ANSWERED Title: IPv6 not routing through AirVPN on OpenWrt (WireGuard)

[xmilenium 1]

Hi everyone,
 

I'm using AirVPN through WireGuard on my OpenWrt router (latest stable version), but I'm having trouble getting IPv6 to work properly. IPv4 traffic goes through the VPN just fine, but IPv6 traffic does not.

Here are my relevant settings and config:

// network:

config interface 'loopback'
    option device 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fdef:xxxx:xxxx::/48'
    option packet_steering '1'

config device
    option name 'br-lan'
    option type 'bridge'
    list ports 'lan1'
    list ports 'lan2'
    list ports 'lan3'
    list ports 'lan4'

config interface 'lan'
    option device 'br-lan'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'
    option ip6assign '60'

config interface 'wan'
    option device 'wan.10'
    option proto 'dhcp'
    option peerdns '0'
    list dns '1.1.1.2'

config interface 'wan6'
    option device 'wan.10'
    option proto 'dhcpv6'
    option reqaddress 'try'
    option reqprefix 'auto'
    option peerdns '0'
    list dns '2606:4700:4700::1112'

config device
    option type '8021q'
    option ifname 'wan'
    option vid '10'
    option name 'wan.10'

config interface 'vpn'
    option proto 'wireguard'
    option private_key '***REDACTED***'
    list addresses '10.x.x.x/32'
    list addresses 'fdxx:xxxx:xxxx:xxxx::xxxx/128'

config wireguard_vpn 'wgserver'
    option public_key '***REDACTED***'
    option preshared_key '***REDACTED***'
    option endpoint_host 'xxx.xxx.xxx.xxx'
    option endpoint_port '1637'
    option persistent_keepalive '15'
    option route_allowed_ips '1'
    list allowed_ips '0.0.0.0/0'
    list allowed_ips '::/0'

// firewall

config defaults
    option syn_flood '1'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'

config zone 'lan'
    option name 'lan'
    list network 'lan'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'ACCEPT'

config zone 'wan'
    option name 'wan'
    list network 'wan'
    list network 'wan6'
    list network 'vpn'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option masq '1'
    option mtu_fix '1'

config forwarding
    option src 'lan'
    option dest 'wan'

# IPv6-related firewall rules omitted for brevity but mostly default ICMPv6 & DHCPv6

 

Despite ::/0 being in the allowed_ips for the WireGuard interface, my IPv6 traffic still seems to go out through the regular WAN or not at all.

Does anyone know what I'm missing or how to properly force all IPv6 traffic through the VPN tunnel like IPv4?
 

Thanks in advance!

Edited ... by xmilenium

[DeepAnger 0]

I know I reply to an old question but I found a few related unanswered questions here before I tried to fix this (IPv6 not working). My router now runs OpenWrt 25.12.2
I did several tests before having both IPv4 and IPv6 working. Unlike with IPv4 where you have only a few changes to make (select  Route Allowed IPs on the VPN Peer and add the VPN in Covered networks with the WAN zone) there's more needed for IPv6.
I started by disabling the wan6 interface. I had to enable both DHCPv6 and SLAAC on the LAN interface to have only private IPv6 addresses. Finally a static IPv6 route to the VPN was added and IPv6 masquerading enabled.