# Get IPv6 connectivity with wireguard 2021-11-10T21:07:51Z If your ISP or phone operator doesn't provide you an IPv6, you still can get IPv6 connectivity as long as you have somewhere a server with IPv6 -- let's say a VM at openbsd.amsterdam :). Let's configure IPv6 over ipv4 with wireguard and OpenBSD. Prerequisite: * A server with IPv6 connectivity running OpenBSD * A private IPv6 address range. In this example, it is fd9c:f774:0bfa:acfc. It could be fd42::1, fd42::2... but you might prefer doing this correctly. => https://simpledns.plus/private-IPv6 Generate a private IPv6 range ## On the server ``` # cat /etc/pf.conf [...snip...] pass in on egress proto udp from any to any port 4545 keep state match out on egress from (wg0:network) to any nat-to (egress) pass on egress from (wg0:network) to any pass on wg0 ``` ``` # cat /etc/sysctl.conf net.inet.ip.forwarding=1 net.inet6.ip6.forwarding=1 ``` ``` # cat /etc/hostname.wg0 inet 10.0.0.1/24 inet6 fd9c:f774:0bfa:acfc::1/64 wgkey [...snip...] wgport 4545 # peer 1 wgpeer [...snip...] wgaip 10.0.0.2/32 wgaip fd9c:f774:0bfa:acfc::2/128 # peer 2 wgpeer [...snip...] wgaip 10.0.0.3/32 wgaip fd9c:f774:0bfa:acfc::3/128 # peer 3 wgpeer [...snip...] wgaip 10.0.0.4/32 wgaip fd9c:f774:0bfa:acfc::4/128 up ``` I removed the key as you can see. The port is 4545, but use whatever you want :) It is really important to end ipv6 allowed ip by /128 ! ## On a client ``` # cat /etc/hostname.wg0 wgkey [...snip...] wgpeer [...snip...] \ wgendpoint 4545 \ wgaip 0.0.0.0/0 \ wgaip ::0/0 \ wgpka 25 inet 10.0.0.3/24 inet6 fd9c:f774:0bfa:acfc::3/64 wgrtable 1 up !route add -inet default 10.0.0.1 !route add -inet6 default fd9c:f774:0bfa:acfc::1 ``` ``` # cat /etc/hostname.iface rdomain 1 up inet autoconf ``` Of course, edit endpoint ipv4. It is important to set wgaip to any IPv4 and IPv6 to encrypt for both. As you can see, we set the default route to the VPN endpoint IP. ## Links => https://openbsd.amsterdam/ => https://www.tunnelbroker.net/ HE is another way to get IPv6 connectivity. => https://dataswamp.org/~solene/2021-10-09-openbsd-wireguard-exit.html Full WireGuard setup with OpenBSD ## Something to say ? => mailto:bla@bla.si3t.ch?subject=ipv6-over-ipv4-wireguard Send your comment by mail.