IPv6 with DigitalOcean and WireGuard

Posted on

My ISP doesn’t support IPv6 yet, I managed to have IPv6 connection by proxying through a DigitalOcean IPv6 server with WireGuard.

First, create a DigitalOcean droplet with IPv6 enabled.

According to the DigitalOcean IPv6 documentation, the subnet is /124, so it provides 16 IPv6 addresses to a droplet.

vim /etc/sysctl.conf

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

sysctl -p to load the /etc/sysctl.conf file.

Installing WireGuard according to https://www.wireguard.com/install.

On the DigitalOcean server, run

wg genkey > privatekey
wg pubkey < privatekey > publickey

On your client, also run the same commands to generate the private key and the corresponding public key (Your OS may have a WireGuard App that does it for you with clicking some buttons)

On the DigitalOcean server, create /etc/wireguard/wg0.conf with

[Interface]
Address = 10.0.0.1/24
Address = DIGITAL_OCEAN_PRIMARY_IPV6_ADDRESS/124
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -A FORWARD -o %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -D FORWARD -o %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = DIGITAL_OCEAN_WG_PRIVATE_KEY

[Peer]
PublicKey = CLIENT_WG_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32, DIGITAL_OCEAN_PRIMARY_IPV6_ADDRESS+1/128

Then run wg-quick up wg0 to start the WireGuard server.

On the client,

[Interface]
PrivateKey = CLIENT_WG_PRIVATE_KEY
Address = 10.0.0.2/24, DIGITAL_OCEAN_PRIMARY_IPV6_ADDRESS+1/124
DNS = 1.1.1.1, 1.0.0.1

[Peer]
PublicKey = DIGITAL_OCEAN_WG_PUBLIC_KEY
AllowedIPs = ::/0, 0.0.0.0/0
Endpoint = DIGITAL_OCEAN_SERVER_PUBLIC_IPv4_IP:51820

I may update this page when I understand more about IPv6 and WireGuard.

Some references: