I have a server with wireguard in a container with host networking. I want to assign an ipv6 subnet for each peer (eg: fd42:413d:a91f:dd37::/64) that the client (my laptop) can freely use all the addresses in that subnet and corresponding port ranges as a separate network interface. Meanwhile on the server, that exact same ip and port is routed to that specific client but through the tunnel.

Here’s an example:

  1. Server config

    [Interface]
    Address = fd42::1/128
    ListenPort = 51820
    PrivateKey = <key>
    
    [Peer]
    PublicKey = <key>
    AllowedIPs = fd42:413d:a91f:dd37::/64
    
  2. Client config

    [Interface]
    PrivateKey = <key>
    Address = fd42:413d:a91f:dd37::1/64
    
    [Peer]
    PublicKey = <key>
    Endpoint = server.local:51820
    AllowedIPs = fd42:413d::/32, fd42:413d:a91f:dd37::/64
    
  3. Run a server on the client

    python -m http.server 8080 --bind fd42:413d:a91f:dd37::1 -d dist
    
  4. Access on the server

    curl -svL http://[fd42:413d:a91f:dd37::1]:8080/
    

I can’t get step 4 to work. It’s also entirely possible that my lack of knowledge in networking is making me think this is even possible in the first place. Any help is appreciated!

  • grafcubeOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 months ago

    It doesn’t have to be the same address, just one that I can be sure is associated with a specific peer.

    Here’s what I see with ip -6 route

    2405:201:d03c:d849::/64 dev enp1s0 proto ra metric 100 pref medium
    fd42::1 dev wg0 proto kernel metric 256 pref medium
    fe80::/64 dev docker0 proto kernel metric 256 pref medium
    fe80::/64 dev vethe60384e proto kernel metric 256 pref medium
    fe80::/64 dev veth9415685 proto kernel metric 256 pref medium
    fe80::/64 dev vetha288603 proto kernel metric 256 pref medium
    fe80::/64 dev veth99b7aad proto kernel metric 256 pref medium
    fe80::/64 dev vethabf9238 proto kernel metric 256 pref medium
    fe80::/64 dev enp1s0 proto kernel metric 1024 pref medium
    default via fe80::8ea3:99ff:fe5a:d796 dev enp1s0 proto ra metric 100 pref high
    

    I’m a little confused where the NAT comes in.

    I think I misunderstood how NAT works.