I have read many many posts about how you shouldn't use NAT on IPv6 at all etc. I'm posting this here to possibly save myself time figuring out the solution. I have an IPv6 /64 block from my provider and I have to manually assign IPs, OVH does not do RAs. I'm using a virtual pfSense as the router on a VMware dvswitch. I have wireguard with the client/peer having the public IP, this IP is assigned to WAN as an alias (VIP).
I see the traffic come out of Wireguard (OPT1) and onto the WAN, it goes out fine, but when it comes back in the traffic is blocked. I'm wondering if anyone has any possible ideas on what i'm doing wrong. This all works perfect with a local IPv6 on OPT1 and a local IPv6 on the Wireguard client doing outbound NAT between the local IPv6 and the public IPv6. Is this a valid case for IPv6 NAT? Should I just leave it at NAT and forget about it? I'm oldschool and so used to IPv4, and IPv6 is new territory to me as I've just disabled it in most places, now I'm trying to do things the "correct" way.
No comments:
Post a Comment