- Whoa...where's your public IPv6 address?
- Did you assign one to the mobile/remote device?
- And did you assign your DNS server IP on your mobile/remote device?
- Why is this test being done on the router?
I thought your IP was ::2, not ::1.
fd42:42:42::1 - my DNS resolver. It stands at the top of tunnel.
And yes, fd42:42:42::2 - works... but not for clients
???
That confused me, I mistook this peer for a phone, not the VPN server. So ensure you're running some DNS resolver listening at ::1 and its firewall's open for requests.
It should, it's your router.
I can query it through the tunnel (at mobile client) but not from client of OpenWRT.
But if I advertise it as DNS resolver via dhcpv6 in lan for clients it won't work.
/etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option noresolv '1'
option allservers '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option cachesize '10000'
option dnsforwardmax '300'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
option nonwildcard '0'
option nonegcache '1'
option port '53'
list server '10.0.0.1#53'
list server '/pool.ntp.org/84.200.69.80'
list server 'fd42:42:42::1#53'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
list dhcp_option '6,192.168.1.1'
list dhcp_option 'option:dns-server,192.168.1.1'
option ra_management '1'
option ra_default '1'
list dns 'fd42:42:42::2'
What to change?
- On LAN, Link Local DNS would be announced anyway
- You must use ULA IPv6 addressing across links - not link local (I notice a prefix is not configured globally)
- Not sure why DNS is listed in so many places, are you sure it's not nested queries and no DNS listed?
- Are there routes for these ULAs?
Not helped
Not sure
I made just like ipv4
No, you didn't make a route to the subnet, just to the single /128 IP. Make this route /48.
Also, target ::0 is likely wrong, that is a network number, not an IP.
ipv6 connectivity broken with /48
- Hummm...odd...where is this mobile device you're referencing?
- Maybe you should just create a second ULA just for the WG interfaces/IPs
Really odd cause when I return it back I become querying through ipv6 but lost ipv6 route at mobile client.
Traceroute works on router, PC-client:
traceroute to openwrt.org (2a03:b0c0:3:d0::1af1:1), 30 hops max, 64 byte packets
1 fd42:42:42::1 21.214 ms
2 *
3 2a01:4f9:0:c001::1554 42.580 ms
4 *
5 2a01:4f9:0:c001::a039 41.764 ms
6 2a01:4f9:0:c001::a001 38.498 ms
7 2a01:4f8:0:3::2b9 42.066 ms
8 *
9 *
10 2a03:b0c0:3:d0::1af1:1 71.718 ms
But not on mobile client:
And DNS is working perfectly:
Wait, you have NAT6 installed somewheres?
In the tunnel
So I guess that means at ::1.
What happens if you use the public IPv6 address of the DNS server at ::1 then?
1 Like
Haven't try yet..
Now I need ipv6 access back on mobile. Can't fix it 
When I trace it it looks like timeout on second hop
P.S. Yes, this is the magic "option ra_default '1'"
It depends on connectivity which is based on your prefix scope.
Using IPv6 by default requires a public prefix.
Владислав, это не совсем тот ответ, который я хотел получить, да и проблему с доступом к DNS по ipv6 я решил, я потерял ipv6-связность для мобильного устройства. Вот, что не дает мне покоя.
The real question is how return ipv6 route to mobile client of router 
- Can you do a screenshot of the Wireguard settings on the mobile?
- I don't recall if you ever showed the mobile's peer/router config
Because at home it works without VPN)
Of course it does...but I still don't think you answered my question...
If you want assistance with Wireguard on the mobile, please show its config.
If the mobile is not a WG device, perhaps make a another thread.
1 Like
Nope, thanks. With wireguard mobile client all works well )
1 Like