3

I have a server with wireguard in a container with host networking. I want to assign an ipv6 subnet for each peer (eg: fd42:413d:a91f:dd37::/64) that the client (my laptop) can freely use all the addresses in that subnet and corresponding port ranges as a separate network interface. Meanwhile on the server, that exact same ip and port is routed to that specific client but through the tunnel.

Here's an example:

  1. Server config

    [Interface]
    Address = fd42::1/128
    ListenPort = 51820
    PrivateKey = <key>
    
    [Peer]
    PublicKey = <key>
    AllowedIPs = fd42:413d:a91f:dd37::/64
    
  2. Client config

    [Interface]
    PrivateKey = <key>
    Address = fd42:413d:a91f:dd37::1/64
    
    [Peer]
    PublicKey = <key>
    Endpoint = server.local:51820
    AllowedIPs = fd42:413d::/32, fd42:413d:a91f:dd37::/64
    
  3. Run a server on the client

    python -m http.server 8080 --bind fd42:413d:a91f:dd37::1 -d dist
    
  4. Access on the server

    curl -svL http://[fd42:413d:a91f:dd37::1]:8080/
    

I can't get step 4 to work. It's also entirely possible that my lack of knowledge in networking is making me think this is even possible in the first place. Any help is appreciated!

you are viewing a single comment's thread
view the rest of the comments
[-] grafcube@programming.dev 1 points 1 month ago

It doesn't have to be the same address, just one that I can be sure is associated with a specific peer.

Here's what I see with ip -6 route

2405:201:d03c:d849::/64 dev enp1s0 proto ra metric 100 pref medium
fd42::1 dev wg0 proto kernel metric 256 pref medium
fe80::/64 dev docker0 proto kernel metric 256 pref medium
fe80::/64 dev vethe60384e proto kernel metric 256 pref medium
fe80::/64 dev veth9415685 proto kernel metric 256 pref medium
fe80::/64 dev vetha288603 proto kernel metric 256 pref medium
fe80::/64 dev veth99b7aad proto kernel metric 256 pref medium
fe80::/64 dev vethabf9238 proto kernel metric 256 pref medium
fe80::/64 dev enp1s0 proto kernel metric 1024 pref medium
default via fe80::8ea3:99ff:fe5a:d796 dev enp1s0 proto ra metric 100 pref high

I'm a little confused where the NAT comes in.

I think I misunderstood how NAT works.

this post was submitted on 28 Oct 2024
3 points (80.0% liked)

networking

2776 readers
1 users here now

Community for discussing enterprise networks and the ensuing chaos that comes after inheriting or building one.

founded 2 years ago
MODERATORS