I’ve set up subnet routing via Tailscale from my Oracle VPS to my home RPi4. The VPS has a static IPv4 and a /64 IPv6 allocation. I use the VPS to reverse traffic apps on the raspberry using nginx. I would like to take one step forward by tunneling v6 traffic from my home network to WAN, so every client gets its own IPv6 address. What’s the best way to tunnel IPv6 traffic from my home network through the RPi4 to the Oracle VPS? I’m also comfortable with messing up my Asus AC86U router to provide publicly routable IPv6 addresses to all clients via DHCP.

  • 2xsaiko
    link
    fedilink
    English
    arrow-up
    4
    ·
    3 months ago

    The easy way is to just use tunnelbroker.net, that is what I currently have (this would use one of their assigned net blocks, not the one from the VPS). Set it up on the Pi, set up IP forwarding with appropriate firewall rules, make the Pi serve RA so clients can assign themselves an IP, done (IIRC).

    If you want to set up the v6/v4 gateway yourself, I would do this with a /64 you can fully route to your home network like you would get with tunnelbroker.net because then you don’t have to deal with the network split and essentially two gateways for the same network (your Pi and the VPS), because otherwise your clients would assume the VPS is directly reachable since it’s in the same network when in reality it would have to go through the gateway (you would have to set up an extra route in that case on every client, I think). You’d need a second network from Oracle for this.

    But it’s pretty much the same thing I would assume plus the setup on the VPS side, make the VPN route your /64 block (or use 6in4 which is what tunnelbroker.net uses), configure IP forwarding on the Pi and the VPS between the VPN interface and local/WAN respectively.

      • 2xsaiko
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 months ago

        Hm, it doesn’t? I’m not behind CGNAT but I’m in a network I don’t control (university dorm) so my gateway is just another device in the local network and I don’t have a public IP which I control, which I feel like should effectively be the same thing as CGNAT, and it works for me. Maybe it isn’t the same.

        • hempster@lemm.eeOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 months ago

          Not sure how’s that even possible, HE usually probes your IPv4 address before assigning a GUA

          • 2xsaiko
            link
            fedilink
            English
            arrow-up
            1
            ·
            3 months ago

            I had the network before moving here (created it when I did have a public IPv4). Can’t test creating one new since it will only allow me to make one per IP.