Tested with:
- VyOS 1.2.0-rolling+201906240337
- VyOS 1.2.1
I have two routers (BR1 and BR2) which are connected through a WireGuard tunnel, but I can not see any ip6 MULTICAST messages for OSPFv3 in tcpdump.
OSPFv2 on the other hand works fine on the interface.
Pinging the individual IPv6 addresses assigned to the WireGuard interfaces works like a charm (they also show up in the tcpdump). Also SSH via this link is fine.
BR1
[email protected]# show interfaces wireguard | strip-private wireguard wg01 { address xxx.xxx.151.213/30 address xxxx:xxxx:200:ff::105:1/112 ip { ospf { authentication { md5 { key-id 10 { md5-key foo } } } dead-interval 40 hello-interval 10 network broadcast priority 1 retransmit-interval 5 transmit-delay 5 } } mtu 1380 peer to-ffmI { allowed-ips xxx.xxx.0.0/0 allowed-ips ::/0 endpoint xxx.xxx.145.16:8000 pubkey jONYO99jYjBxXX3mNWKRDN8ETgIHxyTk+wODfco2d04= } port 8000 } [email protected]# show protocols ospfv3 | strip-private area xxx.xxx.0.0 { interface eth1 interface eth0.5 interface wg01 interface lo } parameters { router-id xxx.xxx.150.253 } redistribute { connected { route-map MAP-OSPF-CONNECTED } } [email protected]# show policy route-map MAP-OSPF-CONNECTED { rule 1 { action deny match { interface eth2 } } rule 10 { action permit match { interface lo } } }
BR2
[email protected]# show interfaces wireguard | strip-private wireguard wg01 { address xxx.xxx.151.214/30 address xxxx:xxxx:200:ff::105:2/112 ip { ospf { authentication { md5 { key-id 10 { md5-key foo } } } dead-interval 40 hello-interval 10 network broadcast priority 1 retransmit-interval 5 transmit-delay 5 } } mtu 1380 peer to-BR1 { allowed-ips xxx.xxx.0.0/0 allowed-ips ::/0 endpoint xxx.xxx.8.67:8000 pubkey jzKVNw6MPepw1FYmniY4O/5exYui2DWW3SVPkDokUxQ= } port 8000 } [email protected]# show protocols ospfv3 | strip-private area xxx.xxx.0.0 { interface wg01 interface lo } parameters { router-id xxx.xxx.150.250 } redistribute { connected { route-map MAP-OSPF-CONNECTED } } [email protected]# show policy route-map MAP-OSPF-CONNECTED { rule 1 { action deny match { interface eth0 } } rule 10 { action permit match { interface lo } } }