Wireguard Connecting via IPv6

[archiel]

Hi @ZebMcKayhan I was wondering if you could assist in some trouble shooting.

A couple of year back you helped me in setting up a IPv4/IPv6 setup on WireGuard. While all seemed to be well, my ISP has just moved me onto CGNAT and when I try to connect using mobile phone, the handshaking stage fails.

From WGM

E:Option ==> 3
interface: wg21 Port:11501      10.50.1.1/24                    VPN Tunnel Network      # RT-AX88U (IPv4/IPv6) Server 1
peer: xxxxxxx=      10.50.1.2/32,aa36:7ef1:2add:aa88:100::2/128             # pho21 "Device"

and where wg21-up.sh

#!/bin/sh
###############################################################################
# Example for Wg21 ipv6 = aa00:aaaa:bbbb:cccc:100::1/120
# Change to your needs but keep formatting
Wg21Prefix=aa36:7ef1:2add:aa88:: #Wg21 ULA prefix with aa instead of fd
Wg21Suffix=100::1  #Wg21 Device suffix (last 64 bits)
Wg21PrefixLength=120   #Wg21 Prefix Length (120 recommended)
WanInterface=eth0
# Changing below lines should not be needed:
WanIp6Prefix=$(nvram get ipv6_prefix)     #WanIp6Prefix=2001:1111:2222:3333::
Wg21_PrefIp=${Wg21Prefix%:*}${Wg21Suffix}/${Wg21PrefixLength}      #aa00:aaaa:bbbb:cccc:100::1/120
WanWg21_PrefIp=${WanIp6Prefix%:*}${Wg21Suffix}/${Wg21PrefixLength}   #2001:1111:2222:3333:100::1/120
##Execute firewall commands: with entware iptables
#ip6tables -t nat -I POSTROUTING -s ${Wg21_PrefIp} -o ${WanInterface} -j NETMAP --to ${WanIp6Prefix}/64
#ip6tables -t nat -I PREROUTING -i ${WanInterface} -d ${WanWg21_PrefIp} -j NETMAP --to ${Wg21Prefix}/64
##Or if no NETMAP (without entware iptables)
ip6tables -t nat -I POSTROUTING -s ${Wg21_PrefIp} -o ${WanInterface} -j MASQUERADE -m comment --comment "WireGuard 'server'"
#ipv6 alias (moved from wan-event for Split WG) - REM OUT if Router only
ip -6 address add dev eth5 aa36:7ef1:2add:aa88:100::9/128
###############################################################################

Kind regards, Archie