Wireguard for all ipv4 and ipv6 traffic

Started by chris42, April 02, 2024, 05:59:06 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 02, 2024, 05:59:06 PM
I am trying to get a simple setup running: Route all traffic through wireguard for a roadwarrior, ipv4 and ipv6.

I got ipv4 working with no issues whatsoever, however ipv6 seems to be more tricky.
The original guide is not very specific with examples and I feel it is missing routes?
https://docs.opnsense.org/manual/how-tos/wireguard-client.html

I also checked this setup, but it seems more to be about reaching local servers.
https://forum.opnsense.org/index.php?topic=36082.0

What I am looking for, is to connect to wireguard and then have all traffic routed through the tunnel. So far I only get so far, that the client is getting ipv4 and ipv6 out of the VPN network. I am not sure, if this is actually needed for the ipv6 part? I would think, that my prefix would extend ipv6s into the tunnel for the calling client and that one would need to route all traffic into the tunnel?
Added complexity: I have a dynamic prefix on the ipv6 of the server.

Anyone knows where to look, to figure out what is wrong or how to set it up?
April 02, 2024, 06:27:27 PM #1
Hi Chris,

Might not be much of a help but I use Tailscale for my offsite needs to access locally without any complex set up but aprpeciate this might not be quick enough for your needs.

I wont be able to offer any further knowledge to your question here, however I note you have stated you have wireguard fully functional on IPv4, Do you mean for a connection to a VPN provider such as Surfshark?

I am trying to do this with my IPV4 connection but have not been able to get it working. All my informaiton is in this post

https://forum.opnsense.org/index.php?topic=39783.0

Would you be able to take a look at my config here please and tell me how your functional config differs please?

https://youtu.be/wubDkH3-CPc

I dont mean to Hijack your post here so if you did get a chance to look would you be able to post it back in response to to my post?
April 09, 2024, 12:26:24 AM #2
So it seems, that I got this working:
As per guide I created the VPN Interface. Either "Block bogon networks" is activated by default or I activated it. That however blocked all traffic from the tunnel. Interestingly only for ipv6, not ipv4.

I am not sure, if this is supposed to be. Shouldn't Opnsense be aware of the Wireguard networks and not treat them as Bogon?
Print
Go Up Pages1
User actions