Help Needed: Setting Up WireGuard with Dynamic IPv6 Only

Hello everyone,

I'm a beginner with WireGuard and I really need your help. I have an internet connection here in Brazil where my ISP provides both IPv4 and IPv6, but my IPv4 is behind a CGNAT. I understand that there are ways to set up WireGuard using only IPv6, but my IPv6 address is dynamic and changes every time I restart my router.

I would like to know what steps I need to take, which opkg packages I should use, and if there are any tutorials available online that explain how to configure WireGuard with IPv6 only. I've read online that it's possible to configure WireGuard to work only with IPv6, while still providing IPv4 connectivity.

I am a beginner in this area, but I'm eager to learn how to make this configuration work. Any help would be greatly appreciated!

Thank you in advance!


Você pode usar esse texto no fórum do OpenWrt.

The setup is no different whether you're using IPv4 or IPv6. The OpenWRT wiki has plenty of information about how to set up wireguard.

Once a tunnel is established you can send IPv4 and/or IPv6 traffic within it regardless of what IP protocol is being used by the tunnel.

If you have a dynamic address then you'll likely need some sort of dynamic DNS service set up to keep track of the changes.

2 Likes

Could you help me, I don't even know where to start, that's why I said I'm a beginner, I'm from Brazil.

  1. Do you have an IPv6-capable DDNS service provider?
  2. Have you installed wireguard-tools and luci-proto-wireguard?
2 Likes

OpenWRT wiki <-- there. Read the various guides on there first, then we can start filling in the gaps where things aren't clear or you're not sure.

1 Like

This is true. It is possible to send either v4 or v6 packets or both inside a Wireguard tunnel where the "outside" encrypted packets are being transported over v6.

As noted the next step is to register your IPv6 IP with a DDNS service so that the clients can find your server by name even if the IP changes. Then open the port in the router's firewall with family ipv6. By default, Wireguard accepts both v4 and v6 incoming "outside" packets without needing a specific configuration.

Once you have the tunnel open (as noted by successful handshake status), then you can configure the inside IPs. Configuration of v4 access is exactly the same as if the outer packets were also v4, as most guides assume. You can configure the tunnel as an additional LAN in v6 if you have prefix space from your ISP.

Guys, if I'm here posting about how to configure a Wireguard only in IPv6 so that I can have IPv4 because my IPv4 is in a cgnat, it's because I've already looked in the OpenWrt wiki and couldn't, and the forum is to help people in a way that those who obtained the knowledge can help others, don't simply tell me, "search the OpenWrt Wiki", sometimes I see people who help and ask for the configurations, pass links that can help others, if you don't want to help don't get in the way. Another thing, I live here in Brazil and I seek knowledge about OpenWrt, sometimes translated forums don't help because the culture and way of speaking are totally different. I'm sorry for the outburst, but it happens a lot here in the forum people say, "Do this, read", but forget that sometimes people don't have the same ease of learning as others. I didn't want my outburst to cause confusion, but I want people to analyze the variables when responding to a post other person's difficulty. I thank you in advance

I tried using duckdns, but I didn't have success, and I also installed both packages

This is not clear to me what you are trying to do. Can you describe overall what you want the network to achieve, also known as the "use case?" For example a common use case is to VPN your smartphone while it is away from home to the router at home so that you can securely view an IPv4 IP camera in the home on the phone.

I was going to try DuckDNS myself so I could prepare a walkthrough for setting it up, but I'm unable to use the DuckDNS site because all the browsers I tried show a blank space instead of the reCaptcha that needs to be solved to log in.

2 Likes

You need to provide more details in order to assist you.

What both packages?

As others noted, it's not clear what you're attempting to accomplish. I assume you want to setup a Home VPN that's accessed remotely via a DDNS-based (i.e., DuckDNS) AAAA Record and dynamic IPv6 address?

If so, you do understand that this means any SRC network must be IPv6-enabled to access your VPN, correct?

2 Likes