TunSafe Forum

Welcome to the TunSafe Community Forum. This is open for discussions related to TunSafe and the WireGuard protocol.

You are not logged in.

#1 2019-02-17 15:30:10

janw
Member
Registered: 2018-10-23
Posts: 11

TunSafe for Linux not binding to IPv6

Hi,

I use a Linux VM as a TunSafe endpoint to connect to various other VPNs. It works well using IPv4, but the TunSafe daemon does not bind to IPv6. I verified IPv6 connectivity using NetCat. TunSafe is set up to listen to port 51820/UDP and port 443/TCP. Here is my config file:

[Interface]
Address = 10.19.49.1/24,fd9d:bc11:4021::1/48

PostUp = iptables -A FORWARD -i tun0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens2 -j MASQUERADE; iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE; ip6tables -A FORWARD -i tun0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o ens2 -j MASQUERADE
PostDown = iptables -D FORWARD -i tun0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens2 -j MASQUERADE; iptables -t nat -D POSTROUTING -o tun+ -j MASQUERADE; ip6tables -D FORWARD -i tun0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o ens2 -j MASQUERADE


ListenPort = 51820
ListenPortTCP = 443
PrivateKey = <key>


[Peer]
PublicKey = <key>
AllowedIPs = 10.19.49.101/32,fd9d:bc11:4021::101/128
Features=hybrid_tcp

Is this a bug or am I missing something?

Edit:

Here is the output of netstat while TunSafe is running:

tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      11108/systemd-resol
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1193/sshd
tcp6       0      0 :::22                   :::*                    LISTEN      1193/sshd
udp        0      0 127.0.0.53:53           0.0.0.0:*                           11108/systemd-resol
udp        0      0 0.0.0.0:68              0.0.0.0:*                           785/dhclient
udp        0      0 0.0.0.0:51820           0.0.0.0:*                           8269/tunsafe

However, port :::51820 seems to be in use by TunSafe, event though netstat doesn't register it:

> nc -l -u :: 51820
nc: Address already in use

Doesn't change the fact that I can't connect via IPv6 from other systems

Thanks,
Jan

Last edited by janw (2019-02-17 15:35:50)

Offline

#2 2019-02-26 23:41:05

rhester72
Member
Registered: 2018-09-07
Posts: 13

Re: TunSafe for Linux not binding to IPv6

Your netstat output definitely shows the listener socket on 51820 UDP (UDP never indicates 'LISTEN'), but it is indeed listening on IPv4 only.  I'm dual-stack as well and just saw the same thing.  It's an issue.

Offline

Board footer

Powered by FluxBB