As my ISP does not provide any IPv6, I am using an HE.net dual-stack interface to assign IPv6 addresses to my OpenWRT router and subnet (I fet a /56).
Now I would like to set up IPv6 addresses in a roadwarrior wireguard scenario. The OpenWRT wireguard documentation only indicates how to assign private IPv6.
How to assign a /64 subnet to Wireguard clients?
Would you be so kind to guide me?
IMHO, It is not clear to me as /64 delegations need to be requested via DHCPv6 or SLAAC, so I am not sure that adding IPv6 subnet and addresses can work out of the box with Wireguard.
Do you have a working conf with /64 delegation under Wireguard in a roadwarrior scenario?
Since you have a static /48 prefix it should be easy to choose a /64 to use for static configuration in wireguard. (Wireguard doesn't use dhcpv6 or slaac.)
As a side remark I just realized that when I connect on local wireless network, I receive only an IPv4 from Wireguard and IPv6 from router. So if for some reason I connect to an IPv6 host, connection goes unencrypted. So I really need a public IPv6 on client.
The same applies when connecting to a wireless hotspot with IPv6 connectivity.
Well it doesn't if you're using WPA2 or WPA3, despite your belief that they are 'dead'.
But, aside from that, I'm not sure why you're not just doing what you've already been told, set up an IPv6 /64 subnet in the same way as you did an IPv4 /24 subnet.
If fdf1:e8a1:8d3f:9 is the /64 prefix assigned by HE.net out of the /48.
Server:
fdf1:e8a1:8d3f:9::1/64 is the configuration of the router
Peer:
fdf1:e8a1:8d3f:9::2/128 is the allowed IP
The problem is that Tunnelbroker assigns me a /48 and a /64 which are used for dual-stack browing.
The /64 is already been used to assign addresses. So I need to use a new /64 inside my /48?
I modified Tunnelbroker settings:
config interface 'wan6'
option proto '6in4'
option tunlink 'wan'
...
list ip6prefix '2001:xx::/48'
list ip6prefix '2001:yy:yy:yy::/64'
with the two IPv6 prefixes. Is this correct?
Anyway, only the /64 address is showing up in 6inWAN.
So technically when I am going to assign gateway address it wil not be with the /56 range.
The /56 range is not defined anywhere on any interface of the router.
Why are you messing around with the tunnelbroker interface? If you have a routed /48 prefix then that's all you should have in the interface config.
The command shows the address of the interface, which is a /64 address. It is not the same thing as the prefix.
If all you're trying to do is get IPv6 addresses on wireguard clients then I'm really not sure why you're not just doing what you were told right at the outset...