Wireguard: ipv6 not working

Installing and Using OpenWrt Network and Wireless Configuration
1

Hey Community,

I got a (dual stacked) VPS that's running Wireguard.
My ISP doesn't provide me an ipv6.

So I just set up Wireguard on my Openwrt Router. Everything works, except ipv6.

The strange thing is, if I connect my phone directly using the Wireguard app I get a fully working ipv6.
But if I just use the Wifi I only get ipv4 working.

Anyone has a clue ?

Let me know if you need any further information

Thank you very much :slight_smile:

2

Does your client have :: (the entire IPv6 range) in its allowed IP configuration?

1 Like
3

Bildschirmfoto 2019-12-13 um 14.07.47
Bildschirmfoto 2019-12-13 um 14.07.472342×1370 303 KB

This is my config. Seems like, yeah, the entire ipv6 range is allowed.

4

So to clarify, when you connect a device to your router's WiFi, that traffic is routed via Wireguard to your dualstack VPS, but only IPv4 connections are working?

If so, is your WiFi LAN properly configured with IPv6? It will not get a IPv6 automatically, since you aren't getting a IPv6 prefix via your WAN connection (as you don't have IPv6 support at home, right?).

Try to configure a static IPv6 address and subnet on your LAN. Either in the private range and NAT. Or if possible (IMO cleaner), use a static IPv6 address and subnet with a prefix from your VPS, so that you use publically routable IPv6 addresses on your LAN devices as they should have :slight_smile:

1 Like
5

If I remember properly, there is some issue with IPv6 in WG.
As a workaround you can leave the IP address field empty and create a new interface as an alias for the WG interface, where you will define the IP address.

6

IPv6 works, I set it up to test for a user in another thread.

Is the OP intentionally using a ULA prefix and expecting operational IPv6 Internet services?

He'll need to use a Public and routable IPv6 address to get it working.

3 Likes
7

Wirdguard is working fine with IPv6, I'm using it myself, but you do need to reserve a static prefix exclusively for your wireguard peers (and that is a problem on most consumer contracts with volatile prefixes).

3 Likes
8

Yes sir, that's exactly what's going on.

The Wifi's Lan is getting an IPV6 but its fd (so, local only I guess?!)
Right, no ipv6 support from my ISP.

Bildschirmfoto 2019-12-13 um 16.16.34

How can I use a ipv6 prefix from my Server ? My VPS got a routable /48.
Would in that case any device connected get its own routable IPV6 ?

And like why don't my devices get ipv6 outbound connectivity using the ipv6 I routed to Wireguard on the server ?

Take a look:
Connected with Wireguard app on iOS:

IPDNS Detect - What is your IP, what is your DNS, what informations you send to websites
IPDNS Detect - What is your IP, what is your DNS, what informations you send to websites750×1035 101 KB

Connected with Wifi:

IPDNS Detect - What is your IP, what is your DNS, what informations you send to websites-1
IPDNS Detect - What is your IP, what is your DNS, what informations you send to websites-1750×984 90.4 KB

9

How can I use my routable ipv6 from my vps ?
Please also see my other reply :slight_smile:

10
  • Pick a /64 for assignment to the WG interface
  • Assign an IPv6 address to the WG interface
  • Assign a /128 to the peer

This is all documented at the other thread I noted above. Also, I'm not sure what you wanted me to note in your other post - we know your IPv6 doesn't work, as you haven't assigned a Public IPv6 address.

2 Likes