighborship without adding link-local alias to wireguard interface.

Unless i perform:

r1:

[2.7.0-RELEASE][admin@pfSense]/root: ifconfig tun_wg3 inet6 fe80:ffff::1 prefixlen 64 alias

r2:

[2.7.0-RELEASE][admin@pfSense]/root: ifconfig tun_wg3 inet6 fe80:ffff::2 prefixlen 64 alias

The ospf6 neighborship will not start to build at all.

Related issues

Related to Bug #12760: Link-local addresses disallowed on Wireguard interfacesNewChristian McDonald

Actions
Has duplicate Todo #14881: for wiregaurd interface add linklocal IPv6 addressDuplicate

Actions
Actions
Copy link
 #2

Updated by Kris Phillips over 1 year ago

Hello,

Are you relying on neighbor discovery or do you have neighbors manually programmed in across the link? Typically the latter is needed for OSPF in FRR across VPN links and this is the same on IPSec VTI tunnels.

Actions
Copy link
 #3

Updated by beermount beermount over 1 year ago

Correct, I am relying on neighbor discovery. But even if I wanted to define a static neighbor, there would not be any possibility to configure it under the OSPF6 tab. As in, as far as I can see, there is no option to define neighbors for OSPF6 in the FRR section of the pfSense WebUI?

At the moment I have manually added a link-local VIP alias to the tun_wg, but not tried to reboot yet. I guess this request might be regarded as a feature request to add link-local ipv6 to the tun_wg interface by default? Or to add the possibility to define static neighbor IPv6s?

As for IPSEC VTI, I have not needed to define static neighbor in that configuration either. I just run them in ptp mode(on IPv4, have not tried it with IPv6). But I suspect it would work, since I can see link-local addresses on the ipsec vti interface.

Actions
Copy link
 #4

Updated by beermount beermount about 1 year ago

Probably related to #14881

Actions
Copy link
 #5

Updated by Marcos M about 1 year ago

  • Tracker changed from Bug to Feature
  • Category changed from FRR to WireGuard
  • Affected Version deleted (2.7.0)

I guess this request might be regarded as a feature request to add link-local ipv6 to the tun_wg interface by default?

It seems like that would be best.

Actions
Copy link
 #6

Updated by Marcos M about 1 year ago

  • Has duplicate Todo #14881: for wiregaurd interface add linklocal IPv6 address added
Actions
Copy link
 #7

Updated by Marcos M about 1 year ago

  • Related to Bug #12760: Link-local addresses disallowed on Wireguard interfaces added
Actions
Copy link
 #8

Updated by yon Liu about 1 year ago

when restart wg service, then VIP setup LL address is lost in wg interface. it can't always keep for wg interface

Actions
Copy link

Also available in: Atom PDF