Get an IPv6 thanks to a VPN

Despite the year we live on, some ISP still don't provide IPv6 connectivity. You still can get an IPv6 thanks to a VPN if the exit point is IPv6 ready. As example, there are openbsd.amsterdam or vultr amongst others.

We will set up a wireguard tunnel as before and add IPv6 conntectivity to the client.

Prerequisite.

This website can help to generate a private IPv6 range

On the remote server

Remember to enable ip forwarding in "/etc/sysctl.conf"

net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1

In file "/etc/hostname.wg0" to configure wireguard interface, you must specify IPv6 of VPN exit point. Here, it's "fd9c:f774:0bfa:acfc::1/64".

Each client should be able to get its own IPv6. We add a new option "wgaip" after the previous one. The configuration will look like this :

# cat /etc/hostname.wg0
inet 10.0.0.1/24
inet6 fd9c:f774:0bfa:acfc::1/64
wgkey [...snip...]
wgport 4545
# peer 1
wgpeer [...snip...] wgaip 10.0.0.2/32 wgaip fd9c:f774:0bfa:acfc::2/128
# peer 2
wgpeer [...snip...] wgaip 10.0.0.3/32 wgaip fd9c:f774:0bfa:acfc::3/128
# peer 3
wgpeer [...snip...] wgaip 10.0.0.4/32 wgaip fd9c:f774:0bfa:acfc::4/128
up

⚠ Each client's IPv6 MUSt end with "/128".

On the client wanting an IPv6 :

In "/etc/hostname.wg0", you have to add a few things:

Now, Wireguard interface on the client look like this :

# cat /etc/hostname.wg0
wgkey [...snip...]
wgpeer [...snip...] \
	wgendpoint <XX.XX.XX.XX> 4545 \
	wgaip 0.0.0.0/0 \ # <--- !
	wgaip ::0/0 \
	wgpka 25
inet 10.0.0.3/24
inet6 fd9c:f774:0bfa:acfc::3/64 # <--- !
wgrtable 1
up
!route add -inet default 10.0.0.1
!route add -inet6 default fd9c:f774:0bfa:acfc::1 # <--- !

Here you go, now you have an IPv6 on the Internet.

You can see it with the following command:

curl -6 https://ifconfig.co