[Berlin-wireless] IPv6 support with wireguard (was Re: Issues with Firmware for GL-AR300M)

[Nick]

On 5/9/21 7:37 AM, xetrov wrote:
> On 08/05/2021 23:49, Nick wrote:
>> [...] Currently, tunneldigger is not supported, however, we will soon
>> support IPv6 with wireguard.
> Is there a forum or wiki with developing notes for this?
>
> I have questions ... ;)
>
> - which IPv6 allocation are the range(s) coming from?

We are now our own AS: AS-FREIFUNK-BERLIN (44194)
They are already given out if you use the config wizard. However, 
currently we have some issues with RPKI

> - how are the IPv6 addresses assigned?

Depending on the district of Berlin we give out "::/56".

> - is the wireguard topology hub and spoke, or ...?

On each gateway we except wireguard tunnels. I'm not sure about this hub 
and spoke topology. Per incoming connection request, we create a 
wireguard tunnel interface.

> - are predictable or static IPv6 addresses given out to hosts to run
> globally accessible services?
You have a global accessible "/56" Prefix. However, a firewall is 
running on the gateway. You need to configure it. We already have 
solutions for it (and working on better ones).

Bests,
Nick