Wireguard through IPv6

Thobben · November 3, 2024, 10:23am

Hi Together,

as iam actual switching my ISP to a provider who only gives a public ipv6 adress iam reworking my working ipv4-wireguard config so that i can connect from an ipv6 client to my wireguard-server on openwrt and as the vpn tunnel is established i wish to go on with ipv4 - because my local network has just ipv4 adresses.

what i actualy can do, is to connect via ssh to my openwrt from the outside through ipv6. thats already very nice.

but unfortunately wireguard doesnt work. i opended the appropriate firewall port on udp. and configured the interfaces. but unfortunatly the client didnt connects i i did not get any error messages. when i look in luci in the wireguard status there is no active status / no connection history.

could you point me out in the right direction?

actualy 2a00:10:4743:df00::1 is the ipv6 ip i'am using to connect through ssh successfully but this ip unformatunately doesnt works for wireguard. the log of my android smartphone / client says:

11-03 12:07:17.241 11714 11763 D WireGuard/GoBackend/openwrt: peer(54oh…eMis) - Sending handshake initiation
11-03 12:07:18.155 11714 11755 I gralloc4: @set_metadata: update dataspace from GM (0x00000000 -> 0x08010000)
11-03 12:07:19.163 11714 11755 I gralloc4: @set_metadata: update dataspace from GM (0x00000000 -> 0x08010000)
11-03 12:07:20.163 11714 11755 I gralloc4: @set_metadata: update dataspace from GM (0x00000000 -> 0x08010000)
11-03 12:07:21.165 11714 11755 I gralloc4: @set_metadata: update dataspace from GM (0x00000000 -> 0x08010000)
11-03 12:07:22.165 11714 11755 I gralloc4: @set_metadata: update dataspace from GM (0x00000000 -> 0x08010000)
11-03 12:07:22.254 11714 11763 D WireGuard/GoBackend/openwrt: peer(54oh…eMis) - Handshake did not complete after 5 seconds, retrying (try 2)
11-03 12:07:22.254 11714 11763 D WireGuard/GoBackend/openwrt: peer(54oh…eMis) - Sending handshake initiation
11-03 12:07:22.585 11714 13858 I WireGuard/GoBackend: Bringing tunnel openwrt DOWN
11-03 12:07:22.585 11714 13858 D WireGuard/GoBackend/openwrt: Device closing
11-03 12:07:22.585 11714 11763 D WireGuard/GoBackend/openwrt: Routine: event worker - stopped

Thobben · November 3, 2024, 12:09pm

i had to add a portforward from the wan to the lan zone. now it works.

porjo · November 10, 2024, 6:26am

I found this post while troubleshooting getting wireguard working with ipv6.

I'm glad to hear you got it working, however it should be possible to get it working even without port forward. Rather than assign an IPv4 address to your wg0, you can use an IPv6 ULA address. In fact, that should happen automatically if you leave the IP address field empty for the wireguard interface.

system · November 20, 2024, 6:27am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.