Two different IPv6 prefixes from the same Wireguard server tunneled to pfsense
-
Hi all,
My ISP has a really bad IPv6 support so I went down the rabbit hole and found a willing LIR to sponsor my ASN and got a PA IPv6 block with it. Later I bought another sponsored PI block.
Then I found a VPS provider who was willing to open a BGP session with me and I announced my prefixes there. I set up a Wireguard server on my VPS and tunneled it to pfsense. I also made a testing peer for my computer and confirmed Wireguard is working correctly and I get an IPv6 from my VPS.
My pfsense peers connect and handshake with my VPS's Wireguard server. No problems there:
So I have two tunnels:
- same IPv4 endpoint, different ports
- Tunnel 1 allows IPv6s from range aaaa:bb4:1040::/48 connected to VLAN95
- Tunnel 2 allows IPv6s from range aaaa:bbbb:b74:::/48 connected to VLAN96
Problem:
- only Tunnel 1 clients on VLAN95 have IPv6 connectivity
- Tunnel 2 clients on VLAN96 don't have IPv6 connectivity
What can I do to solve this?
Wireguard tunnel interfaces:
VLANs:
Gateways and static routes:
Firewall rules:
Router advertisements:
My computer gets IPv6 from both prefixes:
