How to properly setup IPV6 with a VPN?

Hey there,

I keep running into the issue of IPV6 not working when using wireguard on the Flint AX1800.

My VPN provider is Mullvad, and they support IPV6, you can see here it’s also connected:

Without wireguard client activated, IPV6 works just fine. Once connected, it doesn’t work at all.

I’ve tried multiple things, all on a clean reset firmware:

  1. Main router in bridge mode, flint connected behind it. No luck.

  2. Main router in normal mode, DHCP set to static IPV6, no luck.

  3. Main router in normal mode, DHCP set to DHCPv6, no luck.

  4. Flint set no NAT6, no luck

  5. Flint set to Native, no luck

  6. Flint set to static, no luck.

Tried all the combo’s, IPV6 works without VPN activated. The config is valid & ipv6 works on other devices using the same config.

I hope this can be solved, because I am currently out of ideas.

cat << EOF > /etc/firewall.nat6
iptables-save --table=“nat”
| sed -e “/\s[DS]NAT\s/d”
| ip6tables-restore --table=“nat”
uci commit firewall
service firewall restart

Video: IMG_2306.MOV | Storj DCS

I’m not sure why sometimes running this script works, and other times it wont.

@hilll @alzhao could you please look into this? It’s great when it works, but very annoying having to run it every time.

Hilll is not working in GL.iNet.

@hansome will have a check.

1 Like

@hansome First off, hope you had a very merry Christmas! :slight_smile:

Was wondering when you’d have the time to look into this. Would be great to finally have fully native integrated IPV6 support for VPN😄

Thank you, I’ll look into this tomorrow.

1 Like

This is sort of complicated, I’m still doing some debugging.
By the way,

Does this have some typo, I failed to run this. Maybe write it in a code block plz.
Could you share more of you setting?

cat << EOF > /etc/firewall.nat6
iptables-save --table="nat" \
| sed -e "/\s[DS]NAT\s/d" \
| ip6tables-restore --table="nat"
uci commit firewall
service firewall restart

What settings do you need?

Just to add onto this, it’s not limited to the Flint. Ordered a Slate AXT1800 & it has the same issue with IPV6 not working when connected to the VPN.

Let me know what info you need @hansome , happy to provide whatever info u need to get it working :slight_smile:

Hi Blobbie01,

I managed to setup nat6 with mullvad wireguard client. I’m using firmware 4.2.0 beta2.
Just enable ipv6, then start mullvad, and it works!!!
This is my test result on a flint LAN client device.

After debug /etc/firewall.nat6 and I found

-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE

is the critical rule in ip6tables-save.

If your setup still not work, please copy and run following command

cd /tmp
ip6tables-save >ipt6
ip -6 rule >ipr6
ip -6 route show >>ipr6

tar cf ipt.tar ipt6 ipr6
mv ipt.tar /www/

and get debug info collection file at
then upload it for analysis.


Still didn’t work for me🤔 (22 KB)

I checked the ipv6 route table and found that there are some extra default routes added by upstream gateway.
I think lowing the wgclient route item metric will do the trick.

Uploaded modified script that changes wgclient route metric to 511, you can upload it, and restart wg client to have a check.
The script is located at: (1.3 KB)


1 Like

Still no luck, did a full restart of the modem.

Here is the latest log. Mind you, I haven’t run the script I posted on my slate AX, not sure if I was supposed to?

ipt6 (21.5 KB)

For AzireVPN I know it provides an IPv6-PD range, which you can setup as VPN6 interface (@alias of VPN-interface with static IPv6-PD range as IP-setting). Change the LAN to receive/track IPv6 range from the VPN6 interface.

Then I believe you also need IPv6 mwan3 policies setup and then you should have everything working. I do not know if Mullvad does supply 1 IPv6 or a /64?

Hi Blobbie01,

Finally, I found that mwan3 impacts wg client & ipv6.
More effort is needed to construct a suitable rule for this situation. To temporarily make it work, use changed and disable mwan3, your previous script should not be run.

/etc/init.d/mwan3 disable
uci set mwan3.globals.enabled='0'
uci commit mwan3
1 Like

In my test configuration, Mullvad supplies 1 IPv6 address to wgclient interface like: fc00:bbbb…

1 Like

Thank you very much! I’ll be trying this when I get home & let you know🙏

Works perfectly. Thank you so much!:pray:

On the GL.iNet interface it does now show “ The interface is connected, but the Internet can’t be accessed with IPv4 protocol.”, but there are no connectivity issues, internet is fully accessible on IPV6.

Thanks again, this is amazing💖

1 Like

This is indeed not good, gonna try to solve it later by making mwan3 and wg ipv6 both work, that’s kinda complicated.


Any update about this?

1 Like

Setting Multi-WAN to IPV6 makes the errors disappear.

For me it’s still working perfectly, I am using Mullvad VPN & set it to connect over IPV6, but support both protocols.