Print Page - How to route both IPv6 and IPv4 via CloudFlare WARP

Title: How to route both IPv6 and IPv4 via CloudFlare WARP
Post by: 9axqe on April 26, 2023, 04:32:05 PM

I have the setup working on IPv4 using these steps:
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

Now I would like to see if I can configure it with IPv6.

The local peer for Wireguard needs to have the (arbitrary) IP of the gateway configured, hence I assume a local peer can only be used for IPv4 OR IPv6, it cannot be used for both.

Is my understanding correct?

If this is correct, should I expect any issues when configuring the same wireguard local peer twice (same private key)? Can I re-use the same wireguard endpoint on the second wireguard local peer and simply add "::/0" in the allowed IPs of the wireguard endpoint, additionally to the already present "0.0.0.0/0"?

If anyone has attempted this already, I would be interested.

Title: Re: How to route both IPv6 and IPv4 via CloudFlare WARP
Post by: 9axqe on April 26, 2023, 04:57:22 PM

I found two issues in adapting the steps to IPv4 so far, specifically when configuring the gateway. When selecting IPv6 for the gateway:

"far gateway" option is not available
When configuring the IPv6 address, I get an error that " The gateway address "xxx:xxx:..." does not lie within one of the chosen interface's IPv6 subnets."

Title: Re: How to route both IPv6 and IPv4 via CloudFlare WARP
Post by: 9axqe on May 01, 2023, 10:51:42 AM

I discovered that the same page has the config for IPv6 ( ::)), but there's still one issue.

https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html#configuring-ipv6

Config says to configure the interface with

"IPv6 Configuration Type = None"

but when I configure the gateway following these instructions:

"when creating an IPv6 Gateway for the tunnel, specify the IP address to be another IPv6 address that is within the /127 subnet of the Tunnel Address"

I get the error:

"Cannot add IPv6 Gateway Address because no IPv6 address could be found on the interface."

Hence I assume one of the instructions is incorrect? Maybe the IPv6 on the interface shouldn't be "None"?

Title: Re: How to route both IPv6 and IPv4 via CloudFlare WARP
Post by: 9axqe on May 12, 2023, 08:15:06 AM

Issue not reproducible anymore, also the IPv6 on my Wireguard interface was wrong, that explains a lot of problems I had.

Title: Re: How to route both IPv6 and IPv4 via CloudFlare WARP
Post by: Cadish on May 23, 2023, 02:36:39 AM

I've been trying this for a long time now. Can you explain how you've set it up in detail? Would really appreciate it!!

Title: Re: How to route both IPv6 and IPv4 via CloudFlare WARP
Post by: 9axqe on May 23, 2023, 02:18:06 PM

Is IPv4 working? Did you successfully run wgcf? Config file at the end should look something like this:

Code Select


[Interface]
PrivateKey = xxxxxxxxxx=
Address = 172.16.0.2/32
Address = 2606:123:123:123:abc:abc:abc:123/128
DNS = 1.1.1.1
MTU = 1280
[Peer]
PublicKey = xxxxxxxxxx==
AllowedIPs = 0.0.0.0/0
AllowedIPs = ::/0
Endpoint = engage.cloudflareclient.com:2408

then follow the steps here for IPv6:

https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html#configuring-ipv6

this worked for me.

If it's not working for you, was error message do you see?

OPNsense Forum

Archive => 23.1 Legacy Series => Topic started by: 9axqe on April 26, 2023, 04:32:05 PM