- Whoa...where's your public IPv6 address?
- Did you assign one to the mobile/remote device?
- And did you assign your DNS server IP on your mobile/remote device?
- Why is this test being done on the router?
I thought your IP was ::2, not ::1.
I thought your IP was ::2, not ::1.
fd42:42:42::1 - my DNS resolver. It stands at the top of tunnel.
And yes, fd42:42:42::2 - works... but not for clients
???
That confused me, I mistook this peer for a phone, not the VPN server. So ensure you're running some DNS resolver listening at ::1 and its firewall's open for requests.
It should, it's your router.
I can query it through the tunnel (at mobile client) but not from client of OpenWRT.
But if I advertise it as DNS resolver via dhcpv6 in lan for clients it won't work.
/etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option noresolv '1'
option allservers '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option cachesize '10000'
option dnsforwardmax '300'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
option nonwildcard '0'
option nonegcache '1'
option port '53'
list server '10.0.0.1#53'
list server '/pool.ntp.org/84.200.69.80'
list server 'fd42:42:42::1#53'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
list dhcp_option '6,192.168.1.1'
list dhcp_option 'option:dns-server,192.168.1.1'
option ra_management '1'
option ra_default '1'
list dns 'fd42:42:42::2'
What to change?
Not helped
Not sure
I made just like ipv4
No, you didn't make a route to the subnet, just to the single /128 IP. Make this route /48.
Also, target ::0 is likely wrong, that is a network number, not an IP.
ipv6 connectivity broken with /48
Really odd cause when I return it back I become querying through ipv6 but lost ipv6 route at mobile client.
Traceroute works on router, PC-client:
traceroute to openwrt.org (2a03:b0c0:3:d0::1af1:1), 30 hops max, 64 byte packets
1 fd42:42:42::1 21.214 ms
2 *
3 2a01:4f9:0:c001::1554 42.580 ms
4 *
5 2a01:4f9:0:c001::a039 41.764 ms
6 2a01:4f9:0:c001::a001 38.498 ms
7 2a01:4f8:0:3::2b9 42.066 ms
8 *
9 *
10 2a03:b0c0:3:d0::1af1:1 71.718 ms
But not on mobile client:
And DNS is working perfectly:
Wait, you have NAT6 installed somewheres?
In the tunnel
So I guess that means at ::1.
What happens if you use the public IPv6 address of the DNS server at ::1 then?
Haven't try yet..
Now I need ipv6 access back on mobile. Can't fix it
When I trace it it looks like timeout on second hop
P.S. Yes, this is the magic "option ra_default '1'"
It depends on connectivity which is based on your prefix scope.
Using IPv6 by default requires a public prefix.
Владислав, это не совсем тот ответ, который я хотел получить, да и проблему с доступом к DNS по ipv6 я решил, я потерял ipv6-связность для мобильного устройства. Вот, что не дает мне покоя.
The real question is how return ipv6 route to mobile client of router
Because at home it works without VPN)
Of course it does...but I still don't think you answered my question...
If you want assistance with Wireguard on the mobile, please show its config.
If the mobile is not a WG device, perhaps make a another thread.
Nope, thanks. With wireguard mobile client all works well )