VPN wireguard ipv4 and ipv6 (dual-stack) on OpenBSD

2021-10-21T21:07:51Z

Let's assume you followed the instructions given by solene to reach the internet through a wireguard tunnel :

Full wireguard setup with OpenBSD

You can use this tunnel using ipv6 too \o/. Actually it's quite easy since you can add multiple option to wg configuration.

network

• VPN Port used is 4545
• VPN ipv4 network is 10.0.0.0/24
• VPN ipv6 network is fd42::/64

Endpoint configuration

$ cat /etc/hostname.wg0
inet 10.0.0.1/24
inet6 fd42::1 64
wgkey changemeplease
wgport 4545

wgpeer changeme1 wgaip 10.0.0.2/32 wgaip fd42::2/64
wgpeer changeme2 wgaip 10.0.0.3/32 wgaip fd42::3/64

$ cat /etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1

Peer configuration

wgkey changemeagain
wgpeer changemeplz \
        wgendpoint xx.xx.xx.xx 4545 wgaip 0.0.0.0/0 \
        wgendpoint yyyy:yyyy:yyyy:yyyy::yyyy 4545 wgaip ::0/0 \
        wgpka 25

inet 10.0.0.3/24
inet6 fd42::3/64
wgrtable 1
up
!route add -inet default 10.0.0.1
!route add -inet6 default fd42::1

• xx.xx.xx.xx is endpoint public ipv4
• yyyy:yyyy:yyyy:yyyy::yyyy is endpoint public ipv6

Firewall

Nothing to change compared to solene's guide.

Une réaction?

Envoyez votre commentaire par mail.

Mode d'emploi de la liste de diffusion pour recevoir les réponses.