Wireguard with IPv6

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
kiner_xix
DD-WRT Novice


Joined: 07 Jan 2020
Posts: 6
PostPosted: Wed Feb 19, 2025 11:03    Post subject: Wireguard with IPv6 Reply with quote
Hi,

I'm trying to get a Wireguard tunnel to work with IPv6 on my router (Firmware: DD-WRT v3.0-r58207 ).

I can already establishing an tunnel, if I'm in my private LAN. But from outside (via cellphone) it does not work.
As endpoint in the client i use the IP: 2a01:xxxx:xxxx:xxxx:1659:c0ff:fe9b:6f05 (see also br0), which is shown as public IP for the router.


Because, it works in my LAN, i guess it is a firewall problem.

I was trying to follow this discussion https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=333513 but it does not help.

For the IPv6 configuration, i use DHCPv6 with prefix delegation.

My Wireguard configuration is:



Code:
[Interface]
Address = 10.4.0.7/32, fd42:42:42::2/64
DNS = 8.8.8.8, 2001:4860:4860::8888
ListenPort = 51820
MTU = 1412
PrivateKey = 6FiImxxxxxxxxxxxxxxxxxxxxhcSkxXPn8=

[Peer]
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = [2a01:xxxxxxxxxxxxxx:c0ff:fe9b:6f05]:51820
PersistentKeepalive = 25
PublicKey = N9OcMtyiwxxxxxxxxxxxxxxxxxMoJsT5ywPVc=




the output of inconfig is:

Code:
br0       Link encap:Ethernet  HWaddr 14:59:C0:9B:6F:05
          inet addr:192.168.22.2  Bcast:192.168.22.255  Mask:255.255.255.0
          inet6 addr: 2a01:xxxxxxxxxxxxxxxx:1659:c0ff:fe9b:6f05/56 Scope:Global
          inet6 addr: fe80::1659:c0ff:fe9b:6f05/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11501389 errors:0 dropped:843 overruns:0 frame:0
          TX packets:21558031 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2429872806 (2.2 GiB)  TX bytes:27148123508 (25.2 GiB)

eth0      Link encap:Ethernet  HWaddr 14:59:C0:9B:6F:05
          inet6 addr: fe80::1659:c0ff:fe9b:6f05/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:75153778 errors:0 dropped:0 overruns:0 frame:0
          TX packets:33161696 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:790714587 (754.0 MiB)  TX bytes:577456201 (550.7 MiB)
          Interrupt:179 Base address:0x4000

eth1      Link encap:Ethernet  HWaddr 14:59:C0:9B:6F:07
          inet6 addr: fe80::1659:c0ff:fe9b:6f07/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4895674 errors:0 dropped:39 overruns:0 frame:1342808
          TX packets:46830958 errors:76 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:504095150 (480.7 MiB)  TX bytes:368320821 (351.2 MiB)
          Interrupt:163

eth2      Link encap:Ethernet  HWaddr 14:59:C0:9B:6F:14
          inet6 addr: fe80::1659:c0ff:fe9b:6f14/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:19493 errors:0 dropped:36 overruns:0 frame:231986
          TX packets:385561 errors:138 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3930093 (3.7 MiB)  TX bytes:189749444 (180.9 MiB)
          Interrupt:169

imq0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          UP RUNNING NOARP  MTU:1500  Metric:1
          RX packets:44128 errors:0 dropped:0 overruns:0 frame:0
          TX packets:44128 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:30
          RX bytes:21592305 (20.5 MiB)  TX bytes:21592305 (20.5 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MULTICAST  MTU:65536  Metric:1
          RX packets:60775 errors:0 dropped:0 overruns:0 frame:0
          TX packets:60775 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:8409741 (8.0 MiB)  TX bytes:8409741 (8.0 MiB)

oet1      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.4.0.1  P-t-P:10.4.0.1  Mask:255.255.255.0
          inet6 addr: fd42:42:42::1/64 Scope:Global
          UP POINTOPOINT RUNNING NOARP PROMISC  MTU:1412  Metric:1
          RX packets:22 errors:15 dropped:0 overruns:0 frame:15
          TX packets:354 errors:2 dropped:16 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:8016 (7.8 KiB)  TX bytes:57792 (56.4 KiB)

