You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
I just installed Defguard for us to consider using it at our company instead of pure wireguard, unfortunately it seems Defguard doesn't seem to allow IPv6 addresses for the gateway subnet, endpoint, nor for DNS - which renders Defguard useless for our company as our existing Wireguard VPN network is almost exclusively IPv6-only. Defguard does appear to accept IPv6 subnets in the Allowed IPs section but that's not very useful when the VPN has no IPv6 address or subnet
More and more companies (including my own) are using IPv6 especially for their internal networks such as VPNs to conserve IPv4 addresses, so it's important for Defguard to have at least basic IPv6 support
Describe the solution you'd like
It would be great if Defguard could add support for IPv6 addresses / subnets ideally alongside IPv4 - for example:
it should be possible to enter 10.1.2.1/24,2a07:e01::1/48 in the "Gateway VPN IP address and netmask" box so that the VPN has both IPv4 and IPv6 addresses
ideally Defguard should be able to automatically provision either /128's, /64's, or /48's from the IPv6 subnet provided (user should have control over the subnet size it hands out) - but static addressing would be a good start
it should be possible to enter IPv6 DNS servers e.g. 2a07:e00::333 - preferably allow for multiple DNS servers with mixing and matching IPv4 and IPv6 DNS servers
it should be possible to enter an IPv6 endpoint e.g. 2a07:e01::1
Settings which involve connecting to external services such as SMTP configuration, LDAP, etc. should support IPv6 addresses - currently SMTP configuration complains "enter a valid endpoint" if I enter an IPv6 address
Documentation will likely need to explain that a routed subnet is required for full IPv6 connectivity (which should be firewalled with iptables FORWARD rules on the VPN endpoint), unless they use a private subnet with NAT for outside connectivity
All of the above is supported with native Wireguard, so it's purely Defguard itself which requires updating to support IPv6
Additional context
Screenshots showing Defguard v1.0.0 rejecting IPv6 addresses/subnets on the "Edit Location" screen:
The text was updated successfully, but these errors were encountered:
@Someguy123 you are right! in the middle of the 1.0 release battle, testing multiple components we forgot about the frontend changes for IPv6.
We did introduce full IPv6 for client and server - we just need to change the input frontend rules. We will do so In the upcoming quick fix 1.0.1 release. Sorry about that!
I test the new 1.1.0 version today,
The other boxes work fine, except the "Gateway VPN IP address and netmask" box.
If I only input ipv4 or ipv6 it works.
Is your feature request related to a problem? Please describe.
I just installed Defguard for us to consider using it at our company instead of pure wireguard, unfortunately it seems Defguard doesn't seem to allow IPv6 addresses for the gateway subnet, endpoint, nor for DNS - which renders Defguard useless for our company as our existing Wireguard VPN network is almost exclusively IPv6-only. Defguard does appear to accept IPv6 subnets in the Allowed IPs section but that's not very useful when the VPN has no IPv6 address or subnet
More and more companies (including my own) are using IPv6 especially for their internal networks such as VPNs to conserve IPv4 addresses, so it's important for Defguard to have at least basic IPv6 support
Describe the solution you'd like
It would be great if Defguard could add support for IPv6 addresses / subnets ideally alongside IPv4 - for example:
10.1.2.1/24,2a07:e01::1/48
in the "Gateway VPN IP address and netmask" box so that the VPN has both IPv4 and IPv6 addresses2a07:e00::333
- preferably allow for multiple DNS servers with mixing and matching IPv4 and IPv6 DNS servers2a07:e01::1
All of the above is supported with native Wireguard, so it's purely Defguard itself which requires updating to support IPv6
Additional context
Screenshots showing Defguard v1.0.0 rejecting IPv6 addresses/subnets on the "Edit Location" screen:
The text was updated successfully, but these errors were encountered: