Comment on Publicly routable IPv6 addresses behind CGNAT in home environment using Tailscale and VPS
Natanael@slrpnk.net 5 weeks ago
You need to set up a publicly accessible device (in this case the VPS) as your IPv6 gateway
So you set up your VPN connecting your network to the VPS (should probably be set up from the router) and set your router to advertise an IP adress for the VPS which is routable from your local network as the gateway address
(note, I have not set up this stuff myself so I can’t help with implementation details)
hempster@lemm.ee 5 weeks ago
How do I make the VPS as a gateway device? I see that I can do a static route, but IPv6 gateway is not I’m unable to understand
oshu@lemmy.world 5 weeks ago
I don’t think you can do this with routing because IPv6 doesn’t support splitting a /64 into subnets. Might work via virtual bridging over a vpn link. I don’t think tailscale supports layer 2 tunneling so you would need to use something else.
2xsaiko@discuss.tchncs.de 5 weeks ago
What they suggest sounds like setting up a bridge interface between your LAN and the VPN interface to connect the VPS with your LAN. That’s actually a good idea since it would not need you to have a separate /64 for your local network. In this case I’m pretty sure that your VPN needs to be a layer 2 VPN, i.e. transports whole ethernet frames instead of TCP/UDP only, for this to work correctly. Wireguard doesn’t do this, OpenVPN can for example.
To make the VPS a gateway, you need to configure it to forward packets between networks and then set it as your default route on the clients (with IPv6, default route is usually published using router advertisements, set up radvd service on your VPS for that). That’s pretty much it IIRC except for the firewall rules. Here’s an article that’s some cloud stuff but is also applicable to your situation: www.linode.com/…/linux-router-and-ip-forwarding/#…