Wireguard-go VPN Server on MrVM NAT VPS: ip6tables can't POSTROUTING nat table
Hi,
I tried to enable ipv6 support on wireguard-go vpn server but when I tried to apply
ip6tables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
i get this return
ip6tables v1.6.2: can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
Seems like iptables version is too old or i got to upgrade the kernel to solve it. But upgrade the kernel must be from the server side.
OS version: Debian GNU/Linux bullseye/sid
Kernel : Linux 2.6.32-042stab136.1
Comments
Tried this?
https://talk.lowendspirit.com/discussion/comment/26391/#Comment_26391
https://clients.mrvm.net
I tried, but didn't work because its from debian 9 template and didnt completely upgraded to bullseye version (stuck at old kernel version).
I can only upgrade application that didn't require specific new kernel version. even iptables can't be upgraded without getting the kernel upgraded
I guess it was your ticket I answered a couple of minutes ago.
https://clients.mrvm.net
that's true. I thought maybe I could hear other's experience on this problem and way to solve it
I also tried Nyr's & angristan's openvpn script but neither worked.
on Nyr's version can't detect the debian version (because bullseye version didn't have number in it) and angristan's version it tried to upgrade some app and lib that need specific newer kernel, so getting error.
I'll try clean install again and stay at deb 9 to see if it works.
The script @Nyr made has worked on OVZ6 in the past. And should do so now as well.
There were many from the old forum who used the script to get their openvpn up and running.
https://clients.mrvm.net
i have the sad> @antibomb said:
I had the same problem too on i-83 VPS. I have Kernal ver 2.6.32-042stab142.1 and IPv6 gave error & didn't work, Only IPv4 is working
My OpenVPN installer will work on Debian 9, not a problem at all. But it will refuse to work on testing distributions like Debian 11. You shouldn't be upgrading your OVZ template like that anyway.
With that said, your kernel is very old, has reached its EOL and it is possible that it does not support IPv6 NAT. OVZ6 is EOL and you'll probably need to do without IPv6 NAT. I'd almost confirm it, but can't find that information right now.
OpenVPN installer | WireGuard installer
As someone who is actively transitioning away from OVZ6, it is a pain to get IPv6 working and I'd probably just give up on it. It's technically possible but as I recall requires changes on the host node which nobody's going to do for a $3/yr service.
My pronouns are asshole/asshole/asshole. I will give you the same courtesy.
Do you need to use IPv6 NAT? Can't you instead add more global IPv6 addresses to the VPS, and assigned them to your peers. (The addresses also have to be removed from /etc/network/interfaces if you want to use them on the peers.) If you have a /112 with the VPS then you theoretically can use more than 60000 addresses.
If your network configuration in /etc/network/interfaces is overwritten by openvz on each boot then you can use the following workaround in /etc/network/interfaces.head:
Then configure venet0 in /etc/network/interfaces.d/01-wan or similar.