Community discussions

MikroTik App
 
WGH
just joined
Topic Author
Posts: 4
Joined: Wed May 16, 2018 1:52 pm

WireGuard misroutes some IPv6 subnets to the wrong peer

Sun Sep 18, 2022 9:15 pm

# sep/18/2022 20:56:14 by RouterOS 7.6beta6
# software id = C0G8-ZJRZ
#
# model = RouterBOARD D52G-5HacD2HnD-TC
# serial number = ...
/interface wireguard
add listen-port=51820 mtu=1420 name=myvpn
/interface wireguard peers
add allowed-address=fd07:a3d6:156f:1::/64 comment=wrench interface=myvpn public-key=\
    "..."
add allowed-address=fd07:a3d6:156f:3::2/128 comment=sixty-four endpoint-address="" interface=myvpn public-key=\
    "..."
add allowed-address=fd07:a3d6:156f:3::3/128 comment=sweet interface=myvpn public-key=\
    "..."
For some reason, apparently, all packets destined to fd07:a3d6:156f:1::/96 (that is, from fd07:a3d6:156f:1::0000:0000 to fd07:a3d6:156f:1::ffff:ffff) are routed to the last peer (named sweet), even though it should be routed to wrench. Packets to fd07:a3d6:156f:1:0:1:0:1, for example, are correctly routed to wrench.

I made this conclusion because whenever I try to send a packet to fd07:a3d6:156f:1::/96, tx counter for sweet increases, as if MikroTik tries to do a handshake with that peer. Handshake eventually fails though, and WireGuard interface tx drop counter increases.

Also, disabling sweet "fixes" the problem, and packets start to get routed to wrench correctly for all destination addresses.

I had this problem with 7.5, and 7.6beta6 hasn't changed anything.
Last edited by WGH on Mon Sep 19, 2022 4:54 pm, edited 2 times in total.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: WireGuard misroutes some IPv6 subnet to the wrong peer

Sun Sep 18, 2022 9:36 pm

yay, another topic for the same issue...
viewtopic.php?t=185055
 
WGH
just joined
Topic Author
Posts: 4
Joined: Wed May 16, 2018 1:52 pm

Re: WireGuard misroutes some IPv6 subnet to the wrong peer

Sun Sep 18, 2022 9:41 pm

yay, another topic for the same issue...
viewtopic.php?t=185055
Perhaps that issue is related, but in my case, it's more complicated than "the last changed peer works".
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: WireGuard misroutes some IPv6 subnets to the wrong peer

Sun Sep 18, 2022 9:52 pm

Sure, same bug though.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: WireGuard misroutes some IPv6 subnets to the wrong peer

Mon Sep 19, 2022 5:06 am

cancel ipv6 :-)
 
WGH
just joined
Topic Author
Posts: 4
Joined: Wed May 16, 2018 1:52 pm

Re: WireGuard misroutes some IPv6 subnets to the wrong peer

Tue May 23, 2023 3:32 pm

It got finally fixed in 7.10! (currently in beta)
*) wireguard - fixed IPv6 traffic processing with multiple peers;

Who is online

Users browsing this forum: No registered users and 22 guests