Wireguard-go VPN Server on MrVM NAT VPS: ip6tables can't POSTROUTING nat table

Hi,
I tried to enable ipv6 support on wireguard-go vpn server but when I tried to apply

ip6tables -t nat -A POSTROUTING -o venet0 -j MASQUERADE

i get this return

ip6tables v1.6.2: can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.

Seems like iptables version is too old or i got to upgrade the kernel to solve it. But upgrade the kernel must be from the server side.

OS version: Debian GNU/Linux bullseye/sid
Kernel : Linux 2.6.32-042stab136.1

Comments

  • edited May 2020

    I tried, but didn't work because its from debian 9 template and didnt completely upgraded to bullseye version (stuck at old kernel version).
    I can only upgrade application that didn't require specific new kernel version. even iptables can't be upgraded without getting the kernel upgraded

  • mikhomikho AdministratorHosting ProviderOG

    I guess it was your ticket I answered a couple of minutes ago.

  • @mikho said:
    I guess it was your ticket I answered a couple of minutes ago.

    that's true. I thought maybe I could hear other's experience on this problem and way to solve it

    I also tried Nyr's & angristan's openvpn script but neither worked.
    on Nyr's version can't detect the debian version (because bullseye version didn't have number in it) and angristan's version it tried to upgrade some app and lib that need specific newer kernel, so getting error.
    I'll try clean install again and stay at deb 9 to see if it works.

  • mikhomikho AdministratorHosting ProviderOG

    The script @Nyr made has worked on OVZ6 in the past. And should do so now as well.

    There were many from the old forum who used the script to get their openvpn up and running.

    Thanked by (1)antibomb
  • i have the sad> @antibomb said:

    Hi,
    I tried to enable ipv6 support on wireguard-go vpn server but when I tried to apply

    ip6tables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
    

    i get this return

    ip6tables v1.6.2: can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
    Perhaps ip6tables or your kernel needs to be upgraded.
    

    Seems like iptables version is too old or i got to upgrade the kernel to solve it. But upgrade the kernel must be from the server side.

    OS version: Debian GNU/Linux bullseye/sid
    Kernel : Linux 2.6.32-042stab136.1

    I had the same problem too on i-83 VPS. I have Kernal ver 2.6.32-042stab142.1 and IPv6 gave error & didn't work, Only IPv4 is working

    Thanked by (1)antibomb
  • NyrNyr OG
    edited May 2020

    My OpenVPN installer will work on Debian 9, not a problem at all. But it will refuse to work on testing distributions like Debian 11. You shouldn't be upgrading your OVZ template like that anyway.

    With that said, your kernel is very old, has reached its EOL and it is possible that it does not support IPv6 NAT. OVZ6 is EOL and you'll probably need to do without IPv6 NAT. I'd almost confirm it, but can't find that information right now.

    Thanked by (1)antibomb
  • WSSWSS Retired

    @Nyr said:
    My OpenVPN installer will work on Debian 9, not a problem at all. But it will refuse to work on testing distributions like Debian 11. You shouldn't be upgrading your OVZ template like that anyway.

    With that said, your kernel is very old, has reached its EOL and it is possible that it does not support IPv6 NAT. OVZ6 is EOL and you'll probably need to do without IPv6 NAT. I'd almost confirm it, but can't find that information right now.

    As someone who is actively transitioning away from OVZ6, it is a pain to get IPv6 working and I'd probably just give up on it. It's technically possible but as I recall requires changes on the host node which nobody's going to do for a $3/yr service.

    My pronouns are asshole/asshole/asshole. I will give you the same courtesy.

  • @antibomb said:
    ip6tables v1.6.2: can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
    Perhaps ip6tables or your kernel needs to be upgraded.

    Do you need to use IPv6 NAT? Can't you instead add more global IPv6 addresses to the VPS, and assigned them to your peers. (The addresses also have to be removed from /etc/network/interfaces if you want to use them on the peers.) If you have a /112 with the VPS then you theoretically can use more than 60000 addresses.

    If your network configuration in /etc/network/interfaces is overwritten by openvz on each boot then you can use the following workaround in /etc/network/interfaces.head:

    # cat /etc/network/interfaces.head
    source /etc/network/interfaces.d/*
    

    Then configure venet0 in /etc/network/interfaces.d/01-wan or similar.

Sign In or Register to comment.