Currently I have it working just fine with IPv4 and IPv6 and I have setup wireguard so that clients outside my network can both access the network as well as the internet via my router. However wireguard is currently only setup to provide clients with an IPv4 private address.
I am trying to add IPv6 for the wireguard clients but I really dont know where to start. I assume that I do not want to provide a private IPv6 address but somehow provide the address through the prefix pool that my ISP provides?
Currently the prefix is allocated by my ISP via the mikrotik DHCPv6 client and it looks like I am allocated a /62 prefix.
Looking for a step by step guide to add IPv6 to the current system.
It’s a unfortunately a manual process. At least for the clients.
What I did was:
I added an IPv6 address from an unused subnet to the Wireguard interface. (It could have been assigned automatically from the Pool, but it makes little difference as the clients have to be configured manually anyway.)
I added the IPv6 address I intended to use for the peer to the “Allowed address” list for the peer
I added the IPv6 address to the client outside my network (a phone)
I added ::/0 to “allowed IPs” on the mobile client, which at least on an iPhone also causes a default route to be created.
Thanks that worked - the only thing I needed to add was a rule in my IPv6 firewall to allow the client IP address on the forward chain. Later change to just add the wireguard interface to the LAN interface list as there was a rule to drop anything not coming from LAN
On the topic of firewall, given that you want you remote client to have the same rights as hosts on your local LAN, you can simply add your wireguard interface to the LAN list:
add interface=wireguard1 list=LAN
In many situations I think this is a better solution than having many, almost identical, firewall rules.