Hacker News new | past | comments | ask | show | jobs | submit login

I based my configuration on yours. You just need to add another 'Address = <IPv6>' (client and server), and add ip6tables.

The address is going to be static: I'm not aware of a way to simulate privacy extensions with Wireguard. A workaround is to assign ULAs and apply NAT.




I see, thank you. Unfortunately I don't have IPv6 on my network and don't know the IPv6 local addresses and ip6tables config, if you could give me the actual config you used I'd appreciate it, especially if it works with both IPv4 and IPv6 together.


Sure

------------------

[Interface] Address = 172.16.31.1/24 Address = 2001:__::1/64 PrivateKey = __ ListenPort = 443

[Peer] PublicKey = __ PresharedKey = __ AllowedIPs = 172.16.31.2/32, 2001:__::2/128

[Peer] PublicKey = __ PresharedKey = __ AllowedIPs = 172.16.31.3/32, 2001:__::3/128

[...]

------------------

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -A FORWARD -o %i -j ACCEPT PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -D FORWARD -o %i -j ACCEPT

------------------

[Interface] Address = 172.16.31.2/24 Address = 2001:__::2/64 PrivateKey = __ DNS = 172.16.31.1, 2001:__::1 [Peer] PublicKey = __ PresharedKey = __ AllowedIPs = 0.0.0.0/0, ::/0 Endpoint = <server_ip>:443 PersistentKeepalive = 25

------------------


This is extremely helpful, thanks!




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: