Comment on Publicly routable IPv6 addresses behind CGNAT in home environment using Tailscale and VPS

<- View Parent
2xsaiko@discuss.tchncs.de ⁨1⁩ ⁨month⁩ ago

What they suggest sounds like setting up a bridge interface between your LAN and the VPN interface to connect the VPS with your LAN. That’s actually a good idea since it would not need you to have a separate /64 for your local network. In this case I’m pretty sure that your VPN needs to be a layer 2 VPN, i.e. transports whole ethernet frames instead of TCP/UDP only, for this to work correctly. Wireguard doesn’t do this, OpenVPN can for example.

To make the VPS a gateway, you need to configure it to forward packets between networks and then set it as your default route on the clients (with IPv6, default route is usually published using router advertisements, set up radvd service on your VPS for that). That’s pretty much it IIRC except for the firewall rules. Here’s an article that’s some cloud stuff but is also applicable to your situation: www.linode.com/…/linux-router-and-ip-forwarding/#…

source
Sort:hotnewtop