Have had great progress setting up VMs to act as Wireguard VPN vpn routers between sites. I have a primary hub with excelent connectivity. Satellite locations often have sub-par internet, often without IPv6 support.
The setup provides satellite sites with private transport to the primary hub. rtadvd is announcing IPv6 prefix and router for automatic IPv6 configuration for satellite users. It is working well for 'satellite users' and performance is pretty good.
I have noticed that Wireguard Host B, while it can reach the internet on IPv4, it can not itself reach the internet on IPv6. The default route for Wireguard Host B is out wg0 which has a fdXX non-routable IP address. Even though I expect it is delivering packets to the IPv6 traffic upsteam, it makes sense that this is not working because it's source IP is non-routable.
I suspect I blindly followed a guide that led me into this whole. I don't want to NAT IPv6, so it seems like I should have reserved a small subnet of routable IPv6 addresses from my allocation and used those for the virtual network between wireguard hosts, instead of assigning non-routable ULA fdXX:: addresses. Any other suggestions beyond reworking the addresses assigned to my wg interfaces?
The setup provides satellite sites with private transport to the primary hub. rtadvd is announcing IPv6 prefix and router for automatic IPv6 configuration for satellite users. It is working well for 'satellite users' and performance is pretty good.
Code:
ISP Dual 4+6
|
|
+ Router/Firewall +
|
|
WAN Subnets 4+6
|
|
+ Wireguard Host A +
:
:
Non-routable 172.x.x.x
Non-routable fdXX::
:
:
+ Wireguard Host B +
|
|
Satellite Subnets 4+6 ---- Router/Firewall ---- ISP 4-only
|
|
+ Satellite User +I have noticed that Wireguard Host B, while it can reach the internet on IPv4, it can not itself reach the internet on IPv6. The default route for Wireguard Host B is out wg0 which has a fdXX non-routable IP address. Even though I expect it is delivering packets to the IPv6 traffic upsteam, it makes sense that this is not working because it's source IP is non-routable.
I suspect I blindly followed a guide that led me into this whole. I don't want to NAT IPv6, so it seems like I should have reserved a small subnet of routable IPv6 addresses from my allocation and used those for the virtual network between wireguard hosts, instead of assigning non-routable ULA fdXX:: addresses. Any other suggestions beyond reworking the addresses assigned to my wg interfaces?