No IPv6 connectivity for Wireguard peers

Hello.

ISP: CenturyLink/Quantum. IPv6 is set up on the router via 6rd. Devices connected directly to the router get their IPv6 addresses just fine, test-ipv6.com shows 10 out of 10.

Set up on the router is Wireguard VPN. The peer configured on the router is acting as a server - accepts connection from (e.g.) mobile devices. IPv4 connectivity works just fine - when the VPN is on on a mobile device, showmyip.com and similar report the IP address of my OpenWrt router, all good.

But it turns out that when working via VPN my mobile device loses connectivity over IPv6 - test-ipv6.com shows 0 out of 10.

Question: How do I configure the tunnel such that my 'road warrior' devices would get IPv6 connectivity?

Would appreciate any help/suggestions/pointers.

P.S.
Tried playing with NAT6 as described here, no success.

Don't know what the hiccup was exactly.. but starting out fresh (essentially restoring the config from a previously taken backup) and making all the changes again got the IPv6 going on the "other side of the tunnel" (purists will yuk, but yes I've decided to use NAT66 :sweat_smile:).

So here it goes (posting it just for the record).

  1. The server:
[Interface]
Address = 10.10.10.10/24, fd42:42:43::1/64
ListenPort = 51800
PrivateKey = ..

[Peer]
PublicKey = ..
AllowedIPs = 10.10.10.11/32, fd42:42:43::3/128
  1. The client:
[Interface]
Address = 10.10.10.11/32, fd42:42:43::3/128
DNS = 1.1.1.1

[Peer]
PublicKey = ...
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = ...
  1. Setting NAT for WAN zone for IPv6:
uci set firewall.@zone[1].masq6="1"
uci commit firewall
service firewall restart
  1. Disable IPv6 source filter
uci set network.wan6.sourcefilter="0"
uci commit network
service network restart
  1. Prefer IPv6 over IPv4 behind NAT66 for the ULA prefix
NET_ULA="$(uci get network.globals.ula_prefix)"
uci set network.globals.ula_prefix="d${NET_ULA:1}"
uci commit network
service network restart

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.