Configuring IPv6 for Wireguard on pfSense

rtorres · May 27, 2024, 6:42am

Hi all!

I currently have a working IPv4 Wireguard config that I would like to add IPv6 to.

I have wasted a lot of hours researching and trying different methods but nothing comes out successful.

Another thing I have read is considering my ISP only hands out /64 I am pretty much out of luck.

I have an IPv6 address natively provided by Xfinity/Comcast which I believe is /64.

Can you please help me with getting IPv6 working? I will be adding IPv6 support to about 5 devices if possible.

Here’s more info:

WAN Interface:
IPv4 - 24.XX.XX.174
IPv6 - 2001:XXX:XXXX:XX:XXXX:XXXX:e90d:3af3

LAN Interface:
IPv4 - 172.22.1.10
IPv6 - 2601:XXX:XXXX:XXXX:XXXX:XXXX:fe00:1460 (Set to Track Interface - WAN for IPv6 Configuration Type)

PFSENSEVPN Interface:
IPv4 - 100.20.0.0/24

PFSENSEVPN Peer 1:
Allowed IPs: 100.20.0.5/32

Peer 1 Device (iPhone)
IPv4 - 100.20.0.5/24
DNS Servers - 172.22.1.10
Endpoint - dynamic.dns.net:51820
Allowed IPs - 0.0.0.0/0

Thank you in advance!

RonV42 · May 27, 2024, 11:40am

I never found a definitive article in Wireguard and IPv6. Most of the items I have been looking at is on the pfSense forums. I am surprised that Comcast is not providing a /60 which would give you the ability to do /64 subnetting for both the LAN interface and the WireGuard interface.

Another issue I found with Comcast is that DHCP V6 delivered addresses rotate just like the IPv4 and with any service that you configure in your router will break if it can’t dynamically update. So far, I don’t know of any way to dynamically update the Wireguard interface in pfSense.

With all these “gotcha’s” you may want to consider staying with IPv4 and Wireguard.