[Solved] Setting up Wireguard IPv6 understanding IPs

pwned · June 7, 2020, 11:57am

I'm trying to setup wireguard for IPv6. IPv4 is working flawlessly.
As I'm new to IPv6 I have difficulties in understanding what IP's are expected to use.

Situation:

ISP Modem/Router (not bridged) -> Switch -> OpenWrt Box (delegated prefix)

OpenWrt Box is getting a /57 from an upstream /56

So I have increased the 2xxx:xxxx:xxxx:xxx1::1 to 2xxx:xxxx:xxxx:xxx3::1 for wireguard interface. LAN is getting (automatically 2xxx:xxxx:xxxx:xxx1::1) and Guest Wifi is getting (automatically 2xxx:xxxx:xxxx:xxx2::1) already.

For allowed_ips I appended just a random /64 after prefix 2xx:xxxx:xxxx:xxx3:xxxx:xxxx:xxxx:xxxx/128.

network.wg0=interface
network.wg0.proto='wireguard'
network.wg0.private_key='fadfhwsrtzuhertzhdfghdxfghs='
network.wg0.listen_port='4500'
network.wg0.force_link='1'
network.wg0.addresses='192.168.3.1/24' '2xxx:xxxx:xxxx:xxx3::1/64'
network.@wireguard_wg0[0]=wireguard_wg0
network.@wireguard_wg0[0].public_key='adfgsrtzewrzudfghjet6uethjfdg='
network.@wireguard_wg0[0].persistent_keepalive='25'
network.@wireguard_wg0[0].description='wg0_vpn0'
network.@wireguard_wg0[0].route_allowed_ips='1'
network.@wireguard_wg0[0].allowed_ips='192.168.3.2/32' '2xx:xxxx:xxxx:xxx3:xxxx:xxxx:xxxx:xxxx/128'

So far my wg setup on openwrt.

At the moment I'm stuck in getting a connection because I'm confused with the IP's to use.

What is the Endpoint for my client? ISP RouterIP, OpenWrt Router IP or wg0 IP? I would have thought wg0 IP cause its public? Is the Client IP which I filled up randomly /128 in allowed_ips right?

ISP Box setup looks like:

trendy · June 7, 2020, 2:31pm

Is not necessary, you already have the /24 in IPv4 and /64 in IPv6 containing the /32 and /128 respectively.

It's the same with IPv4, use 2xx:xxxx:xxxx:xxx3::2/128 for example.

Either the ISP Router IPv4 or the OpenWrt wan IPv6.

You don't use that as endpoint IP, this is tunnel IP.

No, this is assigned after the tunnel is established.

pwned · June 7, 2020, 5:05pm

Ah, O. K. i tried the ISP public IP first and then the WG public IP.

So I could use any private fdxx::/8 address within this tunnel? I was thinking that I need a public cause others never leave the lan. So I have mixed it up.

Yes this is clear now. No IPv6 "public routing rules" within the tunnel.

Thx for help! I will try it again.

trendy · June 7, 2020, 5:57pm

Yes, sure you can. If you are not using the WG tunnel to provide internet, there is no sense to assign GUA (or public) IPv6.

pwned · June 8, 2020, 11:38am

I was not aware of the fact that if I want to connect from outside to my OpenWrt LAN I have to choose the public IPv6 address from OpenWrt Box. Not like on IPv4 where ISP Box public IPv4 is Endpoint.

All is working fine now. Thx for help trendy.

trendy · June 8, 2020, 12:24pm

It's different because in IPv6 you have public IPs inside the lan.

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

system · June 18, 2020, 12:24pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.