Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable IPv6 address discovery #578

Merged
merged 3 commits into from
Nov 23, 2022
Merged

Enable IPv6 address discovery #578

merged 3 commits into from
Nov 23, 2022

Conversation

Genteure
Copy link
Contributor

  • Enabled IPv6 address discovery, this allows clients to establish connection directly via IPv6 when available.
  • Added a new config option DisableIPv6Discovery to revert the behavior back to IPv4 only. Default value is false, so existing config will default to using IPv6 when possible without user manually changing the config file.

Tested between my Windows 10 PC and a Raspberry Pi, using the hosted management and signal server (https://app.netbird.io/)

Closes #577

Some notes:

Link-local IPv6 addresses (e.g. fe80:*) are filtered out, unlike IPv4 address (e.g. 10.0.4.3 is not filtered out).
I don't have a Unique local address so I don't know if that's also being filtered out.

ice.Candidate with IPv6 host are formatted similar to fe80::1:51820, this only affects the log output, might be a good idea to submit a fix upstream later.

Filtered log from testing:

Public keys are replaced with <WG_PUBLIC_KEY_1> <WG_PUBLIC_KEY_2>
IPv4 Addresses are replaced with 999.999.999.999
IPv6 Addresses are masked with xxxx

conn.go:559 OnRemoteOffer from peer <WG_PUBLIC_KEY_1> on status Disconnected
conn.go:565 OnRemoteOffer skipping message from peer <WG_PUBLIC_KEY_1> on status Disconnected because is not ready
conn.go:190 trying to connect to peer <WG_PUBLIC_KEY_1>
conn.go:221 connection offer sent to peer <WG_PUBLIC_KEY_1>, waiting for the confirmation
conn.go:574 OnRemoteAnswer from peer <WG_PUBLIC_KEY_1> on status Disconnected
conn.go:242 received connection confirmation from peer <WG_PUBLIC_KEY_1> running version development and with remote WireGuard listen port 51820
conn.go:476 peer <WG_PUBLIC_KEY_1> ICE ConnectionState has changed to Checking
conn.go:121 ignoring interface wt0 - it is not allowed
conn.go:459 discovered local candidate udp4 host 192.168.1.8:42332
conn.go:459 discovered local candidate udp6 host xxxx:xxx:xxxx:xxxx::a000:42332
conn.go:459 discovered local candidate udp6 host xxxx:xxx:xxxx:xxxx:xxxx:xxxx:xxxx:c1ae:42332
conn.go:121 ignoring interface wt0 - it is not allowed
conn.go:459 discovered local candidate udp4 srflx 999.999.999.999:27835 related :::57778
conn.go:588 OnRemoteCandidate from peer <WG_PUBLIC_KEY_1> -> udp6 host xxxx:xxx:xxxx:xxxx::a001:51423
conn.go:588 OnRemoteCandidate from peer <WG_PUBLIC_KEY_1> -> udp6 host xxxx:xxx:xxxx:xxxx:xxxx:xxxx:xxxx:ffe0:51423
noproxy.go:37 using NoProxy while connecting to peer <WG_PUBLIC_KEY_1>
conn.go:476 peer <WG_PUBLIC_KEY_1> ICE ConnectionState has changed to Connected
conn.go:470 selected candidate pair [local <-> remote] -> [udp6 host xxxx:xxx:xxxx:xxxx::a000:42332 <-> udp6 host xxxx:xxx:xxxx:xxxx::a001:51423], peer <WG_PUBLIC_KEY_1>
configuration.go:94 updating interface wt0 peer <WG_PUBLIC_KEY_1>: endpoint [xxxx:xxx:xxxx:xxxx::a001]:51820
configuration.go:35 got Wireguard device wt0
conn.go:295 directly connected to peer <WG_PUBLIC_KEY_1> [laddr <-> raddr] [xxxx:xxx:xxxx:xxxx::a000:51820 <-> xxxx:xxx:xxxx:xxxx::a001:51820]
conn.go:588 OnRemoteCandidate from peer <WG_PUBLIC_KEY_1> -> udp4 host 172.28.64.1:51423
conn.go:459 discovered local candidate udp4 relay 54.255.13.85:46396 related 0.0.0.0:50789
conn.go:588 OnRemoteCandidate from peer <WG_PUBLIC_KEY_1> -> udp4 host 192.168.1.6:51423
conn.go:459 discovered local candidate udp4 relay 54.255.13.85:40497 related 192.168.1.8:60472
conn.go:588 OnRemoteCandidate from peer <WG_PUBLIC_KEY_1> -> udp4 srflx 999.999.999.999:27806 related :::51424
conn.go:588 OnRemoteCandidate from peer <WG_PUBLIC_KEY_1> -> udp4 relay 18.198.13.240:40266 related 0.0.0.0:59880
conn.go:588 OnRemoteCandidate from peer <WG_PUBLIC_KEY_1> -> udp4 relay 18.198.13.240:34423 related 192.168.1.6:63150
conn.go:459 discovered local candidate udp4 relay 52.16.140.95:64436 related 192.168.1.8:37008
conn.go:588 OnRemoteCandidate from peer <WG_PUBLIC_KEY_1> -> udp4 relay 52.16.140.95:30546 related 192.168.1.6:63149

root@raspberrypi:~# wg
interface: wt0
  public key: <WG_PUBLIC_KEY_2>
  private key: (hidden)
  listening port: 51820

peer: <WG_PUBLIC_KEY_1>
  endpoint: [xxxx:xxx:xxxx:xxxx::a001]:51820
  allowed ips: 100.999.999.999/32
  latest handshake: 2 minutes, 49 seconds ago
  transfer: 2.47 KiB received, 1.44 KiB sent
  persistent keepalive: every 25 seconds

@mlsmaycon
Copy link
Collaborator

@Genteure, my apologies; I broke your PR for a moment there using Github's conflict resolution in the browser. I should've asked you to update it on your end.

mlsmaycon
mlsmaycon approved these changes Nov 23, 2022
View reviewed changes
Copy link
Collaborator

@mlsmaycon mlsmaycon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, great stuff @Genteure

@mlsmaycon mlsmaycon merged commit 4bd5029 into netbirdio:main Nov 23, 2022
pulsastrix pushed a commit to pulsastrix/netbird that referenced this pull request Dec 24, 2023
@Genteure
Enable IPv6 address discovery (netbirdio#578)
814feda 
Agents will use IPv6 when available for ICE negotiation
@eet1mu3 eet1mu3 mentioned this pull request Jan 10, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mlsmaycon mlsmaycon mlsmaycon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support sending wireguard traffic over IPv6
2 participants
@Genteure @mlsmaycon