Les sites "monip" me donnent l'adresse IPV4 de Wireguard mais l'adresse IPV6 de mon réseau d'origine

My YunoHost server

Hardware: x86_64 computer
YunoHost version: 11.1.18 (stable)
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
If your request is related to an app, specify its name and version: 0.4.0~ynh1

Modèle de message (français)

Description de mon problème

Bonjour à tous, j’ai installé wireguard et j’arrive à me connecter sur le serveur Yunohost avec Wireguard.

Une fois connecté, je me rends sur des sites type “monippublique” qui me renvoie l’adresse IPV4 du serveur Yunohost, mais il renvoie également l’adresseIPV6 de mon réseau d’origine (ce qui perd l’intérêt d’un VPN puisqu’un type d’IP est chiffré dans le tunnel, mais l’autre non).

Voici le contenu du fichier de configuration client wg0.conf :

[Interface]
Address = 10.10.10.2/32
PrivateKey = xxxxxxxxxxxxxxxxxxxxxx
MTU = 1450
DNS = 192.168.1.254

[Peer]
PublicKey = yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
PresharedKey = zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
AllowedIPs = 0.0.0.0/0,::/0
Endpoint = <ADRESSE_IPV4_PUBLIQUE_YUNOHOST:PORT>
PersistentKeepalive = 15

Question

Faut-il rajouter l’adresse IPV6 dans le fichier de configuration, et si oui, comment récupérer cette adresse IPV6 (quelle commande) et comment le formuler dans le fichier de configuration svp ?

Merci beaucoup !

Message template (english)

Description of my problem

Hello everyone, I have installed wireguard and I can connect successfully to the server with Wireguard.

Once connected, I go to sites like “mypublicip” which returns the IPV4 address of the Yunohost server, but it also returns the IPV6 address of my home network (which loses the interest of a VPN since one type of IP is encrypted in the tunnel, but the other one not).

Here are the contents of the client configuration file wg0.conf :

[Interface]
Address = 10.10.10.2/32
PrivateKey = xxxxxxxxxxxxxxxxxxxxxx
MTU = 1450
DNS = 192.168.1.254

[Peer]
PublicKey = yyyyyyyyyyyyyyyyyyyyyyyyyyyy
PresharedKey = zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
AllowedIPs = 0.0.0.0/0,::/0
Endpoint = <YUNOHOST_PUBLIC_IPV4_ADDRESS:PORT>
PersistentKeepalive = 15

Question

Should the IPV6 address be added in the configuration file, and if so, how to get this IPV6 (which command) address and how to formulate it in the configuration file please?

Thanks a lot!

Here you are missing an IPv6 address for your VPN client.

For example, on the server:

Screenshot_20230423_094947_Firefox987×569 46.7 KB

Then save, Apply Config, download the Client configuration file and apply it to the Client.

Thank you very much as usual for your kind help ! Please, I do not want to make a mistake :

shall I add fd42::22/128 or my client specific IPV6 address, and if yes, how to get this address from the command line ? (usually IPV6 address are very long so, because I do not know very well IP topics, I am surprised to see a short one like fd42::22/128 ).

thank you very much

How are you managing your WireGuard server?

I use the same wireguard app for yunohost that you have shown on your above picture. I fill in the fields, then I click on Save and Apply changes and I download the .conf file for the client side.

But I also have access to ssh in case you need more information.

Then, it is the WireGuard Server that sets the IPv6 address. There is no setting it from the command line. fd42::22/128 is from my example, based on yours I would rather encourage you to set it to fd42::2/128.

However I forgot to have you check the Server’s IPv6 range:

Here fd42::/112 means that the Server can handle all addresses between fd42:0000:0000:0000:0000:0000:0000:0000 and fd42:0000:0000:0000:0000:0000:0000:ffff. (you can play with Calculatrice CIDR IPv4 / IPv6 | RAKKOTOOLS🔧 to understand CIDR notation better) :: is a shortcut for “plenty of zeroes”.

