ZebMcKayhan
Very Senior Member
I don't really follow you, but if you say so.This is a big deal, being able to follow ISP-initiated WAN IP changes - it (if I understand things correctly) does away with needing to set up DDNS tunneling, and maybe even FQDNs with HTTPS certs. Possibly (and this is a stretch) get out from behind IPv4 CGNAT
You will still need your router gua as an Endpoint for your wireguard device peer.
My setup is maybee not representative. I don't have ipv6 wan at all. But I get ipv6 connection via my Wireguard internet client. So I flipped the ipv6 switch, and turned of dhcp-pd (as there is no one there that deligates any prefix). When turning this off you get to specify your lan ip yourself. Thats where I entered my private ipv6.I'm just not sure how you've accomplished making this change, where in the router GUI to find it; by selecting/configuring Native IPv6, I don't get the option: it auto-populates...I may be missing something. Is it a command line thing, why you've added scripts? (the thought occurred when reading the github that anyone with a /48 should know how to amend the scripts themselves if they've come this far) (it's not the best time of day for me to use my brain on this stuff)
I tried to use the same prefix as my wireguard client, but it didn't work. Apparently I only get a single ipv6 address (sigh) so I used ipv6 masquarading included in 386.4 and later. It works. No scripting involved other then adding the masquarading rule in wgm custom scripts.
I also setup YazFi to give another ipv6 subnet to guest wifi and masquaraded this to my other wireguard client. Also works but requires more scripting, but its all on my github.
I don't really see any advantage in running ula on lan then masquarade it if you have gua assigned but I guess if you have a dynamic ip then your internal prefix would be fixed. Better use NPT then. Whatever floats your boat.
I have never masquaraded to ipv6 wan, don't know how much Plug'nPlay it will be. Some wan only have link-local addresses so you might need dhcp-pd to get which prefix you should NPT to.
Wouldn't it be better to keep gua on lan and use double NPT to access it, so it appears as you are trying to connect to a private prefix but translated to gua lan prefix whilst also changing source prefix. Then the lan device will think this is a local package and from wg server everything appears as local prefix and on lan everything appears as global prefix. That would be neat!
Last edited: