How to properly setup IPV6 with a VPN?

Heyo :wave:

Any progress with making them work together?

Not much improvement. Mwan3 conflicts with many aspects. Need more time.
Will raise the priority of this issue.

1 Like

Hi @hansome thanks for the support. I have SSHed in the router and ran the commands above but not luck - still unable to use IPv6 from Wireguard installed on DigitalOcean.

Is there a place where we can follow development of the fix? Or is there a workaround somewhere?

Thanks!

@deeseert make sure to use the updated wireguard script also

Thanks @Blobbie01,

Sorry for the stupid question: how do I update the script? Is the one you uploaded, updated?

I’ve uploaded the file in the router but there was no internet connection after - even if the router was connected to the main IPS modem.

1 Like

I just did a fresh install of 4.2.1 on my Slate AXT, and IPV6 seems to work right from the start with VPN. I only enabled IPV6 & uploaded the Mullvad IPV6 manual wireguard config, and was able to successfully access the web on both IPV4 & IPV6:


Happy to see this, thanks for everyone’s help :smile: :pray:

2 Likes

I know mullvad creates config files with ipv6 settings only, I was wondering if it is possible for me to do the same from the wireguard server since my ISP has my internet service behind a nat, I’d really like to get some help as to how to do it.

Do you mean setup a wireguard server supporting IPv6? That’s under development right now.

1 Like

Amazing news, I’ll be waiting for it, thank you!

I found an issue with getting ipv6 to work over Wireguard on Flint (v4.2.3), tested on both Cloudflare WARP+ and Mullvad. It turns out that the issue is on this build /lib/netifd/proto/wgclient.sh doesn’t set the ipv6 address on the wgclient interface. I modified the script to fix this and everything just worked. I don’t know if this is a regression from previous builds as I never tried to get ipv6 working before.

1 Like

Yes, I also find that issue. It can be fixed with the command:

sed -i '/ip address add dev/a ip -6 address add dev "${interface}" "$address_v6"' /lib/netifd/proto/wgclient.sh

Is the modification the same as you?
We’re releasing a version to fix this.

1 Like

I added the following:

if [ "${address_v6}" ]; then
        ip -6 address add dev "${interface}" "$address_v6"
fi
2 Likes

There is still something not right that I need to looking into. A couple of time ipv6 has stopped working after a reboot, however switching IPv6 from NAT6 to Native and back again seems to get things working again. I need to look into what is different before and after to try and work it out. I also had tailscaled spin out of control a couple of times and consume all cpu when changing VPN’s, so I currently have that disabled.

Could you describe more about this issue?
I’ll do some tests.

Not a lot to tell, I was trying to get IPv6 working properly with wireguard VPNs (which involved a lot of starting and stopping and some messing with IPv6 routes). On several occasions the router would start running really slowly and my ssh session was painfully slow. I was eventually able to do a top and see that tailscaled was maxing out the CPU so I killed it. After it happened a couple more times I disabled the agent on my router.

I also got some ipv6 issues with Wireguard, and disabling mwan3 solves it.

However, this is something that has to be redone at each fw update.
Latest fw4.5 published today seems it’s still not fixed on it.

Thank you for pointing out, 4.4.5 does not address this issue because it still uses mwan3.
v4.5 will remove it.

1 Like

Hello @hansome,

After upgrading to 4.4.5, turned my Beryl useless, since the main usage of it was to be a mobile router connected to my Brume 2 work VPN. I’ve started a thread a few days ago: Issues connecting Beryl router to Wireguard server after firmware update to 4.4.5 - Technical Support for Routers / VPN, DNS, Leaks - GL.iNet (gl-inet.com)

Is there a expected day to make the 4.5 available?

It would be nice to have a quick fix or workaround, well documented, until 4.5 arrives.

Thanks.

I ran into another ipv6 related issue with tailscale on my MT3000 recently while using it as a repeater in a holiday apartment. With IPv6 and tailscale enabled and connected to a wireguard cloudflare WARP+ VPN I only had ipv6 connectivity and no ipv4 (confirmed using several ‘what is my ip’ sources). Disabling tailscale resolved the issue. I didn’t spend any time diagnosing the cause yet.

1 Like