Re: Roaming between IPv4 and IPv6?
Kalin KOZHUHAROVwrites: > On Tue, Mar 6, 2018 at 11:14 PM, Jason A. Donenfeld wrote: >> On Tue, Mar 6, 2018 at 11:08 PM, Toke Høiland-Jørgensen wrote: >>> I think the idea of configuring both v4 and v6 on startup and caching >>> them is a reasonable idea. Maybe even configure all available addresses >>> when doing the initial DNS lookup? Or is that awkward to do? >> >> You mean taking one v4 and one v6? That's probably possible. Since >> getaddrinfo has complicated ordering logic, this probably be best >> expressed as something like "endpoint" and "secondary endpoint" when >> told by userspace, with them then being swapped when the FIB complains >> about trying to route to one of them. >> > A slight simplification/generalization will be to define a peer in > terms of and ordered C-list of IP addresses (whether v4 or v6), 0 or > more (currently 0 or 1 IP+port). Yeah, this is basically what I meant: Resolve *all* A and records of the configured hostname (for bonus points: get the port number from SRV records), and stuff them all into the kernel, which will then use all of them as possible candidates for connecting and use whichever works (or do happy eyeballs, or something). However, yeah, this is maybe a bit overkill, but could be a cool idea for GSOC. For a simple v4/v6 roaming fix, having one v4 and one v6 configured and switching between them when the FIB state changes would probably suffice. I think I would add a v6 preference, though; otherwise it'll never roam back to v6 once it's on v4 unless the client connects to a v6-only network. So something like: If v6 FIB becomes routable, try the v6 address and switch to that if it works; if v6 FIB becomes unroutable, switch to v4 address... -Toke ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Roaming between IPv4 and IPv6?
On Tue, Mar 6, 2018 at 11:14 PM, Jason A. Donenfeldwrote: > On Tue, Mar 6, 2018 at 11:08 PM, Toke Høiland-Jørgensen wrote: >> I think the idea of configuring both v4 and v6 on startup and caching >> them is a reasonable idea. Maybe even configure all available addresses >> when doing the initial DNS lookup? Or is that awkward to do? > > You mean taking one v4 and one v6? That's probably possible. Since > getaddrinfo has complicated ordering logic, this probably be best > expressed as something like "endpoint" and "secondary endpoint" when > told by userspace, with them then being swapped when the FIB complains > about trying to route to one of them. > A slight simplification/generalization will be to define a peer in terms of and ordered C-list of IP addresses (whether v4 or v6), 0 or more (currently 0 or 1 IP+port). Then sending will try the first and move to the next, possibly adding a "bad score", until one of the endpoint is reachable; then keep using it until it fails again. Those IP addresses may come from say A records of a certain host (this is not WG land anyway), slapping a default port at the back. Add a fat warning that the more unreachable IP addresses you add, the more delays will be introduced. (of course, to make things simple, a peer is defined as knowing the secret key; changing IPs, and ports and allowed_ips does not matter) Another GSoC idea, LoL. Cheers, Kalin. ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Roaming between IPv4 and IPv6?
"Jason A. Donenfeld"writes: > Hey Toke, > > For incoming packets, this would be strange behavior, since it's > listening on v4 and v6. Yeah, I think the incoming side is fine (it works over both v4 and v6 as long as I have connectivity on the other end). > For outgoing packets, if wireguard thinks it should be sending to a v6 > address, then that's what it will do. Right, so it's not just me, this doesn't actually work currently. Cool ;) > One way to fix this would be to re-resolve DNS from userspace, which > is a bit ugly. Another way would be to simply store the last v4 > address, and fall back to that if it can't establish a route for the > v6 address. And yet another way -- if simplicity is desired -- would > be to do nothing (the status quo), and not build legacy semantics into > something new. Any opinions on this? While I can appreciate the simplicity of doing nothing, I think seamless roaming even across v4/v6 is a pretty killer feature to have. It turns wireguard into a "universal connectivity" tool that you can just enable and forget about, without having to worry about calls dropping when roaming, etc. I think the idea of configuring both v4 and v6 on startup and caching them is a reasonable idea. Maybe even configure all available addresses when doing the initial DNS lookup? Or is that awkward to do? -Toke ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
Re: Roaming between IPv4 and IPv6?
Hey Toke, For incoming packets, this would be strange behavior, since it's listening on v4 and v6. For outgoing packets, if wireguard thinks it should be sending to a v6 address, then that's what it will do. One way to fix this would be to re-resolve DNS from userspace, which is a bit ugly. Another way would be to simply store the last v4 address, and fall back to that if it can't establish a route for the v6 address. And yet another way -- if simplicity is desired -- would be to do nothing (the status quo), and not build legacy semantics into something new. Any opinions on this? Jason ___ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard