How to setup wireguard server for ipv6

Trying to setup WG server with ipv6
automatic configuration is giving me ipv4 endpoint; is there any option to have ipv6 by default ?

if I use DDNS I also get ipv4 on client

so I manually change it to my interface ipv6 address in the client aftwerwards
It is still not working; client logs says no handshake

what could be the cause ? I notice DNS is ipv4, normal ? address is also ipv4…

Thread consolidaton:

Why is this topic marked as solved ? it is not …

I asked starlink to see if any issue on their side and apprently not; here is their answer:

We use CGNAT, so incoming ports are not available. However, we do not block any outbound ports, except for SMTP port 25 to prevent the spread of spam and SMB port 445 to prevent the spread of malware. Our router does not have administrative functions for port forwarding. However, you can use a third-party device. You have an IPv6 address, but it’s your responsibility to set it up on your end. We are unable to provide guidance. We will be closing this support request for the time being and we encourage you to contact us in a new support ticket with any other issues or questions.

So I setup on my end WG server on spitz AX
I just cannot get my WG client to connect to my WG server
I tried every ipv6 I could find but in theory it should be the interface wan ip
this impossibility to establish a simple handshake and the DDNS not reporting the correct ipv6 address makes me think there is a bug on GL side.
Can I get an answer from GL staff please

Can you ping your WAN IPv6?

Yes I can ping wan ipv6 address from my client but only if I disable VPN client on the spitz. Is this normal ? I should be able to have WG client and server running at the same time right ?

Still no handshake using wan ip endpoint and dns provided but the spitz configuration and mtu 1420.

Sounds really odd to me. GL Please let us know

So after more digging because I found the last starlink reply quite cryptic reading again I asked clearly multiple times and turns out starlink blocks EVERY incoming ports both on ipv4 AND ipv6 so game over using ipv6… only my pi will save me eventually… I guess this is why nothing is working even DDNS. All that so they can sell horribly expensive plans…
Sorry for wasting your time…
Elon Musk blows

1 Like

DDNS doesn’t need any open ports. So that’s not the reason - but DDNS will not help you anyway, so… we don’t have to look into this issue further.

if it does not need any open port then somehow it does not register the correct address as I have shown before… so I maintain something is off there.
Please GL dual VPN on spitz; just to get the finger to elon and cgnat :pray:

There’s a couple of different ways to update your ddns against a IP checking website (eg: ) but yeah… none of it matters in this particular CGNAT chaos.

Thanks, Elon.