Unable to get IPv6 Traffic via WireGuard

Started by johnshill, Today at 03:41:56 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 03:41:56 AM Last Edit: Today at 03:45:36 AM by johnshill
I have dual stack working correctly (I think) on my home network using DHCPv6 on WAN and "Identity association" on each of my three subnets with Router Advertisements set to "Assisted" mode. My ISP is Hyperoptic and I have /56 on the WAN for prefix delegation size and each of the subnets is using /64.

whatismyipaddress.com detects both IPv6 and IPv4 and test-ipv6.run passes with 10/10 on all my clients, however, any client connected via WireGuard fails.

I configured all the IPv6 settings per the WireGuard Road Warrior Setup guide to no avail, including:
-ULA for the tunnel address, fddd::1/64, and tried both fddd::2/64 and fddd::2/128 for the peer/client in every combination.
-Assigned an interface to WireGuard.
-Created an outbound NAT rule for IPv6 with Translation / target set to "Interface address"
-Created an inbound firewall rule on WAN for IPv4+IPv6
-Created a firewall rule on WireGuard letting it access all subnets and the internet.
-Created normalization rules with Max mss 1360

My config is as follows:

Code Select
[Interface]
PrivateKey = <redacted>
Address = 10.10.50.2/32,fddd::2/128
DNS = 10.10.50.1, fddd::1 <this is probably wrong>

[Peer]
PublicKey = <redacted>
Endpoint = ddns.myowndomain.com:51820
AllowedIPs = 0.0.0.0/0,::/0

I simply cannot get "What Is My IP Address" to detect an IPv6 when connected from my phone to my home network via VPN and would kindly appreciate some help.
Today at 07:54:09 AM #1
Your end systems won't use an ULA if IPv4 is also available. The "happy eyeballs" algorithm prioritizes:

- IPv6 GUA if present
- IPv4 if present
- IPv6 ULA if present

So dual stack hosts never use ULA if the destination is reachable via IPv4, too.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 03:33:03 PM #2
Thank you, I gave it another try by manually carving out another /64 from my /56 and assigning it to the WG interface.

My subnets in Overview > Interfaces followed this pattern: xxxx:xxxx:xxxx:xx00:yyyy:yyyy:yyyy:yyyb/64, xxxx:xxxx:xxxx:xx01:yyyy:yyyy:yyyy:yyyc/64, xxxx:xxxx:xxxx:xx02:yyyy:yyyy:yyyy:yyyd/64,

Thus, I codified xxxx:xxxx:xxxx:xx03:10:10:50:1/64 on the interface, and my config looks as follows:
Code Select
[Interface]
PrivateKey = <redacted>
Address = 10.10.50.2/32,xxxx:xxxx:xxxx:xx03::1/128
DNS = 10.10.50.1,xxxx:xxxx:xxxx:xx03:10:10:50:1

[Peer]
PublicKey = <redacted>
Endpoint = ddns.mydomain.com:51820
AllowedIPs = 0.0.0.0/0,::/0

Internet is fine, but still no IPv6 sadly...
Print
Go Up Pages1
User actions