OPNsense Forum
English Forums => Virtual private networks => Topic started by: brynjolm on February 17, 2024, 06:02:58 pm
-
Hello and good day to all!
I wanted to know from more experienced people here, if a provider has given me a routed /48 subnet through the wan address, is it as simple as adding it as an Virtual ip on wan, and then i can use the whole subnet? or do i need to have a separate interface so that i can use dhcpv6 on it? one of the reasons is that i want to do a site to site vpn using wireguard and route a /56 to the other location. but i am not well versed in this topic. And this problem has me stumped for weeks now. I have the tunnel up and running with no issues. The issues comes into play when i want to use another /56 on the local site. I am using GUA's for the addressing on the wireguard tunnel ipv6 only.
-
I managed to get the tunnel up and running im just stumped on how i would route the rest of the /56 back to home. Anyone have the time to point me in the right direction?
-
Just add the /56 to the allowed IPs of the peer it should get routed to.
Cheers
Maurice
-
Thank you for replying. May i ask a few more things then? in allowed ips do i put both ::/0 and the /56? on the client side. and on the server side do i put the whole /48? Also i followed the docs on the site to site wireguard and the selective routing. i found this snippet at the bottom of the page
When adding the IPv6 address to Tunnel Address in the WireGuard Instance configuration, specify a /127 mask, rather than a /128
Then, when creating an IPv6 Gateway for the tunnel, specify the IP address to be another IPv6 address that is within the /127 subnet of the Tunnel Address
i setup the client and server side with a /64, it still works but i want to know if i should ideally add a /127 then as the tunnel address?
-
You only have to add ::/0 on the client side. This sets the default IPv6 route via the tunnel (if this is what you want to do).
On the server side, add the /56 which you want to route to the client.
It doesn't matter whether you use a /64 or /127 for the tunnel addresses. The first /64 of the routed /56 might be a good choice (2001:db8:abcd:ef00::/64).