Sid
May 13, 2024, 3:35am
1
My ISP provides me a /64 for IPv6, which means I can’t get IPv6 working on my Wireguard peers.
I’m trying to setup Symmetric dynamic NPTv6 following the steps here
But I’m getting this error
Error: syntax error, unexpected '}'
add rule inet fw4 srcnat oifname eth0 snat ip6 prefix to ip6 saddr map { fd27:dfec:1903::/60 : }
^
Error: syntax error, unexpected colon
add rule inet fw4 srcnat oifname br-lan snat ip6 prefix to ip6 saddr map { : fd27:dfec:1903::/60 }
^
Include '/etc/nftables.d/npt6.sh' failed with exit code 1
Any reason why it’s failing to get my wan6 address? My router does have it, as seen in luci and after running ifstatus wan6.
brada4
June 15, 2024, 9:49am
2
No idea why you think you need nat66
Just make smaller than /64 ie bigger number sub-delegations to different subnet segments. Like /96 is size of ip4 internet.
Probably reset device to backtrack all ad-hoc attempts you made.
Sid
June 15, 2024, 11:51am
3
To be clear I only receive a /64 GUA on my wan6 and require relay mode on both wan6 and lan to get IPv6 working in my network.
Do you recommend I use /96 address for my Wireguard server?
brada4
June 15, 2024, 12:35pm
4
/64 is mega subnet if you indeed receive just single address /128 you can still share it like in ancient times.
https://openwrt.org/docs/guide-user/network/ipv6/ipv6.nat6
egc
June 15, 2024, 12:40pm
5
You can use ULA addresses for the WG server and then do NAT 66 or NPT.
that is how I am dealing with it.
If you need more instructions let me know
To give you a head start, you can use selective NAT for the IPv6 ULA and you need to disable IPv6 source routting to get a default IPv6 route
brada4
June 15, 2024, 1:30pm
6
The WAN prefix turns up empty and NPT guidance makes faulty ruleset.
Did you rename WAN interface?