Collection of ideas for automatic wireguard interface configuration
- Interface gets a link local ip like so
fe80::hash(interfacepubkey)/64
- Each peer allowed ips get
fe80::hash(peerpubkey)/128
Because NDP runs over ICMPv6 we are able to just use standard protocols to push config
radvd
can push configuration to unicast addresses automatically if
client ip addresses are given to it.
Example config could look like this
# /etc/radvd.conf
interface wgnet0 {
AdvSendAdvert on;
IgnoreIfMissing on;
#UnicastOnly on;
prefix fd00::/64 {
AdvOnLink on;
AdvAutonomous on;
};
clients {
fe80::ca8d:3088:f1b:9b24;
};
};
TODO: need to figure out how to add radvd advertised ip addresses to allowed-ip list
ipv4 relies on ugly layer 2 hack to push config (dhcp) probably needs something custom
Came across this from reddit. Curious if you were able to get SLAAC to work over wg in the end? I know these gits are a couple years old.