Feature #14652
open
FRR OSPF6 not working over wireguard
Added by beermount beermount over 1 year ago.
Updated about 1 year ago.
Description
FRR OSPF6 is unable to form neighborship without adding link-local alias to wireguard interface.
Unless i perform:
r1:
[2.7.0-RELEASE][admin@pfSense]/root: ifconfig tun_wg3 inet6 fe80:ffff::1 prefixlen 64 alias
r2:
[2.7.0-RELEASE][admin@pfSense]/root: ifconfig tun_wg3 inet6 fe80:ffff::2 prefixlen 64 alias
The ospf6 neighborship will not start to build at all.
Hello,
Are you relying on neighbor discovery or do you have neighbors manually programmed in across the link? Typically the latter is needed for OSPF in FRR across VPN links and this is the same on IPSec VTI tunnels.
Correct, I am relying on neighbor discovery. But even if I wanted to define a static neighbor, there would not be any possibility to configure it under the OSPF6 tab. As in, as far as I can see, there is no option to define neighbors for OSPF6 in the FRR section of the pfSense WebUI?
At the moment I have manually added a link-local VIP alias to the tun_wg, but not tried to reboot yet. I guess this request might be regarded as a feature request to add link-local ipv6 to the tun_wg interface by default? Or to add the possibility to define static neighbor IPv6s?
As for IPSEC VTI, I have not needed to define static neighbor in that configuration either. I just run them in ptp mode(on IPv4, have not tried it with IPv6). But I suspect it would work, since I can see link-local addresses on the ipsec vti interface.
- Tracker changed from Bug to Feature
- Category changed from FRR to WireGuard
- Affected Version deleted (
2.7.0)
I guess this request might be regarded as a feature request to add link-local ipv6 to the tun_wg interface by default?
It seems like that would be best.
- Has duplicate Todo #14881: for wiregaurd interface add linklocal IPv6 address added
- Related to Bug #12760: Link-local addresses disallowed on Wireguard interfaces added
when restart wg service, then VIP setup LL address is lost in wg interface. it can't always keep for wg interface
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by