Wireguard connectivity with prefix delegation

[jeekee]

Hi all,

Trying to understand the possibilities to get wireguard road-warrior setup working on my setup which only gets an ipv6-pd and a LL on WAN. If I specify a VIP on the WG interface everything works as expected (reachable from the internet). However, if (probably not often but beter safe than sorry) the prefix changes the VIP isn't correct anymore. Is there any other way to point a GUA to the wireguard interface which changes when the prefix changes? As the wireguard interface itself can't be appointed an IP type (so it can't follow the WAN interface for a prefix) I am kinda lost wat would work. ULA isn't really the way to go as it can't be accessed from the Internet. NAT66\nptv6 popped up but also here I can't really get a grasp on how to make this work. So kinda lost here.

Any help greatly appreciated!

Kind regards, Jay

[Bob.Dig]

If I specify a VIP on the WG interface everything works as expected (reachable from the internet)

Why do you want your WG-Interface to be reachable from the internet. Usually one connects to the WAN-Interface to make the tunnel.

[dseven]

Further to above; you can use the "Optional Prefix ID" under "DHCPv6 client configuration" for your WAN interface to assign it a /64 subnet from your delegated prefix. You can also specify the "Optional interface ID" to set an easy to remember host address. I use 0 and 1 respectively, so my internet-reachable address is xxxx:xxxx:xxxx:xx00::1

[jeekee]

Hahaha, completely misread what configuring the wan would do. Thought it would delegate everything I would set there through to my lan part. My bad, thanks so much! Another thing learnt today.

And yes, I wanted to acces my WAN and not my LAN but couldn't figure it out as my way of thinking was completely wrong:)

Thanks!