On Thu, Aug 26, 2021 at 12:20:58AM +0100, Stuart Henderson wrote: > On 2021/08/25 19:58, Crystal Kolipe wrote: > > On Wed, Aug 25, 2021 at 06:02:11PM +0100, Stuart Henderson wrote: > > > If I manually configure a link-local the interface is successfully > > > added. > > > > > > Anyone have an idea what the behaviour should be here? For passive > > > would it make sense to accept an interface without link-local? > > > > Is there a specific use case for leaving the interface configured without > > IPv6 link-local? > > > > We use IPv6 extensively, (and are aware of various issues with the OpenBSD > > IPv6 implementation), but I'm not aware of any advantage or problem that is > > resolved by deliberately removing or not configuring link-local. If we > > support this particular case of wg on such an interface, and by extension > > encourage the general practice, then users with little experience of IPv6 > > are likely to start shooting themselves in the foot by disabling it on a > > whim. > > > > If there is a problem somewhere that is resolved by removing IPv6 > > link-local, I'm curious to know what it is. > > > > It's not a question of "removing IPv6 link-local", with wg it is not > there at all unless you go out your way and explicitly configure a > link-local address.
Then surely the correct solution is to ensure that wg interfaces with any IPv6 address configured also present a link-local, rather than trying to accomodate the the non-standard configuration of an interface which doesn't? That is why I asked if there was a use case which I wasn't aware of. This would also make the behaviour of wg more consistent with other methods of implementing a VPN. For example, we tend to use ipsec exclusively over IPv6 binding it to various vether interfaces at the endpoints, and those vether interfaces gain usable IPv6 link local addresses automatically as expected. Even if ospf6d is changed to accept an interface without link-local, wouldn't it still be desirable for wg interfaces to configure a locally scoped address just as vether does?
