Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

Wireguard IPv6 /64 to clients using routed netblock; showing IPv6 addr of wgserver not client
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Wireguard IPv6 /64 to clients using routed netblock; showing IPv6 addr of wgserver not client

dopogiodopogio Member
edited July 2021 in Help

I setup a wireguard server on buyvm, with the intent that my wireguard clients will each get a /64 block that is routable. I was able to get clients to use IPv6 and the addresses are pinging from the internet BUT test-ipv6.com is not showing my wg-client-IPv6 address and instead using the wg0.conf IPv6 address from the server.

I may have missed something silly, or do I need to use IPv6 ULA addresses between all my wireguard clients and the wgserver interface addresses and only add the /64 to the 'allowedips' ?

Here is my server.conf in use (obfuscated some details for reasons):

[Interface]
Address = 10.100.100.1/24, 9999:6666:notyours::1/48
ListenPort = 88
PrivateKey = SMwK+eyk02wsaMzVnzOMGBbjxnu0A/F0FjbN+eo+oGE=
SaveConfig = false
MTU = 1350
PostUp = iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o eth0 -j TCPMSS --clamp-mss-to-pmtu
PostUp = ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o eth0 -j TCPMSS --clamp-mss-to-pmtu
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostUp = iptables -A FORWARD -i %i -j ACCEPT
PostUp = ip6tables -A FORWARD -i %i -j ACCEPT
PostDown = iptables -D FORWARD -i %i -j ACCEPT
PostDown = ip6tables -D FORWARD -i %i -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -t mangle -D POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o eth0 -j TCPMSS --clamp-mss-to-pmtu
PostDown = ip6tables -t mangle -D POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o eth0 -j TCPMSS --clamp-mss-to-pmtu
PostUp = sysctl -q -w net.ipv4.ip_forward=1
PostUp = sysctl -q -w net.ipv6.conf.all.forwarding=1
PostDown = sysctl -q -w net.ipv4.ip_forward=0
PostDown = sysctl -q -w net.ipv6.conf.all.forwarding=0
PostUp = sysctl -q -w net.ipv6.conf.all.proxy_ndp=1
PostDown = sysctl -q -w net.ipv6.conf.all.proxy_ndp=0
PostUp = ip -6 neigh add proxy 9999:6666:notyours:300::12 dev eth0
PostDown = ip -6 neigh del proxy 9999:6666:notyours:300::12 dev eth0
PostUp = ip -6 neigh add proxy 9999:6666:notyours:200::11 dev eth0
PostDown = ip -6 neigh del proxy 9999:6666:notyours:200::11 dev eth0
PostUp = ip -6 neigh add proxy 9999:6666:notyours:100::10 dev eth0
PostDown = ip -6 neigh del proxy 9999:6666:notyours:100::10 dev eth0


[Peer]
PublicKey = xxx
PresharedKey = notyours
AllowedIPs = 10.100.100.10/32, 9999:6666:notyours:100::10/64


[Peer]
PublicKey = xxx
PresharedKey = notyours
AllowedIPs = 10.100.100.11/32, 9999:6666:notyours:200::11/64


[Peer]
PublicKey = xxx
PresharedKey = notyours
AllowedIPs = 10.100.100.12/32, 9999:6666:notyours:300::12/64

here is a client example of the same

[Interface]
Address = 10.100.100.10/24, 9999:6666:notyours:100::10/64
DNS = 1.1.1.1, 2606:4700:4700::1111
PrivateKey = yyy
MTU = 1350

[Peer]
PublicKey = xxx
PresharedKey = notyours
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 45.61.184.24:88
PersistentKeepalive = 25

When using test-ipv6.com I should be seeing IPv6 address detected = 9999:6666:notyours:100::10

instead external websites are seeing 9999:6666:notyours::1 (wgserver interface wireguard interface ip6)

Sign In or Register to comment.