summaryrefslogtreecommitdiff
path: root/data/templates/ipsec/remote-access.tmpl
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-09-13 00:15:29 +0200
committerChristian Poessinger <christian@poessinger.com>2020-09-13 00:21:32 +0200
commitd49845421dbd8d0f470b7122022543eb45d10b7a (patch)
treeb3cb47c4faf244fb7d6ea5d2599f3263a19d6814 /data/templates/ipsec/remote-access.tmpl
parent3077158391ceee4ce04c27dec33f629529727c36 (diff)
downloadvyos-1x-d49845421dbd8d0f470b7122022543eb45d10b7a.tar.gz
vyos-1x-d49845421dbd8d0f470b7122022543eb45d10b7a.zip
ifconfig: T2863: only use IPv6 link-local address if interface has MAC address
With VyOS 1.2 the default WireGuard behavior is used. This means that when a WireGuard interface is added to the system, there is no "MAC" address - also there is no IPv6 link-local address assigned by the Kernel to this particular interface. With implementation of T2653 all interfaces now receive an IPv6 address - which is also valid for WireGuard interfaces - unfortunately this logic relies on the interface MAC address - and as there is none, the link-local address will be always the same. The logic behind is coded here [1]. We generate an IPv6 link-local address even when there is no "MAC" address. The behavior/functionality (as with VyOS 1.2) must be restored to not have a link-local IPv6 address at all. Any user can add any IPv6 link-local address manually by issuing: set interfaces wireguard wg01 address fe80::ff:1/64. Change vyos.ifconfig.add_ipv6_eui64_address to only add the EUI64-based link-local address if a MAC address is available. [1] https://github.com/vyos/vyos-1x/blob/3077158391ceee4ce04c27dec33f629529727c36/python/vyos/ifconfig/interface.py#L468
Diffstat (limited to 'data/templates/ipsec/remote-access.tmpl')
0 files changed, 0 insertions, 0 deletions