ppp0      Link encap:Point-to-Point Protocol
          inet addr:100.97.106.1  P-t-P:5.61.190.144  Mask:255.255.255.255
          inet6 addr: 2a01:xxxxxxxxxxxx:1e61:9787:655d/64 Scope:Global
          inet6 addr: fe80::3e1:1e61:9787:655d/10 Scope:Link
          UP POINTOPOINT RUNNING MULTICAST  MTU:1492  Metric:1
          RX packets:51451 errors:0 dropped:0 overruns:0 frame:0
          TX packets:46018 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:25307593 (24.1 MiB)  TX bytes:8084387 (7.7 MiB)

vlan1     Link encap:Ethernet  HWaddr 14:59:C0:9B:6F:05
          inet6 addr: fe80::1659:c0ff:fe9b:6f05/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:53823756 errors:0 dropped:14 overruns:0 frame:0
          TX packets:22449933 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:15081932753 (14.0 GiB)  TX bytes:23786490468 (22.1 GiB)

vlan2     Link encap:Ethernet  HWaddr 14:59:C0:9B:6F:06
          inet6 addr: fe80::1659:c0ff:fe9b:6f06/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:21330022 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10711726 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:27005071678 (25.1 GiB)  TX bytes:2428118763 (2.2 GiB)


what have i to change??
Back to top View user's profile Send private message
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 13646
Location: Netherlands
PostPosted: Wed Feb 19, 2025 11:11    Post subject: Reply with quote
I am not sure if it is a WireGuard problem but it looks like IPv6 is not implemented on your router there is no IPv6 GUA on your WAN:

Quote:
vlan1 Link encap:Ethernet HWaddr 14:59:C0:9B:6F:05
inet6 addr: fe80::1659:c0ff:fe9b:6f05/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:53823756 errors:0 dropped:14 overruns:0 frame:0
TX packets:22449933 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15081932753 (14.0 GiB) TX bytes:23786490468 (22.1 GiB)

vlan2 Link encap:Ethernet HWaddr 14:59:C0:9B:6F:06
inet6 addr: fe80::1659:c0ff:fe9b:6f06/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21330022 errors:0 dropped:0 overruns:0 frame:0
TX packets:10711726 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:27005071678 (25.1 GiB) TX bytes:2428118763 (2.2 GiB)


_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

Last edited by egc on Wed Feb 19, 2025 12:02; edited 2 times in total
Back to top View user's profile Send private message
kiner_xix
DD-WRT Novice


Joined: 07 Jan 2020
Posts: 6
PostPosted: Wed Feb 19, 2025 11:16    Post subject: Reply with quote
egc wrote:
I am not sure if it is a WireGuard problem but it looks like IPv6 is not fully implemented on your router there is no IPv6 GUA on your WAN:

Quote:
vlan1 Link encap:Ethernet HWaddr 14:59:C0:9B:6F:05
inet6 addr: fe80::1659:c0ff:fe9b:6f05/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:53823756 errors:0 dropped:14 overruns:0 frame:0
TX packets:22449933 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15081932753 (14.0 GiB) TX bytes:23786490468 (22.1 GiB)

vlan2 Link encap:Ethernet HWaddr 14:59:C0:9B:6F:06
inet6 addr: fe80::1659:c0ff:fe9b:6f06/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21330022 errors:0 dropped:0 overruns:0 frame:0
TX packets:10711726 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:27005071678 (25.1 GiB) TX bytes:2428118763 (2.2 GiB)




what does it mean?
My IPv6 knowledge is not very far.

Did i have to change something in the IPv6 configuration?
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 13646
Location: Netherlands
PostPosted: Wed Feb 19, 2025 11:20    Post subject: Reply with quote
I do not know how you have setup IPv6

Maybe start a new thread asking assistance with IPv6 setup for your router and network if necessary.

I have some notes about it:
https://raw.githubusercontent.com/egc112/ddwrt/main/IPv6%20DNSMasq%20IPv6%20RA.pdf

Maybe those are helpful
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 7027
Location: Romerike, Norway
PostPosted: Thu Feb 20, 2025 14:57    Post subject: Reply with quote
You have a /56 Prefix Delegation. That is good. Now you need to carve it up into /64s and assign one to oet1.

In dhcp6c additional configuration add:

interface vlan2 {
send ia-pd 0;
send rapid-commit;
#request domain-name-servers;
script "/sbin/dhcp6c-state";
};
id-assoc pd 0 {
prefix ::/56 infinity;
prefix-interface br0 {
sla-id 0;
sla-len 8;
};
prefix-interface oet1 {
sla-id 1;
sla-len 8;
};

};
id-assoc na 0 { };
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum