Wireguard nodes (*.gateway.6pn.dev) unaccessible from IPv6 only


I’m unable to reach any wireguard node (*.gateway.6pn.dev) from a host that only have IPv6 connectivity (no IPv4 available on the host).

I find it odd that fly supports IPv6 in general (internal network and public apps) but not on their wireguard node.

Is that expected? Is there any support planned in the future for supporting IPv6 on the wireguard nodes?

Thank you in advance for your reply.

This looks wrong - our gateways should definitely support public IPv6. Seems like the only thing missing here is AAAA records. I’ll get those added to *.gateway.6pn.dev.

Thank you @lillian! Please ping me when you have added the AAAA records. Thanks

They should be added now.

1 Like

The IPv6-only system perhaps doesn’t implement DNS64/NAT64 or 464Xlat? It should. Case in point, ipv6test.google.com famously does not have AAAA records.

1 Like

My server is hosted at a provider that allow to save some money by not having an IPv4 address and there is no NAT64, just plain ipv6 only. Everything works fine for my needs, it’s just a couple of services running.

@lillian Thank you, I’m able to now reach the gateway using ipv6.

1 Like

I get that for ingress, but this is egress out to IPv4. Perhaps cheekily point out to the infra provider that ipv6test.google.com is unreachable :wink:

To be transparent, it’s scaleway. They are not the only one to do that, hetzner do the same.

You can remove the IPv4 address, but you get no IPv4 connectivity after that, no NAT64 available.

On this server when I rarely need IPv4 egress I configure some servers from here: https://nat64.xyz/

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

@emiliendevos this was causing issues for ipv4 clients and we’ve now switched to prefixing ipv6. on the endpoint for AAAA records.

You’ll have to manually edit your config to point at ipv6.*.gateway.6pn.dev to use IPv6 only.

1 Like