ANSWERED Wireguard for ipv6

[nicoco 0]

Hi!

Is wireguard supposed to work for IPv6? If yes, what is wrong with my config?

[Interface]
Address = 10.169.139.176/32, fd7d:76ee:e68f:a993:743d:617f:b79:27d7/128
PrivateKey = XXX
MTU = 1320
Table = off

[Peer]
PublicKey = XXX
PresharedKey = XXX
Endpoint = ch.vpn.airdns.org:1637
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 15
 

This works fine for IPv4, I can  curl --interface airvpn ip.network and it returns the airvpn IP. But if try curl -6 I get  curl: (7) Failed to connect to ip.network port 80 after 25 ms: Could not connect to serv
er.

Is this a config issue on my side, or doesn't airvpn work for ipv6 via wireguard? Thanks.

[Tech Jedi Alex 1531]

Please refer to the FAQ. ch.vpn.airdns.org only resolves to v4. Use ch.ipv6.vpn.airdns.org for v6.

[Staff 10500]

17 hours ago, Tech Jedi Alex said:

Please refer to the FAQ. ch.vpn.airdns.org only resolves to v4. Use ch.ipv6.vpn.airdns.org for v6.

Hello!

Well, the problem seems different though... the OP should be able to enjoy IPv6 over an IPv4 tunnel with the published configuration file.

@nicoco 
First of all, there is an error in how you use curl. You must not specify the VPN interface: the interface must manage an IPv4 tunnel. IPv6 must be wrapped over it.
If you bind curl to the VPN interface, you bypass the routing table and you prevent the system from picking the correct source IPv6 address. You don't see this problem with curl -4 --interface <VPN interface> probably because there is no ambiguity in selecting IPv4 source address when curl binds to the VPN interface, in spite of the routing table bypass (i.e. lucky case).

Just omit this option and you should be fine (alternative: follow @Tech Jedi Alex solution, you will have an IPv6 tunnel over which you can tunnel IPv4 too and the problem could be "specular" with v4 when you use curl).
Side note: the option --interface is not supported in Windows.

If the problem persists: are you sure that your curl -6 tests are directed toward an IPv6 HTTP supporting service? Try https://ipv6.google.com for a cross-check, and ping6 too. 

If the problem still persists, please make sure that IPv6 support is enabled on your system and your network interfaces.

Kind regards
 

[nicoco 0]

Thanks for your replies.

We're reaching the limits of my networking knowledge, so I hope what I say is not too much nonsense.

> You must not specify the VPN interface: the interface must manage an IPv4 tunnel.

I use wireguard to create a new network interface which is not the default one. This way, I can choose to use this interface in qbittorrent and nicotine+ (both p2p file sharing clients). If I curl without specifying the network interface, it defaults to my enp12s0 interface, and fetching ip.network yields my ISP-given public IPv4 with -4 and my ISP-given public IPv6 with -6.

nicoco@tour ~> curl ip.network -4
82.66.XX.XX
nicoco@tour ~> curl ip.network -6
2a01:e0a:f09:XX:XX:XX:XX:XX

Specifying the interface with the wireguard one works as (I) expected for IPv4

nicoco@tour ~> curl ip.network --interface airvpn -4
185.156.XX.XX
 

But fails for IPv6:

nicoco@tour ~> curl ip.network --interface airvpn -6
curl: (7) Failed to connect to ip.network port 80 after 25 ms: Could not connect to server

Now, I don't really care about curl, the reason I investigated this was that I noticed that a torrent tracker I use reported my ISP-provided IPv6, despite specifying in qbittorrent settings that I want qbittorrent to only use the airvpn interface. I worked around the issue by forcing qbittorrent to use the airvpn interface AND to bind to the airvpn (local) IPv4 (10.169.139.176) only.
 

But ideally, I would love to be able to use both IPv4 and IPv6 in qbittorrent, through airvpn. My idea was that getting curl -6 --interface airvpn ip.network to yield airvpn's public IPv6 was the first step to verify that my setup is working correctly. But maybe this does not work the way I thought it did, and it's more complicated than that? ^^

[Staff 10500]

8 hours ago, nicoco said:

getting curl -6 --interface airvpn ip.network to yield airvpn's public IPv6 was the first step to verify that my setup is working correctly

Hello!

The idea is correct, but you must omit --interface option for the previously explained reasons. However this is a necessary but not sufficient condition to prevent traffic leaks. Binding qBittorrent to the VPN interface is a perfect solution. Our software Network Lock feature is another one. You may apply both settings for additional safety.

Please note that some qBittorrent versions could handle only IPv6 or only IPv4 traffic, but we think that qBittorrent devs resolved this limitation recently.

Kind regards