Link Search Menu Expand Document

Generate Private IPv6 for the VM

Table of contents

IPv4 & IPv6

10.0.0.0 to 10.255.255.255 (10/8 prefix)
172.16.0.0 to 172.31.255.255 (172.16/12 prefix)
192.168.0.0 to 192.168.255.255 (192.168/16 prefix)
  • WireGuard with IPv6 will require you to generate a unique local IPv6 unicast address prefix based on the algorithm in RFC 4193.
date +%s%N 
    # this command is combining %s - current date, %N - since 1970-01-01 00:00:00
    # Example: 1628101352127592197
cat /var/lib/dbus/machine-id
    # output `machine-id`, example: 20086c25853947c7aeee2ca1ea849d7d
printf 162810135212759219720086c25853947c7aeee2ca1ea849d7d | sha1sum
    # using SHA-1 algorithm to combine timestamp + machine-id 
    # printf <timestamp><machine-id> | sha1sum
    # output example: 4f267c51857d6dc93a0bca107bca2f0d86fac3bc  -
    # take the first 4 characters: `4f` + `26`
printf 4f267c51857d6dc93a0bca107bca2f0d86fac3bc | cut -c 31-
    # -c argument tells the cut command to select only a specified set of characters. The 31- argument tells cut to print all the characters from position 31 to the end of the input line.
    # output: 0d86fac3bc, break it to 0d + 86 + fa + c3 + bc
  • After you get the 0d + 86 + fa + c3 + bc, construct the unique IPv6 network prefix by appending 5 bytes you generated with fd prefix (other prefix used is fc)
  • Using : to separate 4 characters, then ::, plus simplicity standard size of /64
fd0d:86fa:c3bc::/64
  • To allocate an IP for the server, add a 1 after the final :: characters. The resulting address will be fd0d:86fa:c3bc::1/64. Peers can use any IP in the range, but typically you’ll increment the value by one each time you add a peer e.g. fd0d:86fa:c3bc::2/64.