VPN Server on IPv6

Hi,
I own the GL-MT2500 and the GL-MV1000, both running the latest snapshopt firmware versions (4.2.0 & 3.216). I need to setup a VPN server using IPv6 (OpenVPN or WireGuard). I have succeeded to connect to the server only when using IPv4 locally (from my home network). I failed to connect using IPv6 (locally and remotely). I need to run the VPN server over IPv6 as I do not have a public IPv4 address (DS lite). When will both or one of them support the VPN server functionality over IPv6?

Thank you!

The MV1000 should already support IPv6.
The MT2500 is expected to provide support for IPv6 in VPN in firmware version 4.3. It should be released in April.

1 Like

Thank you for your answer! As far as MT2500 is concerned I will wait until April for 4.3, that’s OK.

For MV1000 I would like to make my VPN server run under IPv6, now if possible. However, I fail. I have enabled IPv6 (NAT6) on the router and started with OpenVPN. In the configuration file for the client generated by MV1000 I have replaced the “remote” IP address by the local IPv4 address of the router- I have imported the file onto the OpenVPN client running on my PC (router and PC in same home network) and was able to connect the PC over VPN to the OpenVPN server of MV1000. So far, so good. Later I have replaced the “remote” entry by the IPv6 address of the router and imported the new conf file into my OpenVPV client on PC. I was not able to connect to the server. Each connection attempt times out after 30 seconds.

Later I did the same execrise for WireGuard: I was able to connect the WG client (running on my mobile phone and local WiFi) to the WG server on MV1000. In the next step I have replaced the IPv4 address in “Endpoint” entry of the WG client conf file by the IPv6 address of the MV1000 and failed to connect to the WG server running on MV1000.

Bottom line: WG and OpenVPN servers are working on the MV1000 (firmware 3.216) and I can connect clients to both servers using the local IPv4 address when accessing from my home network. I cannot do this outside of my network as I do not have a public IPv4 address. This is why I need to connect using IPv6. However, I cannot connect to both servers using IPv6 address when accessing the VPN servers from local home network. Therefore, something’s wrong with the way I’m trying to connect to the VPN server(s) over IPv6 or something’s wrong with the VPN servers in IPv6 mode…
Based on the statement of yuxin.zou MV1000 should support IPv6 for VPN servers, so probably something’s wrong with my configuration files(?) Can you help me to identify my mistake(s)? I need a guideline that explains step by step how to:

  • configure the router (MV1000) to make the VPN server (OpenVPN or WireGuard) support IPv6
  • create a config file for the client to connect to my VPN server (OpenVPN or WireGuard) over IPv6.

Thank you!

Sorry, I didn’t look closely enough.
I should said that 3.216 firmware support for IPv6 when using as VPN client. It does not have support for IPv6 when using as OpenVPN server.
I’m not sure if it supports the WireGuard server. theoretically both it and the client are peers. But we haven’t tested it.

Thank you for your response.
As I do not have a public IPv4 address, my only option to reach the VPN server at home from outside/internet is to use its IPv6 address. Therefore, I am trying to setup the server in IPv6 mode. I failed for both: OpenVPN and WireGuard. Still, it works when I try to reach the servers via their (local) IPv4 addresses when running the clients in my own home network.
Can you think of an alternative option to reach my VPN server on MV1000 or MT2500 at home from the internet without having a public IPv4 address?

If you want to use VPN, you can try buying a VPS and building your own server for forwarding.
If the purpose is to access devices in LAN, you can try using AstroRelay.

When configuring my agent in AstroRelay and choosing “Router” for configuration type I do not find MT2500 in the drop down box listing the router models. Which one am I supposed to select if I want to install the agent on the MT2500?

You can try it out with the MV1000 first.
I’ll ask with the developers, I’m not sure if the arc program for the MT1300 is available for the MT2500.

Thank you for your response. I would prefer to use the MV1000 as a WireGuard client and the MT2500 as an OpenVPN server. Therefore, I am waiting for your answer about the support of the MT2500 by AstroRelay. If it is not supported, I will have to switch to MV1000 in VPN server mode.

We will update the arc program for the MT2500 in two days. Sorry, the developers are on holiday now.

Thanks! No worries, I can wait. I will check next week again.
In the meantime I’d like to clarify two questions:

  1. Is ‘arc’ the AstroRelay agent I need to install on my router to benefit from AstroRelay’s funtionality?
  2. What is this program doing? Can you describe in few words? I’d like to understand why it is necessary to run this program on my router. And how would you convince any suspicious customer that it is not spying on us and not collecting any of our data?

AstroRelay’s solution is to forward traffic through our servers to enable remote access without a public IP.
We can promise not to collect user data, but we can’t prove it. So the same goes for any solution that forwards traffic through the server. If you are unsure, the best solution is to rent a VPS and build your own VPN Server to forward your data.