Wireguard VPN between 2degrees and Spark?

Forums › 2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus) › Wireguard VPN between 2degrees and Spark?

ClockWatcher

12 posts

Geek

#317496 22-Oct-2024 10:48

Hi all, I'm trying to set up a wireguard vpn between 2degrees and Spark broadband connections, is it possible? The 2degrees fritzbox (running wireguard natively) does not show/have a wan ipv4 address, only ipv6. I can connect to it via wg just fine using my Starlink connection (ipv6 and cgnat v4), a whatismyip search then shows 161.xxx.xxx.xxx 2degrees as my ipv4 address with no ipv6 address at the starlink end instead of the usual starlink cgnat ipv4.

The main issue I've run into is that Spark does not support ipv6 at all so cannot connect. Is there a way around this? I would use something like tailscale as I do to connect from starlink to spark, but there are no permanently on/online devices at the 2degrees connection location so really need to be able to use the built in wireguard support on the fritzbox.

Edit: The UI in the Fritzbox looks like this permanently - https://www.geekzone.co.nz/forums.asp?forumid=81&topicid=302049

Not sure if that is intentional/normal?

nzkc

1634 posts

Uber Geek
+1 received by user: 1041

#3299815 22-Oct-2024 11:07

At a guess... you're behind CGNAT. And since Spark don't (yet officially) support IPv6 you're probably a bit stuck. Options are to get a static IPv4 through 2 degrees or find some IPv6 to 4 tunnel I suppose.

Edit: Maybe it would depend on who initiates and responds to the VPN... I'd try _from_ 2degress _to_ Spark.

ClockWatcher

12 posts

Geek

#3299823 22-Oct-2024 11:34

nzkc:

At a guess... you're behind CGNAT. And since Spark don't (yet officially) support IPv6 you're probably a bit stuck. Options are to get a static IPv4 through 2 degrees or find some IPv6 to 4 tunnel I suppose.

Edit: Maybe it would depend on who initiates and responds to the VPN... I'd try _from_ 2degress _to_ Spark.

Yes I'd say that cgnat is a given. That is a good point, outbound from 2degrees end to Spark should work fine as spark has public ipv4 without cgnat. If I set up a wg server at the Spark end and connect to it will I still be able to use the 2degrees side as the endpoint? I'm not too experienced with this.

nzkc

1634 posts

Uber Geek
+1 received by user: 1041

#3299825 22-Oct-2024 11:47

Sorry, not familiar with the Fritzbox Wireguard implementation - so I dont know. I'd try it though!

ClockWatcher

12 posts

Geek

#3299826 22-Oct-2024 11:49

nzkc:

Sorry, not familiar with the Fritzbox Wireguard implementation - so I dont know. I'd try it though!

I'll give it a crack, thanks for pointing me in what might just be the right direction, I hadn't thought of going the other way, got caught up on the fritzbox/wg end.

nztim

4013 posts

Uber Geek
+1 received by user: 2710

ID Verified

Trusted

TEAMnetwork

Subscriber

#3299828 22-Oct-2024 11:54

pay for public ipv4 on 2degrees

Any views expressed on these forums are my own and don't necessarily reflect those of my employer.

ClockWatcher

12 posts

Geek

#3299831 22-Oct-2024 11:59

nztim:

pay for public ipv4 on 2degrees

I had thought of that, but paying for 3 different connections already (not including mobile) it's getting expensive enough as is so was hoping for a free solution.

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

nztim

4013 posts

Uber Geek
+1 received by user: 2710

ID Verified

Trusted

TEAMnetwork

Subscriber

#3299843 22-Oct-2024 12:27

ClockWatcher:

I had thought of that, but paying for 3 different connections already (not including mobile) it's getting expensive enough as is so was hoping for a free solution.

Is the spark end static?

Any views expressed on these forums are my own and don't necessarily reflect those of my employer.

ClockWatcher

12 posts

Geek

#3299844 22-Oct-2024 12:30

nztim:
ClockWatcher:

I had thought of that, but paying for 3 different connections already (not including mobile) it's getting expensive enough as is so was hoping for a free solution.

Is the spark end static?

No it is not, I currently run tailscale between it and starlink so it hasn't been an issue, prior to that I just used duckdns to grab the ip if it changed.

KiwiSurfer

1722 posts

Uber Geek
+1 received by user: 993

ID Verified

Lifetime subscriber

#3299856 22-Oct-2024 13:22

nztim:

ClockWatcher:

I had thought of that, but paying for 3 different connections already (not including mobile) it's getting expensive enough as is so was hoping for a free solution.

Is the spark end static?

May not be a biggie if it's fairly sticky and it's easy for OP to update whenever it changes (or use a dynamic DNS utility). When I was with Vocus I had the same "dynamic" IP for many months if not years.

nztim

4013 posts

Uber Geek
+1 received by user: 2710

ID Verified

Trusted

TEAMnetwork

Subscriber

#3299866 22-Oct-2024 13:52

if one end is static (or has ddns running this is fine)

Just make sure the 2degrees end behind cg-nat is the initiator

Any views expressed on these forums are my own and don't necessarily reflect those of my employer.

ClockWatcher

12 posts

Geek

#3300443 23-Oct-2024 11:27

nztim:

if one end is static (or has ddns running this is fine)

Just make sure the 2degrees end behind cg-nat is the initiator

Brilliant, I will give this a go. Thanks a bunch