Setting up WireGuard with a dynamic IPv6 address and DDNS

I have just created a post here regarding setting up IPv6. Additional to understanding and setting up IPv6 I would like to setup IPv6 on WireGuard so that I can have achieve a dual-stack VPN connection. To summarise my ISP gives me dynamic IPv4/IPv6 WAN addresses with the IPv6 having a /56 subnet.

My IPv6 ULA-Prefix is fd0e:47f3:5fa8::/48. The ULA I have set on my WireGuard interface fd0e:47f3:5fa8:105::1/64

/etc/config/network

config interface 'wg_lan'
	option proto 'wireguard'
	option private_key '****' 
	option listen_port '51820'
	option mtu '1420'
	list addresses '10.0.5.1/24'
	list addresses 'fd0e:47f3:5fa8:105::1/64'

config wireguard_wg_lan 
	option public_key '****' 
	option preshared_key '****' 
	option description '1_lan_User1' 
	option route_allowed_ips '1' 
	option persistent_keepalive '25' 
	list allowed_ips '10.0.5.2/32' 
	list allowed_ips 'fd0e:47f3:5fa8::2/128'

How do I setup up the firewall and DDNS such as DuckDNS with IPv6 to work with WireGuard?

https://www.saudiqbal.com/blog/ipv6-home-server-with-dynamic-prefix-for-vpn-web-server-rdp-and-firewall-setup-guide.php

ULA is for use by your site only. Unless you're using wireguard to connect to a remote site under your control (like say a family members house or a data center or whatever) the ULA is pointless. In order to get ipv6 over your VPN the VPN provider must give you an ipv6 prefix. For whatever reason most of them do a terrible job and just give out individual addresses. a few give a single ipv6 /64 prefix. VPN providers SHOULD give out /56 prefixes like any other ISP but if you find one that supports wireguard and does this PLEASE POST IT, because I don't know of any.

Haven't tried it personally, but this provider offers /48 Wireguard connectivity:

1 Like

@dlakelan I would really like to try that VPN service to see how well the /48 is implemented, but it's a relatively big investment just to try it out. I think it's like $130 USD for a year and I didn't see any lesser termed plans.

It looks like it's ipv6 ONLY which is kinda cool and yet kinda less useful than if it were dual stack

and yes, it's a bit expensive.

Yeah, I wasn't sure how well their NAT64 implementation was configured. I imagine it's probably "fine" but I agree a true dual stack would + the IPv6 /48 would be the ideal setup.

Does it even have Nat64? if it does, I'm all for it, I ran ipv6 only for over a year back in ... 2016-2017 or so and it was fine for almost everything (games were the main exception).

I think I misunderstood something I read on their website previously. It looks like NAT64 is an add-on option whereby they provide a static IPv4 address for an annual fee: https://ungleich.ch/u/products/ipv6-vpn/

So yeah... I guess it is IPv6 only in its default configuration.

Have any of you come across https://dynv6.com ? You simply add your host portion of the IPv6 address into the system and then you can use their update APIs / URLs to update the prefix delegation.