You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I use ip6tables MARK and iproute2 rule to forward certain traffic to a WireGuard VPN interface.
When software flow offloading is on, IPv6 traffic over VPN no longer works, but IPv4 works fine.
A tcpdump check shows that offloaded IPv6 packets are routed by the main routing table instead of the one specified in ip -6 rule.
Both 5.4 and 5.10 kernel version have this issue.
The text was updated successfully, but these errors were encountered:
Is it possible that pbr isn't even seeing the packets at all?
I'm experiencing IPv6 leaks even when using ::0/0 as an AllowedIP in my wireguard tunnel w/ software offloading enabled. I have to assume this is related.
As a workaround, disable software offloading on luci firewall, and add the following to custom firewall rules:
iptables -A forwarding_rule -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD
ip6tables -A forwarding_rule -m mark --mark 0 -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD
LGA1150:
I use ip6tables MARK and iproute2 rule to forward certain traffic to a WireGuard VPN interface.
When software flow offloading is on, IPv6 traffic over VPN no longer works, but IPv4 works fine.
A tcpdump check shows that offloaded IPv6 packets are routed by the main routing table instead of the one specified in ip -6 rule.
Both 5.4 and 5.10 kernel version have this issue.
The text was updated successfully, but these errors were encountered: