Project

General

Profile

Actions
Copy link

Todo #14881

closed

for wiregaurd interface add linklocal IPv6 address

Added by yon Liu about 1 year ago. Updated about 1 year ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
WireGuard
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

Since frr8- frr9 requires that the fe80:: address must be configured. so wiregaurd need add this fe80:: address.

I originally used aliases to add wg interfaces, but this method is invalid in version pf23.09. So I need a function to add fe80 addresses to the required interfaces.

https://forum.netgate.com/topic/183372/some-services-show-can-t-start/44?_=1697301592126

Files

Diagnostics_ Routes.jpg (271 KB) Diagnostics_ Routes.jpg yon Liu, 10/15/2023 10:40 AM

Related issues

Is duplicate of Feature #14652: FRR OSPF6 not working over wireguardNew

Actions
Actions
Copy link
 #1

Updated by Jim Pingle about 1 year ago

  • Project changed from pfSense to pfSense Packages
  • Category changed from Interfaces to WireGuard
  • Release Notes deleted (Default)
Actions
Copy link
 #2

Updated by Marcos M about 1 year ago

  • Status changed from New to Incomplete

I originally used aliases to add wg interfaces, but this method is invalid in version pf23.09.

What method is this exactly? The LL address can be added in the WireGuard tunnel config (this is on 23.09 dev):

tun_wg0: flags=10080c1<UP,RUNNING,NOARP,MULTICAST,LOWER_UP> metric 0 mtu 1420
        options=80000<LINKSTATE>
        inet 172.25.200.1 netmask 0xffffff00
        inet6 fe80::250:56ff:feb2:8560%tun_wg0 prefixlen 64 scopeid 0x8
        groups: wg WireGuard
        nd6 options=101<PERFORMNUD,NO_DAD>

Actions
Copy link
 #3

Updated by Marcos M about 1 year ago

  • Status changed from Incomplete to Duplicate
Actions
Copy link
 #4

Updated by Marcos M about 1 year ago

  • Is duplicate of Feature #14652: FRR OSPF6 not working over wireguard added
Actions
Copy link
 #5

Updated by yon Liu about 1 year ago

I used firewall_virtual_ip.php to add the fe80 address before, and it worked. However, this method has failed in recent versions 23.09.

I suggest providing a page to add fe80 and mac addresses for each required interface, not only for wiregaurd, but other interfaces may also need this in the future.

Add these two tool functions to our pfsense.

https://www.browserling.com/tools/random-mac
https://nettools.club/mac2ipv6

Actions
Copy link
 #6

Updated by Marcos M about 1 year ago

The VIP page allows LL addresses, a new page isn't needed for that part. The MAC address can be manually set on assigned interfaces(as long as the interface supports it), so a new page isn't needed for that either.

Actions
Copy link
 #7

Updated by yon Liu about 1 year ago

when restart wg service, then VIP setup LL address is lost in wg interface. it can't always keep for wg interface.

Actions
Copy link

Also available in: Atom PDF