On Tue, 17 Nov 2020 13:00:01 +0100 "Marco Davids (SIDN)" <[email protected]> wrote:
> Hello, > > We have a Wireguard VPN and everything is working fine. > > There is just one little thing: IPv6 Happy Eyeballs. > > Without the VPN enabled, happy eyeballs works fine. The AAAA (IPv6) is > preferred over A (IPv4). But as soon as we enable the tunnel, it's the > other way around. > > IPv6-only sites are perfectly reachable, but dual-stack sites are always > reached over IPv4. > > It is not a showstopper, but I am just trying to understand why this is. > > Anyone with the same experience and more knowledge about the inner > workings of Wireguard and Apple's happy eyeballs implementation that > would care to comment? Do you use ULA IPs (fc00::/7) for the tunnel endpoints? Those are always depreferred compared to IPv4. See RFC 6724: https://tools.ietf.org/html/rfc6724#section-2.1 -- With respect, Roman
