I have got a /48 ipv6 block, is it possible to use public routable ipv6 in my vpn and sub level? like a v6 broker

quiestion1:The ipv4 is easy to deal with nat, but I hope to assign public routable ipv6 in my vpn, and sub level clients (pc). is it feasible? using forward instead of nat in ipv6?

   +-------+                                +----------+          +--------+
   |       |                                |          |          | 2001:1:2:2:x:x:x:x/64 slaac
   |       |                                |          +----------+        |
   |       |                                |          |          |        |
   |       |                                |          |          +--------+
   |public |                                | openwrt  +
   |server |                              2001:1:2:2::1/64
 2001:1:2::/48                              |  radvd   +
   |       |                                |          |          +--------+
   |       |     wireguard                  |          |          |        |
   |       |                                |          +----------+ 2001:1:2:2:x:x:x:x/64 slaac
   |       +--------------------------------+          |          |        |
   +-------+                                +----------+          +--------+
         2001:1:2:1::1/127            2001:1:2:1::/127
in my view here 2 ipv6 can use fdxx in-site address,am I right?

question2: I roam my openwrt to a new place , but the server side's endpoint does not change automatically, why? I did not write down endpoint in server side's configure file.
server side:

interface: wghub
  public key: xxxxc=
  private key: (hidden)
  listening port: 41089

peer: xxxxE=
  preshared key: (hidden)
  endpoint: 60.247.127.220:2185 /* this part is autoadded by system when "wg show". not write in conf file and not change when roam*/
  allowed ips: 10.8.3.10/32, 2001:x:x::10/128, 2001:x:x:x:1::/80
  latest handshake: 7 hours, 55 minutes, 27 seconds ago
  transfer: 2.84 MiB received, 6.32 MiB sent

here I use /80 because the server has /64 block, and I hope to try dhcpv6 with /80 prefix.

Yes, it is the desired way to configure it.

Use /64 subnets in all of your networks. While you technically can use /80, the ipv6 spec dictates that networks should be at least /64. If you don't, some features of ipv6 will simply break, such as SLAAC among others. Since you have a nice /48 prefix, you should have plenty of blocks to give each subnet a dedicated /64.

5 Likes

I roam my openwrt to a new place , but the server side's endpoint does not change automatically, why? I did not write down endpoint in server side's configure file.
do you know why?
this is the key of second question.

Make sure both ends of the tunnel DON'T have the SaveConfig option set. In the server's config leave the endpoint empty, but fill in a listen port (as you did), and in the client's config set the IP of the server as the endpoint, and leave the listen port empty. Roaming should work automatically.

1 Like

how and where to set SAVECONFIG? I use wg-quick up ./server.conf to up the interface.

If you don't have it added anywhere, it is disabled by default, so that's good. In the picture in your first post, is the "server" part roaming or the "openwrt" part?

the server is public fixed ip, openwrt roam from different network.

Can you share your /etc/config/network file? Make sure you first remove any sensitive data from the output before sharing, such as private keys, passwords, etc