WireGuard with IPv6 SLAAC Addresses?
-
@sgc said in WireGuard with IPv6 SLAAC Addresses?:
@eirikrcoquere I have been trying to get this to work it is pfsense that is not routing the traffic right
Update I did get it working after some work.
-
I will work on a write up on how to get Wireguard working with a track interface and ipv6 working on the network too. It is not easy but with some setting changes it works fine. @OffstageRoller @Eiríkr
-
@sgc said in WireGuard with IPv6 SLAAC Addresses?:
I will work on a write up on how to get Wireguard working with a track interface and ipv6 working on the network too. It is not easy but with some setting changes it works fine. @OffstageRoller @Eiríkr
I would greatly appreciate it! :)
-
@offstageroller do you have ipv6 working on your network
-
@sgc said in WireGuard with IPv6 SLAAC Addresses?:
@offstageroller do you have ipv6 working on your network
@sgc Yep. I have IPv6 SLAAC enabled for every interface on my network except for my two WireGuard interfaces. For my WireGuard interfaces, I have it set to static currently and IPv6 only works when connected via WireGuard if I set each device to a static IPv6 address.
Since I don't want a static IPv6 address, I currently don't assign my WireGuard clients a static IPv6 and I only route IPv4 for right now.
-
@offstageroller on the wg inface set the ipv6 to stack and then open a new brower tab to the pfsense go to dhcp and look at the Subnet Prefix Delegation for each interface should look like XXXX:XXXX:XXXX:XXXX::/XX change the last number X::/XX to a number not in use by the other interfaces then paste it in to the wg interface do the same for each interface so like mine in XXXX:XXXX:XXXX:XXX2::/XX XXXX:XXXX:XXXX:XXX3::/XX then go to wg setting and add a 2nd ip to each pear XXXX:XXXX:XXXX:XXX2::1/128, XXXX:XXXX:XXXX:XXX2::2/128 and so on then go to wg on the device or make a new qr with the dns of the main lan or a different public dns
This sets up the network for ipv6
If you have problems let me know I can try to help. -
@offstageroller By the way I sorry I did not fuly read the post dhcp do not work with wg since the clients do not support dhcp that is why you can make a qr code.
-
@sgc said in WireGuard with IPv6 SLAAC Addresses?:
@offstageroller By the way I sorry I did not fuly read the post dhcp do not work with wg since the clients do not support dhcp that is why you can make a qr code.
@sgc If I'm following what you said correctly, that would result in a static IPv6 address which is what I'm trying to avoid. If you do things that way, you'll end up as a unique IP address on the internet that can be easily tracked.
At least with IPv4 and NAT, my device gets mixed in with all of the other devices on my network to make me more difficult to track.
What I'd want to do is set my WireGuard IPv6 to Track interface, and then enable Router Advertisements for that interface so that my devices will use SLAAC and use privacy IPv6 addresses that change at least daily.
-
@sgc Wondering if the write up is complete? :)
-
@sgc would also love to know the quick details (dont need a super detailed writeup) of how you got your WG remote access tunnel set up with SLAAC or DHCP6
