I’m having some concerns about my attempt at establishing a ?working? 6in4 tunnel. Frankly, I’m finding myself IOMH.
first attempt to establishing the tunnel leads me to CGNAT fail establishing a tunnel on my ISP assigned 100.x.x.x WAN net block - what else can I try?
well, let’s try on WG upstream -
and sure enough up comes the tunnel, I add the /48 and ip6 assigns, and everything SEEMS normal/working. Clients get ip6 apparently from the /48, and for all attempts and purposes everybody is good ip4/ip6.
OK, does it work on the VPN? Seems to? All clients with ip6/ip4, basic diags pass, and again, all seems normal.
Netflow sensors are also seeing the ip6 traffic
I tend to be dangerous at times to myself. To wit,”am I missing something?”, any pitfalls? Don’t do?
6in4 requires protocol 41 being accessible from the outside (over IPv4), that is not possible behind any form of NAT. I guess that might also catch you with your VPN workaround, as you need to forward protocol 41 traffic that way as well.
Got a bone for an old dog? As I said, I’m in over my head. I think you know they fail ip6 tests, but what gives?
I didn’t think this would work straight up due to cgnat, but HE tells me it’s OK using WG/VPN endpoint via the cert (Explorer) test. So I started playing. I can ping6 to local clients/internet, VPN-PBR reflects the ip6 service gateways . . . Just trying to get a leg up on this.
The browser default is detected as IPv4, but it's supposed to be IPv6.
This can be a sign of using ULA+NAT6 instead of the proper GUA prefix.
Or it's just a temporary issue and restarting the browser should solve it.