IPv6 connectivity through VPS

smort · January 31, 2023, 12:01pm

My current ISP does not support IPv6. I have a VPS in which I have installed routerOS CHR, the VPS has a single external IPv4 address and the VPS provider also provides a routed IPv6 /48 subnet (but seems to have no DHCP server). My home router is RB4011 and I want to tunnel IPv6 through wireguard (or similar) to the VPS so all IPv6 connections goes through the VPS CHR router and to the internet. Can someone help push me in the right direction on how to implement this? I am very familiar with wireguard and IPv4 but I have never touched IPv6 before.

What I think I want to achieve is a dual-stack on the home network where the local devices get both an IPv4 and IPv6 address (dhcp from the /48 subnet?) and that IPv4 traffic is routed through my home ISP (RB4011) and IPv6 traffic routed through the VPS.

ConradPino · January 31, 2023, 12:40pm

Wireguard or VPN don’t add much value as IPv6 traffic is in the clear past VPS instance.
The easy way is a 6in4 tunnel between local and VPS instance.
Consider free IPv6 tunnel (6in4) service for no added cost.

smort · January 31, 2023, 1:02pm

Thanks will a 6in4 tunnel work if my home router is behind NAT and doesn’t have a public IP?

own3r1138 · January 31, 2023, 1:11pm

You can use DDNS (IP/cloud) or a script to update a record in thirty-party providers like Cloudflare.
Also, you can get an IPv6 at https://ipv6.he.net/. It will use the same 6-to4 tunnel. Additionally, native IPv6 connectivity is available for both direct connections.

baragoon · January 31, 2023, 4:15pm

My current ISP does not support IPv6. I have a VPS in which I have installed routerOS CHR, the VPS has a single external IPv4 address and the VPS provider also provides a routed IPv6 /48 subnet (but seems to have no DHCP server). My home router is RB4011 and I want to tunnel IPv6 through wireguard (or similar) to the VPS so all IPv6 connections goes through the VPS CHR router and to the internet. Can someone help push me in the right direction on how to implement this? I am very familiar with wireguard and IPv4 but I have never touched IPv6 before.

What I think I want to achieve is a dual-stack on the home network where the local devices get both an IPv4 and IPv6 address (dhcp from the /48 subnet?) and that IPv4 traffic is routed through my home ISP (RB4011) and IPv6 traffic routed through the VPS.

what VPS provider are you using?
I think you can add /64 (from your /48) to your CHR interface ant tick “Advertise” for this address. Connect your CHR and home router with wireguard and create EOIP tunnel for L2 interconnect and your home clients should get ipv6 from your CHR.

ConradPino · January 31, 2023, 5:59pm

Happy many years with Hurricane Electric https://www.tunnelbroker.net/ which has REST API to update changed public IPv4 NAT address.
Find your public IPv4 endpoint for 6in4 tunnel with http://checkip.dyndns.org/ to setup initial connection then user REST API as needed.

smort · January 31, 2023, 6:03pm

My current ISP does not support IPv6. I have a VPS in which I have installed routerOS CHR, the VPS has a single external IPv4 address and the VPS provider also provides a routed IPv6 /48 subnet (but seems to have no DHCP server). My home router is RB4011 and I want to tunnel IPv6 through wireguard (or similar) to the VPS so all IPv6 connections goes through the VPS CHR router and to the internet. Can someone help push me in the right direction on how to implement this? I am very familiar with wireguard and IPv4 but I have never touched IPv6 before.

What I think I want to achieve is a dual-stack on the home network where the local devices get both an IPv4 and IPv6 address (dhcp from the /48 subnet?) and that IPv4 traffic is routed through my home ISP (RB4011) and IPv6 traffic routed through the VPS.

what VPS provider are you using?
I think you can add /64 (from your /48) to your CHR interface ant tick "Advertise" for this address. Connect your CHR and home router with wireguard and create EOIP tunnel for L2 interconnect and your home clients should get ipv6 from your CHR.

I am using Terrahost. Thanks I'll try over wireguard and EOIP. Do I need to configure additional routing for my home router or will IPv6 packets from my home network be routed automatically to internet through the CHR?

smort · January 31, 2023, 6:04pm

Sorry my IPv4 is behind double NAT so a dynamic DNS will not work

ConradPino · January 31, 2023, 6:40pm

Number of NAT don’t matter; all that matters is 6in4 packets (IP Protocol 41) aren’t blocked; the HE REST API keeps up with dynamic IPv4 changes.
Prefering another approach is completely understandable but NAT by itself isn’t a 6in4 killer; blocked IP Protocol 41 (6in4) is the deal killer.
Whichever remote end point is chosen, the IPv6 encapsulation over IPv4 issues will be very similar across all remote options.
Best wishes.

baragoon · January 31, 2023, 11:27pm

I think something like this
dst-address=::/0 gateway=wg-interface
should to the trick

ConradPino · February 1, 2023, 1:16am

Some devices won’t accept “::/0” as default gateway destination; if so, the public IPv6 address space is covered by “2000::/3” destination.