"
Hi, i'm having issues configuring ipv6 over an existing wireguard tunnel (I have working IPv4 setup).
Recently i've got some IPv6 range from my ISP, so some of my Selective WG redirection rule stopped working due to untunneled IPv6. I went through https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html#configuring-ipv6. IPv6 redirects to VPN still doesn't work, unfortunately.
I can ping VPN endpoint and other VPN clients from Opnsense box and Gateway monitoring shows OK, verified with Firewall Rule logging that connection redirection happens, but connections still can't be established as well as pings/traceroute...
Few words about setup:
VPS:
I'm having pretty small but looks like enough for just a few hosts IPv6 range with public ip's for VPS from digital ocean (2a03::2000/124). I'm mostly fine with that since i don't need SLAAC for this setup. 2a03::2001 assigned to VPS interface, 2a03::2002 for WG instance in VPS and peer configured with IPv4 and IPv6 2a03::2003 for simplicity.
VPS having fqdn so it's accessible thorugh both IPv4 and IPv6.
OPNSENSE:
Within opnsense side i've added 2a03::2003/124 to existing WG Instance and also added ::/0 to Allowed IPs section.
Added Gateway pointing to 2a03::2002 and enabled Far Gateway (it's pingable and shows ping almost the same as my IPv4 configuration)
Added ISP's given IPv6 range to alias with Selective VPN users (basically just /64 network copied from interface it's assigned to)
Created additional IPv6 rule for redirecting traffic to VPN endpoint (Cloned from IPv4 one but for IPv6 and proper gateway)
Cloned Floating rule and adjusted to IPv6
Left WG instance gateway section untouched.
So everything looks like documentation says.
In the logs, i'm getting
Does someone have any ideas?
Ask in case of insufficient information/questions, thanks in advance!
That is alse possible that i'm dumd :D
Recently i've got some IPv6 range from my ISP, so some of my Selective WG redirection rule stopped working due to untunneled IPv6. I went through https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html#configuring-ipv6. IPv6 redirects to VPN still doesn't work, unfortunately.
I can ping VPN endpoint and other VPN clients from Opnsense box and Gateway monitoring shows OK, verified with Firewall Rule logging that connection redirection happens, but connections still can't be established as well as pings/traceroute...
Few words about setup:
VPS:
I'm having pretty small but looks like enough for just a few hosts IPv6 range with public ip's for VPS from digital ocean (2a03::2000/124). I'm mostly fine with that since i don't need SLAAC for this setup. 2a03::2001 assigned to VPS interface, 2a03::2002 for WG instance in VPS and peer configured with IPv4 and IPv6 2a03::2003 for simplicity.
VPS having fqdn so it's accessible thorugh both IPv4 and IPv6.
OPNSENSE:
Within opnsense side i've added 2a03::2003/124 to existing WG Instance and also added ::/0 to Allowed IPs section.
Added Gateway pointing to 2a03::2002 and enabled Far Gateway (it's pingable and shows ping almost the same as my IPv4 configuration)
Added ISP's given IPv6 range to alias with Selective VPN users (basically just /64 network copied from interface it's assigned to)
Created additional IPv6 rule for redirecting traffic to VPN endpoint (Cloned from IPv4 one but for IPv6 and proper gateway)
Cloned Floating rule and adjusted to IPv6
Left WG instance gateway section untouched.
So everything looks like documentation says.
In the logs, i'm getting
Code Select
2025-01-08T21:46:40 Notice wireguard wireguard instance GENERIC (wg0) started
2025-01-08T21:46:40 Notice wireguard /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: Chose to bind WAN_DO_GB_VPN_GW on 10.229.3.7 since we could not find a proper match.
2025-01-08T21:46:40 Warning wireguard /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: The required WAN_DO_GB_VPN_GW6 IPv6 interface address could not be found, skipping.
2025-01-08T21:46:40 Notice wireguard /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: plugins_configure monitor (execute task : dpinger_configure_do(,[WAN_DO_GB_VPN_GW6,WAN_DO_GB_VPN_GW]))
2025-01-08T21:46:40 Notice wireguard /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: plugins_configure monitor (,[WAN_DO_GB_VPN_GW6,WAN_DO_GB_VPN_GW])
2025-01-08T21:46:40 Notice wireguard /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: ROUTING: entering configure using opt4
2025-01-08T21:46:39 Notice wireguard wireguard instance GENERIC (wg0) can not reconfigure without stopping it first.
2025-01-08T21:44:32 Notice wireguard wireguard instance GENERIC (wg0) started
Does someone have any ideas?
Ask in case of insufficient information/questions, thanks in advance!
That is alse possible that i'm dumd :D
