I'm new to IPv6, this is my home network
+------------------------------------------+
| |
| Router |
| |
| |
| |
| |
| fe80::fe7c:2ff:fed5:a236 |
+------------------------------------------+
|
|
|
|
|
+----------------------------------|-----------------------------------+
| |
| |
| |
| |
| |
+------------------------------------------+ +------------------------------------------+
| wlan0 | | eth0 |
| fe80::8e70:5aff:fe62:7180/64 | | fe80::3686:d00c:4a2b:1052/64 |
| | | |
| | | |
| Laptop | | VPN Gateway |
| | | |
| | | |
+------------------------------------------+ +------------------------------------------+
My ISP doesn't give me IPv6 address, but I run VPN software on VPN Gateway, I've created these iptables rules on VPN Gateway:
iptables -t nat -A POSTROUTING -o wg_vpn -j MASQUERADE
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o wg_vpn -j ACCEPT
ip6tables -t nat -A POSTROUTING -o wg_vpn -j MASQUERADE
ip6tables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
ip6tables -A FORWARD -i eth0 -o wg_vpn -j ACCEPT
I know how to add ipv4 rule on my laptop, ip route add default via vpn_gateway_ip dev wlan0
, but it seems this doesn't work on ipv6? So how can I write the ipv6 rule?
I've already run ip -6 route add default via fe80::3686:d00c:4a2b:1052 dev wlan0
, but ping -6 www.google.com
will return From _gateway (fe80::3686:d00c:4a2b:1052%wlan0) icmp_seq=1 Destination unreachable: Beyond scope of source address
.
ping fe80::3686:d00c:4a2b:1052
also has no response, but ping -I wlan0 fe80::3686:d00c:4a2b:1052
will return correct response.
I don't want the IPv6 address from ISP, I want all my network traffic go through VPN.