[LES] Route IPv6 to VPN client

iandkiandk Hosting ProviderOG
in Help

Hi,

I got several cheap VZ7 NAT VPS from Inception hosting and I'm running Wireguard-go on them.
Given that I don't have a static IP @home, I want to tunnel one/multiple of the public IPv6 addresses of my Inceptionhosting IPv6 subnet to my Clients@home.

Since I don't have a full /64 I wonder if that's even possible?
I'd have to use ndppd, since its also not routed, but can I use it with a smaller than /64 subnet?

Thanks!

AMD EPYC / NVMe / 10GBPs KVM in Frankfurt - https://v6node.com
Looking for an unbeatable AMD EPYC Baremetal Server in Frankfurt? Drop me a PM

Comments

  • NeoonNeoon OG
    edited December 2019

    You could get a /48 from HE and ndppd it, but as I am aware, ndppd and/or radvd wont work with less then /64.
    But you can tunnel each IPv6 by itself without ndppd.

    Like I did here on Proxmox:
    https://wiki.x8e.net/doku.php?id=proxmox_ipv6

    Free NAT KVM | Free NAT LXC

  • NyrNyr OG
    edited December 2019

    You can do IPv6 NAT with iptables. Use a private subnet and route that to one of your public IPv6.

    OpenVPN installer | WireGuard installer

  • WSSWSS OGRetired

    @Nyr said:
    You can do IPv6 NAT with iptables. Use a private subnet and route that to one of your public IPv6.

    While incredibly useful, I liken this to most actually-knowledgeable auto bits on YouTube. "Hole in the block? Just drop the engine and replace it."

    P.S. If there's a hole in the block, unless it's really new and cheap, it's time to just let it go.

    Personally, I run a 6in4 via OpenWRT. Sucks that HE gets blocked semi-often for stuff, but it lets me work well enough that I can, well, work.

    My pronouns are like/subscribe.

  • iandkiandk Hosting ProviderOG

    Is it possible to avoid NAT and directly route the public v6 to the client and configure it on the client?

    AMD EPYC / NVMe / 10GBPs KVM in Frankfurt - https://v6node.com
    Looking for an unbeatable AMD EPYC Baremetal Server in Frankfurt? Drop me a PM

  • terrorgenterrorgen OG

    ip -6 route add 2001:db8::1/128 via (your wireguard tunnel endpoint)

    It's possible.

    The all seeing eye sees everything...

  • iandkiandk Hosting ProviderOG

    @terrorgen said:
    ip -6 route add 2001:db8::1/128 via (your wireguard tunnel endpoint)

    It's possible.

    Thanks!
    Is there any configuration on the client needed?
    Additional routes or configuring the IP?

    AMD EPYC / NVMe / 10GBPs KVM in Frankfurt - https://v6node.com
    Looking for an unbeatable AMD EPYC Baremetal Server in Frankfurt? Drop me a PM

  • terrorgenterrorgen OG

    On the other side of the tunnel, you'll need to point default route toward the tunnel or else two way communication won't work.

    The all seeing eye sees everything...

Sign In or Register to comment.