[LES] Route IPv6 to VPN client

iandk

Hi,

I got several cheap VZ7 NAT VPS from Inception hosting and I'm running Wireguard-go on them.
Given that I don't have a static IP @home, I want to tunnel one/multiple of the public IPv6 addresses of my Inceptionhosting IPv6 subnet to my Clients@home.

Since I don't have a full /64 I wonder if that's even possible?
I'd have to use ndppd, since its also not routed, but can I use it with a smaller than /64 subnet?

Thanks!

Neoon

You could get a /48 from HE and ndppd it, but as I am aware, ndppd and/or radvd wont work with less then /64.
But you can tunnel each IPv6 by itself without ndppd.

Like I did here on Proxmox:
https://wiki.x8e.net/doku.php?id=proxmox_ipv6

Nyr

You can do IPv6 NAT with iptables. Use a private subnet and route that to one of your public IPv6.

WSS

@Nyr said:
You can do IPv6 NAT with iptables. Use a private subnet and route that to one of your public IPv6.

While incredibly useful, I liken this to most actually-knowledgeable auto bits on YouTube. "Hole in the block? Just drop the engine and replace it."

P.S. If there's a hole in the block, unless it's really new and cheap, it's time to just let it go.

Personally, I run a 6in4 via OpenWRT. Sucks that HE gets blocked semi-often for stuff, but it lets me work well enough that I can, well, work.

iandk

Is it possible to avoid NAT and directly route the public v6 to the client and configure it on the client?

terrorgen

ip -6 route add 2001:db8::1/128 via (your wireguard tunnel endpoint)

It's possible.

iandk

@terrorgen said:
ip -6 route add 2001:db8::1/128 via (your wireguard tunnel endpoint)

It's possible.

Thanks!
Is there any configuration on the client needed?
Additional routes or configuring the IP?

terrorgen

On the other side of the tunnel, you'll need to point default route toward the tunnel or else two way communication won't work.