Thank you tituspijean, I have tried but without success unfortunately. If you have no more idea about tunelling IPV6, what do you think if we could make IPV6 undetected (I know it might be possible but I don’t know how to do it) ?

Can you share the output of the command sudo wg from both the server and the client? You may hide public IP addresses, but make sure they are replaced with the same text in both outputs, so that I can understand better what’s going on.

What’s the output of sudo cat /etc/sysctl.d/wireguard.conf on the server, too?

Hello, this is strange : there is no output from both server and client sides (for both sudo wg and sudo cat /etc/sysctl.d/wireguard.conf).
Are you sure the commands are the good ones to run please ?

• But I do have a conf file in my client :

sudo nano /etc/wireguard/wg0.conf

[Interface]
Address = 10.10.10.2/32
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
MTU = 1450
DNS = 192.168.1.254

[Peer]
PublicKey = yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
PresharedKey = zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
AllowedIPs = 0.0.0.0/0,::/0
Endpoint = publicIP:8098
PersistentKeepalive = 15

This means somehow the server and the client are not running… which is very weird since you say it work for IPv4. Your client does not have an IPv6 setting. Download its config again from the server, and update the file.

Then on both server and client, try sudo wg-quick up wg0 and report the outputs. If it complains about it already running sudo wg-quick down wg0 and up again.

I suspect I don’t fill correctly the config file form, please could you confirm the way I shall fill it ?

Capture d’écran du 2023-04-25 19-46-09595×884 59.7 KB

This is what I have filled :

• Name : wg0
• Email : my yunohost email
• IP Allocation : 10.10.10.3/24
• Allowed IPs : 1st 0.0.0.0/0 2nd ::/0
• Extra Allowed IPs : empty
• Use server DNS selected
• Enable after creation selected
• I didn’t touch Public and Preshared Keys (it is mentionned Autogenerated)

Is that correct please ? Again, thank you very much

Add fd42::3/128 there.

Thank you very much, it says the error message even if I have checked to click on “Save” & “Apply config” on the server tab before filling the form :

Capture d’écran du 2023-04-25 21-36-04-obfuscated1251×893 72 KB

Capture d’écran du 2023-04-25 21-43-40-obfuscated1603×821 130 KB

Do you know why ?

In the “WireGuard Server Settings” page, “Server Interface Addresses” section, you should put the networks that the server can manage. Your configuration there is wrong. Try 10.10.10.0/24 fd42::/112, as it was initially setup.

(if it still complains about the IP address, remove the client first, then setup the server)

THANK YOU ! It works, that was a challenge ! The IPV4 is correctly shown (wireguard server address) and the IPV6 is either not detected or the Wireguard server IPV6 address.

So I keep notes in case it happen again (I don’t hope so) :

1. First, go on Wireguard Server tab > and fill as below :
   

   

   Capture d’écran du 2023-04-25 23-53-40-obfuscated1603×821 129 KB

2. Then click on both buttons Save and Apply Changes (in that specific order).

3. Click on + New client : IP allocation shall be filled automatically, but I have to add ::/0 on Allowed IPs. The form shall shall be as below :
   

   

   Capture d’écran du 2023-04-25 23-58-47587×888 65.2 KB

4. Finally go on Wireguard Clients tab and Download the new client by clicking on the Download button.
   

5. Then on the client device (laptop/PC/etc.) open a terminal and do :

sudo mv ~/Téléchargements/wg0.conf /etc/wireguard/ # this code migrates the wireguard config in the proper location. 'wg0' is for example purpose, replace the conf file name by the downloaded one from wireguard GUI
sudo nmcli connection import type wireguard file /etc/wireguard/wg0.conf # this code allow to have a switch on the top bar to connect quickly to wireguard (Gnome desktop). 'wg0' is for example purpose, replace the conf file name by the downloaded one from wireguard GUI
nmcli connection modify PLC connection.autoconnect no # this code prevent to boot on wireguard

Thank you so much @tituspijean for you kind help ! Do you think the Readme file shall explain a step by step tutorial ? I think it would be really useful for beginners like me.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.