On 2019-06-07, Heinrich Rebehn <[email protected]> wrote: > Hi list, > > Doing tcpdump(8) on a wireguard tunnel yields: > > -------------------------------------------------------------------------------- > # tcpdump -n -i tun0 icmp6 > tcpdump: listening on tun0, link-type LOOP > 18:44:34.742106 2001:470:7653:5::11 > 2001:638:60f:110::1:2: icmp6: echo > request [flowlabel 0xb6f77] > 18:44:34.754246 bad-ip-version 6 > 18:44:35.802498 2001:470:7653:5::11 > 2001:638:60f:110::1:2: icmp6: echo > request [flowlabel 0xb6f77] > 18:44:35.814841 bad-ip-version 6 > 18:44:36.860380 2001:470:7653:5::11 > 2001:638:60f:110::1:2: icmp6: echo > request [flowlabel 0xb6f77] > 18:44:36.872536 bad-ip-version 6 > 18:44:37.917605 2001:470:7653:5::11 > 2001:638:60f:110::1:2: icmp6: echo > request [flowlabel 0xb6f77] > 18:44:37.929694 bad-ip-version 6 > > Huh? I thought that 6 is the current version? ;-)
But v4+NAT/CGNAT is the will of the people! > Also, the echo replies are not shown, although I know they exist. Is there a > known problem with tcpdump(8) on wireguard tunnels? The replies are clearly the packets ~120ms after the echo requests that are shown as 'bad-ip-version-6'. It might be something wrong with the parser in tcpdump, or it might be something wrong with wg. Can you put a pcap online somewhere? (tcpdump -itun0 -s2000 -w /tmp/wg.pcap)
