Setting up VPN with IPV4 & IPV6

Hey everyone,

I struggled with getting IPV6 working on the Flint when connected to Mullvad VPN.

This evening by sheer luck, I ran into a topic that pointed me here

opkg update
opkg install kmod-ipt-nat6
cat << EOF > /etc/firewall.nat6
iptables-save --table=“nat”
| sed -e “/\s[DS]NAT\s/d”
| ip6tables-restore --table=“nat”
EOF
uci -q delete firewall.nat6
uci set firewall.nat6=“include”
uci set firewall.nat6.path=“/etc/firewall.nat6”
uci set firewall.nat6.reload=“1”
uci commit firewall
service firewall restart

By running the script posted there while connected to the VPN, IPV4 & IPV6 now both work. This will work with any VPN that supports IPV6.

The downside is, you need to run this script every time you connect to the VPN. On reconnecting the rules get overwritten by the GL-plugins.

Just thought I’d post this here, in case anyone needs it. Might also be useful to add such a script when IPV6 is enabled on the router by default @alzhao . That way we won’t have to re-run the script on every connection. (see solution).


1 Like

Can’t you enable ipv6 In the Gl.iNet Administration More Settings GUI? LuCi?

You can, and I have. But for some reason IPV6 still won’t be enabled through VPN

After you enable ipv6 did you restart the router? I may be mistaken but a restart is needed to build a ipv6 routing tables.

Yup. IPV6 works fine without VPN. With VPN it won’t work unless you run the script. Try it yourself :wink:

You need to be connected to the VPN when you run the script. If you run it before & then start the VPN, it will get overwritten.

Firewall rule maybe, but that does not explain why it resets.

Yup. Hopefully @alzhao can give some advice here :slight_smile: would be nice if IPV6 worked with supporting VPN’s out of the gate

@hilll will check this. Thanks.

1 Like

Which IPv6 mode are you using? NAT6 should work well (I used it for months on my Beryl)

Nat6. But it won’t work till the script is run. Maybe it’s just limited to the flint?:man_shrugging:

Hello,

It appears I was wrong. After rebooting with the new firewall rules, they stayed. Even when connecting to another server.

You only need to run the script once, and then reboot your modem.
I figured restarting the firewall was enough, but it looks like a full reboot is required😄

hello, enable IPV6 mode NAT6, you use the VPN wireguard IPV6 ok, have you test the openvpn ipv6 connect ?

Yup. Always used NAT6.

I only use Wireguard on my modem. OpenVPN is too slow.

IPV6 with VPN has never worked for me on my flint, not after resetting either. It only started working after I ran the script.

Update: This no longer appears appears to work. I created a topic asking for help here: How to properly setup IPV6 with a VPN?