wireguard.lists.zx2c4.com archive mirror
 help / color / mirror / Atom feed
From: "Toke Høiland-Jørgensen" <toke@toke.dk>
To: Lane Russell <lanerussell@protonmail.com>,
	David Cowden <david.w.cowden@gmail.com>
Cc: "wireguard@lists.zx2c4.com" <wireguard@lists.zx2c4.com>
Subject: Re: Configure WireGuard for Roaming Between IPv4, IPv6
Date: Sun, 16 Sep 2018 19:47:08 +0200	[thread overview]
Message-ID: <87pnxd8hcz.fsf@toke.dk> (raw)
In-Reply-To: <jbnB37pGZpZyPR34uyzg8hAsh9mvscgKeDF24wj3jh_h2q7PjAFmqwOKTzINMcNv4P6fsHfR3n3Slyfd2TfdpNkQz-zWHI_Yj84S8Rk0uPw=@protonmail.com>

Lane Russell <lanerussell@protonmail.com> writes:

> Thanks so much for setting me straight. I've gotten IPv6 working over
> my IPv4 tunnels to ensure that IPv6 traffic can't leak out while I'm
> using Wireguard. Since my ISP uses SLAAC to hand out /56s, I have a
> /64 pointed at the local subnet where my VPN server is. From there,
> the VPN clients use my ULA prefix to talk to the server. The server
> masquerades these ULA addresses to its global address.

Why are you using masquerading? Kinda defeats the whole point of IPv6,
doesn't it? :)

You can just pick a public /64 from your subnet and assign that for use
inside the tunnel, then give your clients addresses from that and use
normal routing on the wireguard server. You'll have to get the prefix
routed to your wireguard server, of course; either set that up manually,
or use something like DHCP prefix delegation, or a routing daemon...

If you don't want to use a whole /64 (but really, there's no reason you
shouldn't be able to), you can also use /128's inside the tunnel and
just route those from your gateway to your wireguard server.

-Toke

  reply	other threads:[~2018-09-16 17:45 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-06 19:33 Configure WireGuard for Roaming Between IPv4, IPv6 Lane Russell
2018-09-15 22:41 ` David Cowden
2018-09-16 16:40   ` Lane Russell
2018-09-16 17:47     ` Toke Høiland-Jørgensen [this message]
2018-09-16 18:09       ` Lane Russell
2018-09-16 18:22         ` Toke Høiland-Jørgensen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87pnxd8hcz.fsf@toke.dk \
    --to=toke@toke.dk \
    --cc=david.w.cowden@gmail.com \
    --cc=lanerussell@protonmail.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).