I have a server with wireguard in a container with host networking. I want to assign an ipv6 subnet for each peer (eg: fd42:413d:a91f:dd37::/64) that the client (my laptop) can freely use all the addresses in that subnet and corresponding port ranges as a separate network interface. Meanwhile on the server, that exact same ip and port is routed to that specific client but through the tunnel.

Here’s an example:

  1. Server config

    [Interface]
    Address = fd42::1/128
    ListenPort = 51820
    PrivateKey = <key>
    
    [Peer]
    PublicKey = <key>
    AllowedIPs = fd42:413d:a91f:dd37::/64
    
  2. Client config

    [Interface]
    PrivateKey = <key>
    Address = fd42:413d:a91f:dd37::1/64
    
    [Peer]
    PublicKey = <key>
    Endpoint = server.local:51820
    AllowedIPs = fd42:413d::/32, fd42:413d:a91f:dd37::/64
    
  3. Run a server on the client

    python -m http.server 8080 --bind fd42:413d:a91f:dd37::1 -d dist
    
  4. Access on the server

    curl -svL http://[fd42:413d:a91f:dd37::1]:8080/
    

I can’t get step 4 to work. It’s also entirely possible that my lack of knowledge in networking is making me think this is even possible in the first place. Any help is appreciated!

  • Max@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    24 days ago

    I’m a little confused where the NAT comes in. It sounds like you want to use the same addresses on the server and the client, which means that there is no translation going on, just routing?

    I’m not familiar with wireguard, so I’m not going to be much help with that, but I’d imagine that you need to tell the server that that subnet is routed via the wireguard interface? If you do like ip -6 route on the server do you see that fd42:413d:a91f:dd37::/64 is routed via wireguard?

    • grafcubeOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      24 days ago

      It doesn’t have to be the same address, just one that I can be sure is associated with a specific peer.

      Here’s what I see with ip -6 route

      2405:201:d03c:d849::/64 dev enp1s0 proto ra metric 100 pref medium
      fd42::1 dev wg0 proto kernel metric 256 pref medium
      fe80::/64 dev docker0 proto kernel metric 256 pref medium
      fe80::/64 dev vethe60384e proto kernel metric 256 pref medium
      fe80::/64 dev veth9415685 proto kernel metric 256 pref medium
      fe80::/64 dev vetha288603 proto kernel metric 256 pref medium
      fe80::/64 dev veth99b7aad proto kernel metric 256 pref medium
      fe80::/64 dev vethabf9238 proto kernel metric 256 pref medium
      fe80::/64 dev enp1s0 proto kernel metric 1024 pref medium
      default via fe80::8ea3:99ff:fe5a:d796 dev enp1s0 proto ra metric 100 pref high
      

      I’m a little confused where the NAT comes in.

      I think I misunderstood how NAT works.