1
Virtual private networks / Wireguard, ipv6, dynamic delegated prefix and possible solution
« on: November 12, 2022, 09:52:12 pm »
If the delegated prefix changes then you have to change the static Wireguard addresses when you want ipv6 through the tunnel.
The approach from the OPNsense guide is to give an ULA address to peer and client, but then test at https://test-ipv6.com/ say that my browsers prefer an ipv4 connection.
Then I thought about giving random GUA addresses outside my delegated prefix to peer and client and make use of the outbound NAT.
This works well and the above test says 10/10 for ipv6.
Are there any gurus that say that this is bad practice and that there will be problems that I overlooked?
The approach from the OPNsense guide is to give an ULA address to peer and client, but then test at https://test-ipv6.com/ say that my browsers prefer an ipv4 connection.
Then I thought about giving random GUA addresses outside my delegated prefix to peer and client and make use of the outbound NAT.
This works well and the above test says 10/10 for ipv6.
Are there any gurus that say that this is bad practice and that there will be problems that I overlooked?