Just acquired service with Mullvad for their Wireguard compatibility, and I was wondering just how much flexibility I could pull from the system to achieve something similar to what I had with OpenVPN.
At the moment, I have setup as per this thread access to my home network from outside over IPv4, where the router acts as the main peer for all of the road warrior devices, and I'm able to both handshake and navigate over the v4 protocol without any issues, while also relying on VPN-PBR's ability to redirect traffic to specific sites and IP ranges through a OpenVPN client, leaving the WAN as the main gateway and just performing the routing when asked to on the specified sites.
However, now that my VPN provider is both Wireguard and IPv6-capable, I was wondering if I could adapt my topology as follows:
I'd like for the road-warrior configuration to stay as-is, just enabling the clients that connect over IPv4 to get assigned v6 addresses through a 6in4 tunnel, and for those that connect over IPv6 to connect directly (I have already setup both A and AAAA records to automatically update through the integrated Dynamic DNS client)
Then, I'd like to migrate my OpenVPN client setup to Wireguard as individually addressable peers (let's say for the moment one for Dallas, one for London and one for Madrid) so that I'm able to redirect both v4 and v6 traffic through Mullvad's network using VPN-PBR (So far I have tried following Mullvad's guide up to the Firewall Zone creation, but have noticed that the road warrior interface starts dropping handshakes after adding the interface, so I'm aa bit stumped as to how to continue).
From what I was able to find, I'd have to create a v6 NAT for both v6 tunneling and VPN-PBR, however, I am not sure what would be the best course of action so that the 6in4 tunnel, the Wireguard peer and VPN-PBR's routing capabilities can work in harmony.
Where should I begin?