Re: wg(4) ipv6 ospf6d
On 2021/08/25 22:23, Sebastian Benoit wrote:
> Stefan Sperling(s...@stsp.name) on 2021.08.25 22:02:02 +0200:
> > On Wed, Aug 25, 2021 at 08:13:26PM +0200, Florian Obser wrote:
> > > On 2021-08-25 18:02 +01, Stuart Henderson wrote:
> > > > Trying to announce a network on a wg(4) interface via ospf6d, just
> > > > using passive to pick up the prefix, i.e.
> > > >
> > > > interface wg0 { passive }
> > > >
> > > > It's failing with "/etc/ospf6d.conf:10: unnumbered interface wg0".
> > > >
> > > > With -v I get 'interface with index 27 not found' (this is "normal"
> > > > with ospf6d) and the routable address does show up e.g. "if_newaddr:
> > > > ifindex 27, addr 2a03::xx:xx::/64" before giving the
> > > > unnumbered interface error. There is normally no link-local address
> > > > for wg.
> > > >
> > > > If I manually configure a link-local the interface is successfully
> > > > added.
> > > >
> > > > Anyone have an idea what the behaviour should be here? For passive
> > > > would it make sense to accept an interface without link-local?
> > > >
> > >
> > > RFC 4291 2.1:
> > >All interfaces are required to have at least one Link-Local unicast
> > >address.
> >
> > If you're not using the interface to send or receive OSPF messages this
> > should not matter. I doubt the RFC authors considered the possibility
> > of an IPv6-capable interface that doesn't support link-local.
>
> Thats because by definition it's not IPv6 capable :-P
>
> In this case, it should be possible to distribute a route that points to the
> wg peer using
>
> redistribute _prefix_ depend on wg0
>
> instead of using passive.
>
> If that does not work i would like to know why.
>
Yes this does work and I think I prefer it, thanks.
(I had problems either with "redistribute" or with my expectations of
what it would do before, but this seems alright..)
Re: wg(4) ipv6 ospf6d
On Wed, Aug 25, 2021 at 10:29:36PM +0100, Stuart Henderson wrote: > On 2021/08/25 13:33, Daniel Jakots wrote: > > On Wed, 25 Aug 2021 18:02:11 +0100, Stuart Henderson > > wrote: > > > > > If I manually configure a link-local the interface is successfully > > > added. > > > > > > Anyone have an idea what the behaviour should be here? For passive > > > would it make sense to accept an interface without link-local? > > > > I discussed about that with remi@ a few months ago when I considered > > using ospf6d, as I had the same cryptic error than you give. I was told: > > > > > ospf6d can not work without a link-local address on the interface. > > > RFC 5340 mandates the use of link-local addresses in section 2.5. > > > > And here's a link to the mentioned section: > > https://datatracker.ietf.org/doc/html/rfc5340#section-2.5 > > > > Cheers, > > Daniel > > Thanks, but in itself that doesn't give a reason to have this > restriction on a "passive" interface, in that case it's only > redistributing the network on the interface, not sending OSPF packets on > the interface itself. > I think with a passive interface OSPFv3 could work without link-local address. Allowing that in ospf6d would need a little bit of code shuffling. The config parser checks the existence of a link-local address on an interface before it looks at the interface block where the passive option would be. Maybe there are more places that would need to be changed. Remi
Re: wg(4) ipv6 ospf6d
On Thu, Aug 26, 2021 at 12:20:58AM +0100, Stuart Henderson wrote: > On 2021/08/25 19:58, Crystal Kolipe wrote: > > On Wed, Aug 25, 2021 at 06:02:11PM +0100, Stuart Henderson wrote: > > > If I manually configure a link-local the interface is successfully > > > added. > > > > > > Anyone have an idea what the behaviour should be here? For passive > > > would it make sense to accept an interface without link-local? > > > > Is there a specific use case for leaving the interface configured without > > IPv6 link-local? > > > > We use IPv6 extensively, (and are aware of various issues with the OpenBSD > > IPv6 implementation), but I'm not aware of any advantage or problem that is > > resolved by deliberately removing or not configuring link-local. If we > > support this particular case of wg on such an interface, and by extension > > encourage the general practice, then users with little experience of IPv6 > > are likely to start shooting themselves in the foot by disabling it on a > > whim. > > > > If there is a problem somewhere that is resolved by removing IPv6 > > link-local, I'm curious to know what it is. > > > > It's not a question of "removing IPv6 link-local", with wg it is not > there at all unless you go out your way and explicitly configure a > link-local address. Then surely the correct solution is to ensure that wg interfaces with any IPv6 address configured also present a link-local, rather than trying to accomodate the the non-standard configuration of an interface which doesn't? That is why I asked if there was a use case which I wasn't aware of. This would also make the behaviour of wg more consistent with other methods of implementing a VPN. For example, we tend to use ipsec exclusively over IPv6 binding it to various vether interfaces at the endpoints, and those vether interfaces gain usable IPv6 link local addresses automatically as expected. Even if ospf6d is changed to accept an interface without link-local, wouldn't it still be desirable for wg interfaces to configure a locally scoped address just as vether does?
