VPS IPv6 /64 for SLAAC at home via wireguard?
I'm looking to hand out public IPv6 addresses from my VPS /64 to my clients at home via SLAAC if possible. I have so far been able to get a single IPv6 public address to work via ndp_proxy (instructions here) BUT I have been unsuccessful at allowing multiple IPv6 thru the wireguard tunnel to become available to clients.
Here is a dirty diagram of how things would look like:
VPS
2602:fed2:8888:106:: /64 assigned
eth0 = 2602:fed2:8888:106::1
wg0 = 2602:fed2:8888:106:100::1
-- wg tunnel --Home client
wg0 = 2602:fed2:8888:106:100::10 (this will become a 'default gateway' at home - receiving traffic from multiple hosts)
eth0 = 192.168.1.100
-- client 1 fowards packets to 192.168.1.100 asking for an IPv6 address. Hoping it automatically gets one from the available /64 space.
VPS provider won't give more IPv6 space than /64 unfortunately - I haven't tried asking for a /128 for a ptp thats routed to it - I was reading that may work but dont know.
I did try /etc/ndppd.conf with this config but did not see any requests comming from wg0 instance:
proxy eth0 { autowire yes rule 2602:fed2:8888:106::/64 { iface wghub } }
Anyone with experience that could comment?
Comments
You have to use the "static" mode in ndppd. WireGuard is an level 3 interface, not level 2, so ndppd's dynamic tricks won't work with it. You just want it to bring the entire /64 onto your server. Then, from the server you can route it into the WG tunnel.
Ok, trying this config out but I may be missing something for it to work - do I need a static route setup in the VPS?
Added an extra IPv6 address of 2602:fed2:730b:106:8888::13 to wgclient at home but it doesn't work.
I did see something come in thru the ndppd logs indicating that something happened but I don't see this ::13 in the ip -6 neighbors of the VPS and it isn't pingable from the internet:
thanks for the help
Yes. Just
static
in ndppd, and aside from that forget about anything related to "neigh" or proxy, it's all regular routing from then on.