How to get IPv6 from Wireguard to OPNsense?

Started by novel, November 22, 2024, 06:26:28 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
November 22, 2024, 06:26:28 PM Last Edit: November 22, 2024, 08:44:18 PM by novel
Hi,


My ISP gives me ONLY IPv4. I paid a VPS then I installed Wireguard VPN on the VPS, then IPv4 and comes to OPNsense's WAN.  OPNsense run as Wireguard client. This setup works fine.

The problem is that I cannot get from VPS IPv6 IP to OPNsense's WAN. Wireguard server on the VPS works fine with IPv6, I tested on my linux laptop. I made a wireguard client on my linux laptop then I connected directly to VPS with IPv4 and IPv6.


So I would like to get directly from VPS to OPNsense's Wan then traffic goes to LAN . I read a lot of examples here but I didn't solve it.

VPS gives a IPv6 with /64 subnet but I can get one more with /64 subnet.
November 23, 2024, 04:53:41 PM #1

I was wonder nobdy here know something for my question? I will try to make simpler. My setup is ISP --> Wireguard server on VPS --> Wireguard client on OPNsense wg0 --> WAN --> LAN


In the past I had IPv6 from ISP but IPV6 cannot pass from OPNsense. The problem is OPNsense.


Actually I would like to setup IPv6 on OPNsense?
November 23, 2024, 09:36:35 PM #2
maybe this guides can help you getting started:
https://homenetworkguy.com/how-to/set-up-a-fully-functioning-home-network-using-opnsense/
or ipv6 only: https://homenetworkguy.com/how-to/configure-ipv6-opnsense-with-isp-such-as-comcast-xfinity/

his tutorials have helpt me also in the beginning to get things started.
November 24, 2024, 11:16:12 PM #3
Quote from: RamSense on November 23, 2024, 09:36:35 PM
maybe this guides can help you getting started:
https://homenetworkguy.com/how-to/set-up-a-fully-functioning-home-network-using-opnsense/
or ipv6 only: https://homenetworkguy.com/how-to/configure-ipv6-opnsense-with-isp-such-as-comcast-xfinity/

his tutorials have helpt me also in the beginning to get things started.


I read all of them with no luck.
November 25, 2024, 07:23:04 AM #4
You cannot delegate a /64 to your LAN, though what you need is NAT for IPv6 using ULAs in LAN (and other interfaces if needed).

Please provide screenshots of you intefaces overview first.

Then you need to enable manual configuration for LAN interface, go to services/router advertisements and select assisted mode for LAN.
Next go to interfaces/virtual IPs and add ULA address for LAN interface, e.g. fd00:10:10:10::1/64.
Then go to firewall/NAT/outbound and select hybrid mode. Add a manual rule with interface = WG network, IP version = v6, source address = fd00:10:10::/64

Make sure your LAN clients gets v6 addresses via SLAAC, e.g. fd00:10:10:10:1234:abcd:a1b2:e3f6

I guess this should work, I only do so for my VPN client networks to give them v6 connectivity without delegeting GUAs (since this is not really static in my case).
i am not an expert... just trying to help...
November 26, 2024, 08:30:37 PM #5 Last Edit: November 26, 2024, 08:36:53 PM by novel
Quote from: tiermutter on November 25, 2024, 07:23:04 AM
You cannot delegate a /64 to your LAN, though what you need is NAT for IPv6 using ULAs in LAN (and other interfaces if needed).

Please provide screenshots of you intefaces overview first.

Then you need to enable manual configuration for LAN interface, go to services/router advertisements and select assisted mode for LAN.
Next go to interfaces/virtual IPs and add ULA address for LAN interface, e.g. fd00:10:10:10::1/64.
Then go to firewall/NAT/outbound and select hybrid mode. Add a manual rule with interface = WG network, IP version = v6, source address = fd00:10:10::/64

Make sure your LAN clients gets v6 addresses via SLAAC, e.g. fd00:10:10:10:1234:abcd:a1b2:e3f6

I guess this should work, I only do so for my VPN client networks to give them v6 connectivity without delegeting GUAs (since this is not really static in my case).

there isn't  services/router advertisements

my devices connects to user interface not Lan.
November 26, 2024, 08:36:54 PM #6
 
Quote from: tiermutter on November 25, 2024, 07:23:04 AM
you need to enable manual configuration for LAN interface,
i am not an expert... just trying to help...
November 26, 2024, 08:37:50 PM #7
The do it all for "User" interface ;)
i am not an expert... just trying to help...
November 26, 2024, 08:43:03 PM #8
Quote from: tiermutter on November 26, 2024, 08:37:50 PM
The do it all for "User" interface ;)


I said there isn't manual configuration in services
November 26, 2024, 08:44:47 PM #9
It is in Interface config, not services...
i am not an expert... just trying to help...
November 26, 2024, 08:46:57 PM #10 Last Edit: November 26, 2024, 09:14:28 PM by novel
Quote from: tiermutter on November 26, 2024, 08:44:47 PM
It is in Interface config, not services...




I found it Now?
Router Advertisements  assisted?

not pinging

All devices gets ipv6 but actually not work
November 29, 2024, 01:05:37 PM #11
Can anyone help??
November 29, 2024, 03:44:55 PM #12
Quote from: tiermutter on November 25, 2024, 07:23:04 AM
Then go to firewall/NAT/outbound and select hybrid mode. Add a manual rule with interface = WG network, IP version = v6, source address = fd00:10:10::/64

Done?
i am not an expert... just trying to help...
November 30, 2024, 10:59:15 AM #13
Quote from: tiermutter on November 29, 2024, 03:44:55 PM
Quote from: tiermutter on November 25, 2024, 07:23:04 AM
Then go to firewall/NAT/outbound and select hybrid mode. Add a manual rule with interface = WG network, IP version = v6, source address = fd00:10:10::/64

Done?

Yes! I have been attached pictures. Vpn interfaces is wg0
December 05, 2024, 06:54:31 PM #14 Last Edit: December 07, 2024, 10:25:44 AM by novel
Is anybody here to help me?


I've attached routes from my opnsense
Print
Go Up Pages1 2
User actions