@FreeYourMind said in NetGate 4100 + No IPv6 on WAN :(:
@bmeeks
thanks you bmeeks, for giving a bit more background information about this.
But lets stick with your example for a moment and lets say the VPN is not running behind your pfsense, but instead running on the firewall itself, which is a common configuration, right?
So lets assume i wanna connect with my remote laptop to OpenVPN running on pfsense, how would i do that, if we stick with the example you were talking about? I might overlook something but i obviously can't connect to the CGNAT IPv4 from the outside and given the fact that WAN doesn't have its own IPv6 address, i can't do that either.
So instead of binding OpenVPN to my WAN address which is usually something you would do with NAT in IPv4, you would now just bind OpenVPN to one of your lan interfaces instead?
"Yes" is the short answer as @stephenw10 has already described. Your "destination address" for the outside client attempting to connect back in would be the LAN interface's IPv6 address on your firewall. But you would still need the correct rules on your WAN to allow that traffic to pass through, because it will be coming in from your default gateway's link-local IPv6 address to the link-local IPv6 address on your WAN interface. Your WAN link-local address is just a "transit network" between your delegated /56 prefix and the ISP's network core.