I want to reach ipv6 addresses on the internet through my wireguard tunnel.
I use dietpi v8.2.2 on a Odroid C2 with PiVPN Setup for wireguard.
here’s what I did:
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward = 1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
editing the client settings for Client iptest:
looks like there is no public IPv6 address assigned. It seems to be a local fe80 only. However on the FritzBox you specify something like 2001. Are you sure your IPv6 network is working fine? Are you able to connect to any IPv6 address from the DietPi device themselves?
I haven’t read through everything, just note that the WireGuard install option in dietpi-software sets to everything for IPv6 access OOTB and on PiVPN this is an open request since years.
IPv6 routes can be checked via ip -6 r. If there is no public/GUA IPv6 address assigned to the adapter, it seems the router sends no router advertisements. You say it sends those via DHCP? Note that DHCPv6 is pretty uncommon and usually not required, in favour of SLAAC auto-configuration via router advertisements. Try to configure your router to send these instead or in addition to DHCPv6. I’m currently not 100% sure, but I think for the system to request DHCPv6, you need an additional interface block in /etc/network/interfaces with “inet6” instead of “inet”.
Even if there was an IPv6 assigned, which in your case is not evident from the output, you’d still need to NAT6 the private IPv6 of the WG to the public the dietpi has from the provider. So the ip6tables cannot be empty, or you need to handle the SNAT/Masquerade with another utility.
~# ip -6 r
::1 dev lo proto kernel metric 256 pref medium
fd06::/64 dev wg0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
It this a public ipv6?
I have change some settings in my router (Fritz Box)
Heimnetz → Netzwerk → Netzwerkeinstellungen → IIPv6-Einstellungen → DHCPv6-Server im Heimnetz
[…]Geräte im Heimnetz bekommen eine IPv6-Adresse via DHCPv6 […] is now on → Devices in the home network get an IPv6 address via DHCPv6
FRITZ!Box is announced as DNS server via DHCPv6. Parts of the IPv6 network assigned by the ISP are passed on to downstream routers. Devices in the home network are assigned an IPv6 address via DHCPv6.
On my MacBook I can ping a IPv6 Adress in the network
MBP ~ % ping6 heise.de
PING6(56=40+8+8 bytes) 2001:9e8:b1aa:c00:xxxx:baf9:xxxx:xxxx --> 2a02:2e0:3fe:1001:302::
16 bytes from 2a02:2e0:3fe:1001:302::, icmp_seq=0 hlim=55 time=16.881 ms
but it doesn’t work on the Odroid C2
# ping6 heise.de
ping6: connect: Das Netzwerk ist nicht erreichbar
There is no default route and no GUA address assigned indeed. So it seems when DHCPv6 is enabled, the Fritz!Box does not send any router advertisement for SLAAC auto-configuration anymore. Do you need DHCPv6 for a specific reason? Else I suggest to disable it. It is pretty uncommon to use DHCPv6 but leave IPv6 auto-configured via SLAAC. If you require DHCPv6, and there is no way to have the Fritz!Box sending RAs regardless, then you’d need to add a specific IPv6 entry for the interface, e.g.: