Configure WireGuard for Roaming Between IPv4, IPv6

Lane Russell lanerussell at protonmail.com
Sun Sep 16 20:09:09 CEST 2018


Since this is a home setup and my /56 might (will) change at some point, I don't want to have to reconfigure my router, server, and clients. Unless there's a way to dynamically reconfigure these devices in such a situation?

-------- Original Message --------
On Sep 16, 2018, 12:47 PM, Toke Høiland-Jørgensen wrote:

> Lane Russell <lanerussell at protonmail.com> writes:
>
>> Thanks so much for setting me straight. I've gotten IPv6 working over
>> my IPv4 tunnels to ensure that IPv6 traffic can't leak out while I'm
>> using Wireguard. Since my ISP uses SLAAC to hand out /56s, I have a
>> /64 pointed at the local subnet where my VPN server is. From there,
>> the VPN clients use my ULA prefix to talk to the server. The server
>> masquerades these ULA addresses to its global address.
>
> Why are you using masquerading? Kinda defeats the whole point of IPv6,
> doesn't it? :)
>
> You can just pick a public /64 from your subnet and assign that for use
> inside the tunnel, then give your clients addresses from that and use
> normal routing on the wireguard server. You'll have to get the prefix
> routed to your wireguard server, of course; either set that up manually,
> or use something like DHCP prefix delegation, or a routing daemon...
>
> If you don't want to use a whole /64 (but really, there's no reason you
> shouldn't be able to), you can also use /128's inside the tunnel and
> just route those from your gateway to your wireguard server.
>
> -Toke
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20180916/8b5f9181/attachment.html>


More information about the WireGuard mailing list