I’ve set up subnet routing via Tailscale from my Oracle VPS to my home RPi4. The VPS has a static IPv4 and a /64 IPv6 allocation. I use the VPS to reverse traffic apps on the raspberry using nginx. I would like to take one step forward by tunneling v6 traffic from my home network to WAN, so every client gets its own IPv6 address. What’s the best way to tunnel IPv6 traffic from my home network through the RPi4 to the Oracle VPS? I’m also comfortable with messing up my Asus AC86U router to provide publicly routable IPv6 addresses to all clients via DHCP.

  • hempster@lemm.eeOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 month ago

    How do I make the VPS as a gateway device? I see that I can do a static route, but IPv6 gateway is something im unable to understand

    • 2xsaiko@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 month ago

      What they suggest sounds like setting up a bridge interface between your LAN and the VPN interface to connect the VPS with your LAN. That’s actually a good idea since it would not need you to have a separate /64 for your local network. In this case I’m pretty sure that your VPN needs to be a layer 2 VPN, i.e. transports whole ethernet frames instead of TCP/UDP only, for this to work correctly. Wireguard doesn’t do this, OpenVPN can for example.

      To make the VPS a gateway, you need to configure it to forward packets between networks and then set it as your default route on the clients (with IPv6, default route is usually published using router advertisements, set up radvd service on your VPS for that). That’s pretty much it IIRC except for the firewall rules. Here’s an article that’s some cloud stuff but is also applicable to your situation: https://www.linode.com/docs/guides/linux-router-and-ip-forwarding/#enable-ip-forwarding

    • oshu@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 month ago

      I don’t think you can do this with routing because IPv6 doesn’t support splitting a /64 into subnets. Might work via virtual bridging over a vpn link. I don’t think tailscale supports layer 2 tunneling so you would need to use something else.