Assign ipv6 GUA to WireGuard clients?

Installing and Using OpenWrt Network and Wireless Configuration
1

I've set up WireGuard server on my OpenWrt router by following the https://openwrt.org/docs/guide-user/services/vpn/wireguard/extras#automated and by default it includes only ipv4 and ipv6 ULA:

  • ipv4: VPN_ADDR="192.168.9.1/24"
  • ipv6 ULA: VPN_ADDR6="fd00:9::1/64"

Then I've assigned one free 2a02:xxxx:xxxx:xx07::/64 prefix to the WireGuard interface and enabled GUA IPv6 in the peer configuration on server:

image
image1226×174 10.7 KB

image

Wireguard client configuration looks like this:

  • Address = 192.168.9.2/24, 2a02:xxxx:xxxx:xx07::2/128
  • DNS = 192.168.9.1, 2606:4700:4700::1111

So now, when the WireGuard client connects to Wireguard server, it receives both IPv4 and IPv6 GUA addresses, and even successfully passes the IPv6 support test: https://ipv6-test.com/. So, basically, I allowed Wireguard clients with ipv4-only addresses to have IPv6 support.

But in the guides I've seen there are only WireGuard configuration examples that use IPv6 ULA, and for some reason the guides do not include examples with IPv6 GUA.

Question:
Is it a good idea to assign IPv6 GUA to WireGuard clients in addition to IPv4?
Thank you.

2

Answer:
Same rationale as having IPv4 address or not.

3

When your prefix is dynamic you have to chance that, don't you?

4

Ok. So, the lack of IPv6 GUA examples in WireGuard guides is not due to any security restrictions or some specifics of ipv6 GUA in Wireguard VPN? Thank you.

I can control dynamic prefix delegation assignment by requesting a /64 prefix for each interface sepratelly with a 2-second delay during the router boot (one by one). This allows me to obtain the required ID of /64 prefix. While it’s not the best solution, it works as a workaround.

5

Probably screen space restrictions onlly.

6

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.