From 1a694966454c5ef3baa5ff831e2671a5a964ce7e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Gon=C3=A7alves?= Date: Thu, 16 Sep 2021 15:57:15 +0200 Subject: blog: Rename files with timestamp --- src/b/2020-08-wireguard-and-ipv6.md | 43 +++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 src/b/2020-08-wireguard-and-ipv6.md (limited to 'src/b/2020-08-wireguard-and-ipv6.md') diff --git a/src/b/2020-08-wireguard-and-ipv6.md b/src/b/2020-08-wireguard-and-ipv6.md new file mode 100644 index 0000000..9a91dc8 --- /dev/null +++ b/src/b/2020-08-wireguard-and-ipv6.md @@ -0,0 +1,43 @@ +date: 2020-08-26 +title: Wireguard and IPV6 + +> I decided to connect all my services and servers behind my domain controller, +> which has a dedicated IPv4 and IPv6 address, and which basically host that +> website. This would allow me to remotely manage and enjoy my infrastructure +> when I'm away from my homelab. + +## IPv6 journey +When I first used WireGuard with my new OpenBSD vm on all my devices, i noticed +that my some of my requests towards specific services were not working anymore. +For instance, I spent some time trying to reach : + +- gitlab.com +- github.com +- ungleich.ch + +In fact, I had hard times accessing these services only when I was connected to +my WireGuard server (which has IPv4 and IPv6, with some default wireguard +settings I carried with me for six months), and only through my system dns. + +In fact I figured out that it happened only when I was under an IPv6 capable +router. + +## Solution + +Adding IPv6 subnet to server and clients configuration files. + +## Next + +Enable IPv6 routing in the domain controller, for a single-ip usage. + +## BSD routing + +The default routing configuration does not allow my domain controller to reach +the **ungleich's infrastructure and services**. + +``` +echo "\!/sbin/route add -inet 185.203.112/24 185.203.114.1" >> /etc/hostname.vio1 +``` + +Then I want to be able to access IPv6 only services when I'm using my wireguard +server (right now it only allows to force IPv4 to the client). -- cgit v1.2.3