Re: wg(4) ipv6 ospf6d
On 2021/08/25 19:58, Crystal Kolipe wrote: > On Wed, Aug 25, 2021 at 06:02:11PM +0100, Stuart Henderson wrote: > > If I manually configure a link-local the interface is successfully > > added. > > > > Anyone have an idea what the behaviour should be here? For passive > > would it make sense to accept an interface without link-local? > > Is there a specific use case for leaving the interface configured without > IPv6 link-local? > > We use IPv6 extensively, (and are aware of various issues with the OpenBSD > IPv6 implementation), but I'm not aware of any advantage or problem that is > resolved by deliberately removing or not configuring link-local. If we > support this particular case of wg on such an interface, and by extension > encourage the general practice, then users with little experience of IPv6 are > likely to start shooting themselves in the foot by disabling it on a whim. > > If there is a problem somewhere that is resolved by removing IPv6 link-local, > I'm curious to know what it is. > It's not a question of "removing IPv6 link-local", with wg it is not there at all unless you go out your way and explicitly configure a link-local address.
Re: wg(4) ipv6 ospf6d
On Wed, Aug 25, 2021 at 06:02:11PM +0100, Stuart Henderson wrote: > If I manually configure a link-local the interface is successfully > added. > > Anyone have an idea what the behaviour should be here? For passive > would it make sense to accept an interface without link-local? Is there a specific use case for leaving the interface configured without IPv6 link-local? We use IPv6 extensively, (and are aware of various issues with the OpenBSD IPv6 implementation), but I'm not aware of any advantage or problem that is resolved by deliberately removing or not configuring link-local. If we support this particular case of wg on such an interface, and by extension encourage the general practice, then users with little experience of IPv6 are likely to start shooting themselves in the foot by disabling it on a whim. If there is a problem somewhere that is resolved by removing IPv6 link-local, I'm curious to know what it is.
Re: wg(4) ipv6 ospf6d
On 2021/08/25 13:33, Daniel Jakots wrote: > On Wed, 25 Aug 2021 18:02:11 +0100, Stuart Henderson > wrote: > > > If I manually configure a link-local the interface is successfully > > added. > > > > Anyone have an idea what the behaviour should be here? For passive > > would it make sense to accept an interface without link-local? > > I discussed about that with remi@ a few months ago when I considered > using ospf6d, as I had the same cryptic error than you give. I was told: > > > ospf6d can not work without a link-local address on the interface. > > RFC 5340 mandates the use of link-local addresses in section 2.5. > > And here's a link to the mentioned section: > https://datatracker.ietf.org/doc/html/rfc5340#section-2.5 > > Cheers, > Daniel Thanks, but in itself that doesn't give a reason to have this restriction on a "passive" interface, in that case it's only redistributing the network on the interface, not sending OSPF packets on the interface itself.
Re: wg(4) ipv6 ospf6d
Stefan Sperling(s...@stsp.name) on 2021.08.25 22:02:02 +0200:
> On Wed, Aug 25, 2021 at 08:13:26PM +0200, Florian Obser wrote:
> > On 2021-08-25 18:02 +01, Stuart Henderson wrote:
> > > Trying to announce a network on a wg(4) interface via ospf6d, just
> > > using passive to pick up the prefix, i.e.
> > >
> > > interface wg0 { passive }
> > >
> > > It's failing with "/etc/ospf6d.conf:10: unnumbered interface wg0".
> > >
> > > With -v I get 'interface with index 27 not found' (this is "normal"
> > > with ospf6d) and the routable address does show up e.g. "if_newaddr:
> > > ifindex 27, addr 2a03::xx:xx::/64" before giving the
> > > unnumbered interface error. There is normally no link-local address
> > > for wg.
> > >
> > > If I manually configure a link-local the interface is successfully
> > > added.
> > >
> > > Anyone have an idea what the behaviour should be here? For passive
> > > would it make sense to accept an interface without link-local?
> > >
> >
> > RFC 4291 2.1:
> >All interfaces are required to have at least one Link-Local unicast
> >address.
>
> If you're not using the interface to send or receive OSPF messages this
> should not matter. I doubt the RFC authors considered the possibility
> of an IPv6-capable interface that doesn't support link-local.
Thats because by definition it's not IPv6 capable :-P
In this case, it should be possible to distribute a route that points to the
wg peer using
redistribute _prefix_ depend on wg0
instead of using passive.
If that does not work i would like to know why.
