-
-
Save renekliment/69d1d48426e5c3e62fd4b05441c65f98 to your computer and use it in GitHub Desktop.
DigitalOcean, assign public ipv6 to wireguard clients
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/sysctl.d/wireguard.conf | |
| net.ipv4.ip_forward=1 | |
| net.ipv6.conf.all.forwarding=1 | |
| net.ipv6.conf.default.forwarding=1 | |
| net.ipv6.conf.eth0.proxy_ndp=1 | |
| #/etc/wireguard/wg0.conf (DO virtual machine) | |
| [Interface] | |
| # The server interface does not actually need an ipv6. | |
| # The 2 following must be repeated for each used addres [0, 1] | |
| PostUp=ip -6 neigh add proxy 2a03:b0c0:2:f0::2c:2002 dev eth0 | |
| PostDown=ip -6 neigh del proxy 2a03:b0c0:2:f0::2c:2002 dev eth0 | |
| [Peer] | |
| # This must be one of the ips assigned by DO, | |
| # usually they assign a /124 thus only | |
| # the last 4 bits can vary for a total of 16 addresses. | |
| # Example for a vm with ip -> 2a03:b0c0:2:f0::2c:2001 | |
| AllowedIps = 10.200.200.2/32, 2a03:b0c0:2:f0::2c:2002/128 | |
| #/etc/wireguard/wg0.conf (client) | |
| [Interface] | |
| Address = 10.200.200.2/32, 2a03:b0c0:2:f0::2c:2002/64 | |
| [Peer] | |
| # ... | |
| AllowedIPs = 0.0.0.0/0, ::/0 | |
| # Refs and Resources | |
| [0] https://www.linuxquestions.org/questions/linux-networking-3/how-do-i-enable-proxy-ndp-proxy-arp-works-933174/ | |
| [1] https://manpages.debian.org/unstable/wireguard-tools/wg-quick.8.en.html | |
| [*] https://www.reddit.com/r/WireGuard/comments/egik62/give_hosts_in_a_wg_interface_a_public_ipv6_address |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment