From: Lane Russell <lanerussell@protonmail.com>
To: toke@toke.dk, david.w.cowden@gmail.com
Cc: wireguard@lists.zx2c4.com
Subject: Re: Configure WireGuard for Roaming Between IPv4, IPv6
Date: Sun, 16 Sep 2018 18:09:09 +0000 [thread overview]
Message-ID: <Ea_ThlFNfnz6b5yIEpIB8ZPryiwewgFtSFd-PyXbPB5vQZQ91Es-IjDzPAbJxuux3Zr8pTAtwC9X0M3GXw08pVyqrDIOQBnxIdmiS_-6y8Y=@protonmail.com> (raw)
In-Reply-To: <87pnxd8hcz.fsf@toke.dk>
[-- Attachment #1: Type: text/plain, Size: 1467 bytes --]
Since this is a home setup and my /56 might (will) change at some point, I don't want to have to reconfigure my router, server, and clients. Unless there's a way to dynamically reconfigure these devices in such a situation?
-------- Original Message --------
On Sep 16, 2018, 12:47 PM, Toke Høiland-Jørgensen wrote:
> Lane Russell <lanerussell@protonmail.com> writes:
>
>> Thanks so much for setting me straight. I've gotten IPv6 working over
>> my IPv4 tunnels to ensure that IPv6 traffic can't leak out while I'm
>> using Wireguard. Since my ISP uses SLAAC to hand out /56s, I have a
>> /64 pointed at the local subnet where my VPN server is. From there,
>> the VPN clients use my ULA prefix to talk to the server. The server
>> masquerades these ULA addresses to its global address.
>
> Why are you using masquerading? Kinda defeats the whole point of IPv6,
> doesn't it? :)
>
> You can just pick a public /64 from your subnet and assign that for use
> inside the tunnel, then give your clients addresses from that and use
> normal routing on the wireguard server. You'll have to get the prefix
> routed to your wireguard server, of course; either set that up manually,
> or use something like DHCP prefix delegation, or a routing daemon...
>
> If you don't want to use a whole /64 (but really, there's no reason you
> shouldn't be able to), you can also use /128's inside the tunnel and
> just route those from your gateway to your wireguard server.
>
> -Toke
[-- Attachment #2: Type: text/html, Size: 1764 bytes --]
next prev parent reply other threads:[~2018-09-16 18:07 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-06 19:33 Configure WireGuard for Roaming Between IPv4, IPv6 Lane Russell
2018-09-15 22:41 ` David Cowden
2018-09-16 16:40 ` Lane Russell
2018-09-16 17:47 ` Toke Høiland-Jørgensen
2018-09-16 18:09 ` Lane Russell [this message]
2018-09-16 18:22 ` Toke Høiland-Jørgensen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='Ea_ThlFNfnz6b5yIEpIB8ZPryiwewgFtSFd-PyXbPB5vQZQ91Es-IjDzPAbJxuux3Zr8pTAtwC9X0M3GXw08pVyqrDIOQBnxIdmiS_-6y8Y=@protonmail.com' \
--to=lanerussell@protonmail.com \
--cc=david.w.cowden@gmail.com \
--cc=toke@toke.dk \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).