Re: wg(4) ipv6 ospf6d
On 25 August 2021 22:02:02 CEST, Stefan Sperling wrote:
>On Wed, Aug 25, 2021 at 08:13:26PM +0200, Florian Obser wrote:
>> On 2021-08-25 18:02 +01, Stuart Henderson wrote:
>> > Trying to announce a network on a wg(4) interface via ospf6d, just
>> > using passive to pick up the prefix, i.e.
>> >
>> > interface wg0 { passive }
>> >
>> > It's failing with "/etc/ospf6d.conf:10: unnumbered interface wg0".
>> >
>> > With -v I get 'interface with index 27 not found' (this is "normal"
>> > with ospf6d) and the routable address does show up e.g. "if_newaddr:
>> > ifindex 27, addr 2a03::xx:xx::/64" before giving the
>> > unnumbered interface error. There is normally no link-local address
>> > for wg.
>> >
>> > If I manually configure a link-local the interface is successfully
>> > added.
>> >
>> > Anyone have an idea what the behaviour should be here? For passive
>> > would it make sense to accept an interface without link-local?
>> >
>>
>> RFC 4291 2.1:
>>All interfaces are required to have at least one Link-Local unicast
>>address.
>
>If you're not using the interface to send or receive OSPF messages this
>should not matter. I doubt the RFC authors considered the possibility
>of an IPv6-capable interface that doesn't support link-local.
>
I'm always amazed when anything works at all with wireguard and IPv6.
Not my fleas, not my circus *shrug*
--
Sent from a mobile device. Please excuse poor formatting.
Re: wg(4) ipv6 ospf6d
On Wed, Aug 25, 2021 at 08:13:26PM +0200, Florian Obser wrote:
> On 2021-08-25 18:02 +01, Stuart Henderson wrote:
> > Trying to announce a network on a wg(4) interface via ospf6d, just
> > using passive to pick up the prefix, i.e.
> >
> > interface wg0 { passive }
> >
> > It's failing with "/etc/ospf6d.conf:10: unnumbered interface wg0".
> >
> > With -v I get 'interface with index 27 not found' (this is "normal"
> > with ospf6d) and the routable address does show up e.g. "if_newaddr:
> > ifindex 27, addr 2a03::xx:xx::/64" before giving the
> > unnumbered interface error. There is normally no link-local address
> > for wg.
> >
> > If I manually configure a link-local the interface is successfully
> > added.
> >
> > Anyone have an idea what the behaviour should be here? For passive
> > would it make sense to accept an interface without link-local?
> >
>
> RFC 4291 2.1:
>All interfaces are required to have at least one Link-Local unicast
>address.
If you're not using the interface to send or receive OSPF messages this
should not matter. I doubt the RFC authors considered the possibility
of an IPv6-capable interface that doesn't support link-local.
Re: wg(4) ipv6 ospf6d
On 2021-08-25 18:02 +01, Stuart Henderson wrote:
> Trying to announce a network on a wg(4) interface via ospf6d, just
> using passive to pick up the prefix, i.e.
>
> interface wg0 { passive }
>
> It's failing with "/etc/ospf6d.conf:10: unnumbered interface wg0".
>
> With -v I get 'interface with index 27 not found' (this is "normal"
> with ospf6d) and the routable address does show up e.g. "if_newaddr:
> ifindex 27, addr 2a03::xx:xx::/64" before giving the
> unnumbered interface error. There is normally no link-local address
> for wg.
>
> If I manually configure a link-local the interface is successfully
> added.
>
> Anyone have an idea what the behaviour should be here? For passive
> would it make sense to accept an interface without link-local?
>
RFC 4291 2.1:
All interfaces are required to have at least one Link-Local unicast
address.
--
I'm not entirely sure you are real.
Re: wg(4) ipv6 ospf6d
On Wed, 25 Aug 2021 18:02:11 +0100, Stuart Henderson wrote: > If I manually configure a link-local the interface is successfully > added. > > Anyone have an idea what the behaviour should be here? For passive > would it make sense to accept an interface without link-local? I discussed about that with remi@ a few months ago when I considered using ospf6d, as I had the same cryptic error than you give. I was told: > ospf6d can not work without a link-local address on the interface. > RFC 5340 mandates the use of link-local addresses in section 2.5. And here's a link to the mentioned section: https://datatracker.ietf.org/doc/html/rfc5340#section-2.5 Cheers, Daniel
wg(4) ipv6 ospf6d
Trying to announce a network on a wg(4) interface via ospf6d, just
using passive to pick up the prefix, i.e.
interface wg0 { passive }
It's failing with "/etc/ospf6d.conf:10: unnumbered interface wg0".
With -v I get 'interface with index 27 not found' (this is "normal"
with ospf6d) and the routable address does show up e.g. "if_newaddr:
ifindex 27, addr 2a03::xx:xx::/64" before giving the
unnumbered interface error. There is normally no link-local address
for wg.
If I manually configure a link-local the interface is successfully
added.
Anyone have an idea what the behaviour should be here? For passive
would it make sense to accept an interface without link-local?
