I am now trying to add IPv6 support to Wireguard and here again I can get it to work by assigning an address from the same pool...
Code: Select all
/ipv6 address add eui-64=yes from-pool=ipv6pool interface=wg-remote-access
and add 2XXX:XXXX:XXXX:cc04::2/128 as address on Android client, and it works well and I see this same address as client IP on any test site.
...the problem is this gives the Wireguard peer a static public IP which is unacceptable from a privacy/tracking pov.
I see e.g. Windows does address randomization by default, but it seems Wireguard Android client does not, or cannot because here a specific /128 address is being mandated.
How do I achieve randomization on my WG peer client?
I found some examples in my reading that suggested to assign fd00 addresses instead which can be NAT'ed, so:
Code: Select all
/interface wireguard peers add allowed-address=192.168.98.2/32,fd00:11::2/128 interface=wg-remote-access public-key=xxx
/ipv6 address add address=fd00:11::1 interface=wg-remote-access
I tried as a chancer
Code: Select all
/ipv6 firewall nat add action=masquerade chain=srcnat out-interface-list=WAN src-address=fd00:11::/64
1) am I on the right track trying to use fd00 and NAT to achieve randomization?
2) how?