2

My ISP currently does not support IPv6, and I'm trying to set up a way for all of my computers at home to have a public IPv6 address range.

I've been following a guide on getting wireguard set up, and I'm able to get an IPv4 VPN set up. However for some reason I can't figure out how to assign peers a public IPv6 range.

Here is my server's wg.conf. I'm not the greatest at iptables, but I commented out the ip6tables command because I don't want the address to be translated: 

[interface]
ListenPort = 1194
PrivateKey = AMUT1f04Ej4gBquVz9xw/r0jdUFBVDBFCsdNxO0pFXY=
# PostUp = iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE; ip6tables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostUp = iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
# PostDown = iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE; ip6tables -t nat -D POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE

[Peer]
PublicKey = YNOhDK0kllJEuGIScYpKbvKVBhRiHdo23UB4ydrk7wg=
AllowedIPs = 10.66.66.3/32,<Public IPv6>::56/128

Here is my client's wg.conf:

[Interface]
PrivateKey = KJITzQmb8xdQNMw1FLEzAXrEee4khKNssgGlgVN1CmY=
Address = 10.66.66.3/24,<Public IPv6>::56/128

[Peer]
PublicKey = nXWR6FfgzIh7HfNaQE/91X6rSlQLLrfYvvzgE4grvwA=
Endpoint = <Public IPv4>:1194
AllowedIPs = 0.0.0.0/0,::/0

Also here is my VPS's ifconfig output:

# ifconfig
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet <Public IPv4>  netmask 255.255.255.255  broadcast 0.0.0.0
        inet6 fe80::f816:3eff:feb1:1c0  prefixlen 64  scopeid 0x20<link>
        inet6 <Public IPv6>::55  prefixlen 64  scopeid 0x0<global>
        ether fa:16:3e:b1:01:c0  txqueuelen 1000  (Ethernet)
        RX packets 76989  bytes 14208737 (14.2 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 69678  bytes 13847183 (13.8 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

With the above configuration my IPv4 traffic gets tunneled just fine, but nothing on IPv6

Other solutions I've tried but aren't quite what I need:

  • IPv6 Tunnel Broker: Slows my internet speed way down when active.
  • VPN: Only allocates one IPv6 address per device, I need a range.

Thanks!

Nicholas Eckardt
  • 23
  • 1
  • 3
  • "_IPv6 Tunnel Broker: Slows my internet speed way down when active._" Then something else is wrong. – Ron Maupin Jan 04 '20 at 22:40
  • Many applications prefer IPv6 over IPv4, so after configuring the Hurricane Electric tunnel, most of the communication goes over the slow tunnel. – Piotr P. Karwasz Jan 04 '20 at 23:05
  • When I was using tunnel broker, my speed was capped at around 40Mb/s. I did some digging on the Hurricane Electric forums, and found other people had a similar experience. My usual speed is 300Mb/s, so an 85% drop. I can dig deeper on this if you think the problem is related. – Nicholas Eckardt Jan 04 '20 at 23:06
  • The tunnel may not be correctly configured, your ISP may be slowing the tunnel, or you may connecting to the wrong HE site (more distant than necessary). I use HE with absolutely no problems or slowing of traffic. – Ron Maupin Jan 06 '20 at 02:56
  • @RonMaupin What speeds are you getting with your tunnel? – Nicholas Eckardt Jan 06 '20 at 23:26
  • In the neighborhood of 180 Mbps, but my service is supposed to be 200 Mbps, but I have never had that, even without the tunnel. – Ron Maupin Jan 06 '20 at 23:27
  • Well I use a hybrid. I let my VPS connect to Hurricane Electric who hands a /48 block, which I have split up several /56 subnets. Each subnet is routed to a different VPN client. I do see a speed limit, but that is because I am forced to use TCP for VPN due to sitting behind Carrier Grade NAT. – Lasse Michael Mølgaard Mar 02 '20 at 10:40

0 Answers0