Open NickEckardt opened 4 years ago
What's the final ideal path you're trying to achieve?
SSH Client connects over the internet ->
public IPv6 addr on VPS ->
VPS's routing table ->
wireguard outbound from VPS ->
IPv4 wireguard addr on destination server
or something else?
Unfortunately I don't know anything about IPv6 <-> IPv4 translation yet, so I don't know if I can be of any help. But maybe try posting the mtr
/ping6
output showing the failing hops in a traceroute?
The ideal path is pretty much what you mentioned:
Web browser connects over IPv6 ->
public IPv6 addr on VPS ->
VPS's routing table ->
wireguard outbound from VPS ->
IPv6 wireguard addr on destination server
The destination server only connects to the internet and Wireguard via IPv4, but wg0 would have IPv6 addresses, so it should work.
I don't think IPv4 to IPv6 translation is a problem I need to worry about, Wireguard handles that.
Here's my relevant ifconfig output of wg0 on the destination server:
wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1420
inet 10.66.66.3 netmask 255.255.255.0 destination 10.66.66.3
inet6 2607:a:b:c:1::57 prefixlen 100 scopeid 0x0<global>
RX packets 112 bytes 32336 (32.3 KB)
Note: 2607:a:b:c:1::57
is a valid public IPv6 within the range of my VPS. My VPS has the range: 2607:a:b:c::55 prefixlen 64
.
From the destination server, I can connect to the IPv6 internet, the problem is it connects via my VPS's public IP. test-ipv6.com works, but my IP shows up as 2607:a:b:c::55
.
SSHing into the destination server works from any other peer on wireguard, and the VPS. It does not work from the outside world. It appears wireguard is setting up a local network (like 192.168.1.1/24) but using global IPs, but never exposing them to the outside world.
mtr -w -6 google.com
:
HOST: misaka Loss% Snt Last Avg Best Wrst StDev
1.|-- 2607:a:b:c::55 0.0% 10 24.7 25.7 24.3 35.4 3.4
2.|-- 2607:a:b:c::1 0.0% 10 24.9 25.0 24.6 25.7 0.4
3.|-- fd00::ffe 0.0% 10 24.8 25.1 24.6 25.6 0.3
4.|-- 2607:a:0:1:2::17f 0.0% 10 25.2 25.3 24.8 25.8 0.3
5.|-- 2607:a:0:1:2::26 0.0% 10 25.0 25.1 24.6 25.4 0.2
6.|-- 2607:a:0:1:2::4 0.0% 10 25.8 25.3 24.8 25.9 0.3
7.|-- 2001:41d0:0:50::2:12c 0.0% 10 25.5 25.8 25.5 26.0 0.2
8.|-- 2001:41d0:0:50::6:84a 0.0% 10 25.7 25.5 25.2 25.9 0.2
9.|-- be100-100.bhs-g1-nc5.qc.ca 30.0% 10 29.2 26.8 26.1 29.2 1.1
10.|-- ash-1-a9.va.us 0.0% 10 38.5 38.8 38.4 39.2 0.2
11.|-- google.as15169.va.us 0.0% 10 111.2 111.1 110.7 111.5 0.2
12.|-- 2607:f8b0:824c::1 0.0% 10 111.0 111.2 110.8 111.5 0.2
13.|-- 2001:4860:0:1::20d2 0.0% 10 115.5 121.1 114.9 170.5 17.3
14.|-- 2001:4860:0:1098::11 0.0% 10 118.5 116.6 112.1 143.0 9.5
15.|-- 2001:4860::c:4000:da1a 0.0% 10 129.4 129.1 128.6 129.6 0.3
16.|-- 2001:4860::c:4000:d5ff 0.0% 10 129.2 129.3 128.9 130.3 0.4
17.|-- 2001:4860::9:4000:eec9 0.0% 10 126.2 126.0 125.5 126.5 0.3
18.|-- 2001:4860:0:1::1f33 0.0% 10 125.9 125.6 125.4 126.1 0.3
19.|-- ord37s07-in-x0e.1e100.net 0.0% 10 125.7 125.6 125.0 126.0 0.3
ping6 google.com
:
PING google.com(ord37s07-in-x0e.1e100.net (2607:f8b0:4009:802::200e)) 56 data bytes
64 bytes from ord37s07-in-x0e.1e100.net (2607:f8b0:4009:802::200e): icmp_seq=1 ttl=44 time=127 ms
Thanks again for your help!
Hello,
I got this works recently, you can check out my script https://github.com/finzzz/wgzero (use Full Routing option) As far as I have tried, this only possible if the ISP/VPS provider assign you 1 IPv6 and 1 full IPv6 block (on different range). I have tested this on linode and it works. You may need to open a ticket to request for that though. Let me know if the script works on your case.
I am trying to use wireguard to assign public IPv6 addresses to my peers, so that I can ssh into them from anywhere. I currently have a setup working on a VPS which works with both IPv4 and IPv6, but it seems to NAT outbound traffic, so I cannot ssh into a specific peer.
My current config is as follows: Server:
Client:
I've been stuck on this all weekend and not sure how to proceed. Let me know if there is a better place to ask this question. So far the most helpful thing I found were these docs :+1:
Thanks!