No IPv6 on HA addons (Wireguard, IPv6 only provider, ...)

TimoF · February 26, 2021, 9:01am

Hi,

I need ipv6 addresses for the addons in HA. Specifically for my Wireguard addon.
The reason is that I switched my provider and only have a unique IPv6 in the internet, no IPv4 anymore.

In docker networks I see the bridge (system) and hassio network.
I added a IPv6 to the bridge (fd01::/80) and I can ping fd01::1 from the machine itself.
The hassio container only has IPv4 entries. So all the addons don’t get IPv6 addresses.
At the moment, I think that is the issue. For Wireguard, and maybe also Adguard who does not reach IPv6 DNS servers any longer, which is strange, because this worked in the past.

Does anyone have an idea how to add IPv6 to the hassio network and IF this has negative effects for anything else?

Thanks

TimoF · February 26, 2021, 12:34pm

Ok. I’m puzzled.

I replaced the url in my Wireguard configuration on my phone to the IPv6 address of my machine where HA and Wireguard addon is runnig. And it connect !?

So the wireguard addon listens on IPv6, even though the hassio docker network has no IPv6 addresses.

Could someone please elaborate who knows more about networks than I do?

TimoF · February 26, 2021, 3:07pm

It gets weirder.

WG server and phone in LAN: WG works with the global internet IPv6 (2a00:####…). Because it’s IPv6, this ip is equivalent inside the LAN as the fe80 and fd00.
This is still strange because in docker no IPv6 is setup for the hassio network, but OK, it works.

Now I disconnect my phone from the LAN/WLAN and use LTE.
I use the same global internet IPv6, setup port forwarding for 51820 … (port forwarding checked with the 8123 port which works). I connect the phone and WG sends data. I see in HA wireguard addon that the same amount of data is received. WG server sends data back to phone, but phone never receives anything --> no handshake.

What the heck?
Anyone an idea?

TimoF · February 26, 2021, 3:23pm

For completeness. copied from Status ipv6 · Issue #82 · hassio-addons/addon-wireguard · GitHub

So far I was not able to add an ipv6 to my wireguard addon

I have the following config:

server:
  host: ###.duckdns.org
  addresses:
    - 172.27.66.1
    - 'fd00:0001::1/64'
  dns:
    - 192.168.178.9
    - 'fe80::3f8e:ce0f:8bee:40a8'

And I get this in the log

[11:14:10] INFO: Starting WireGuard...
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 172.27.66.1/24 dev wg0
[#] ip -6 address add fd00:0001::1/64 dev wg0
RTNETLINK answers: Permission denied
[#] ip link delete dev wg0

So the addon does not start. Only when I use an IPv4 only.

fftorettol · April 28, 2022, 3:04pm

@TimoF Same problem with WireGuard add-on here. Did you manage to fix this issue somehow?

TimoF · April 28, 2022, 7:15pm

Hi @fftorettol

I haven’t tried it for a year. I run a very small orangepi device solely for Adguard and wireguard which turned out to be the better solution because internet does not go down when I update HA.

I also was in contact shortly with frenk, who manages most of the add-ons. He told me ipv6 support between the docker containers was not planned/high priority/possible. Don’t remember.