====== Alternate address ====== Based on my experiments with [[prefix_delegation|IPv6 prefix delegation and subnetting]] I determined a prefix to delegate to Steve. Steve has asked for a /64 delegation like the one I would get from him. The prefix became 1011, derived in this manner: My LAN (0019) is actually subnet 0 in the first level (/56), subnet 1 in the next level (/60) and subnet 9 in the third level (/64). So the 1011 is subnet 10 (first level), 1 second level and again 1 third level. The initial 10 could also be interpreted as subnet 1 in a /52 allocation and subnet 0 in the /56 allocation giving a total of four possible subnet levels. ===== Steve's configuration using 2a06:4000:8073:1011::/64 ===== (basically excerpts from an email) i) on the VPN router ip addr add dev br-lan 2a06:4000:8073:1011::2/64 ip route add default from 2a06:4000:8073:1011::/64 dev tun2 metric 10 ===> for return traffic ii) on Ictoan ip addr add br-lan 2a06:4000:8073:1011:202:12:89:12/64 ip route add default from 2a06:4000:8073:1011::/64 via 2a06:4000:8073:1011::2 ===> for return traffic a) on Vultrgate ip route add 2a06:4000:8073:1011::/64 via tun0 ip route add 2001:44b8:5135:7c07::/64 dev wg0 Add 2001:44b8:5135:7c07::/64 to Bent's peer "allowed-ips" ===== Bent's end 2001:44b8:5135:7c07::/64 ===== ==== gate-rpi ==== The basic IP commands are: ip addr add dev eth0 2001:44b8:5135:7c07::44/64 ip route add default from 2001:44b8:5135:7c07::/64 dev wg0 metric 10 ===> for return traffic ip -6 route add 2a06:4000:8073:1011::/64 dev wg0 Two of the three commands are easily transferred to Networkd configurations files but the one with 'default from' isn't. The solution chosen was to write a systemd service file for this. The service file is listed further down. Here is the configuration file for eth0: #/etc/systemd/network/eth0.network [Match] Name=eth0 [Network] Address=192.168.19.44/24 DNS=192.168.19.5 IPForward=yes Address=2a06:4000:8073:19::44/64 Address=2001:44b8:5135:7c07::44/64 IPv6AcceptRA=yes and for the tunnel interface (wg0): #/etc/systemd/network/wg0.network [Match] Name=wg0 [Network] Address=10.8.3.2/24 IPForward=yes [Route] #Gateway=10.8.3.1 Destination=2a06:4000:8073:1011::/6 ==== Spot ==== Similarly the basic IP commands are: ip addr add dev enp2s0 2001:44b8:5135:7c07::5/64 ip route add default from 2001:44b8:5135:7c07::/64 via 2001:44b8:5135:7c07::44 metric 10 ==> return traffic The 'default from' entry is again handled by a service file. Configuration file for enp2s0: [Match] Name=enp2s0 [Network] Address=192.168.19.5/24 Gateway=192.168.19.254 Address=2a06:4000:8073:19::5/64 DHCP=no IPv6AcceptRA=yes [Address] Address=2001:44b8:5135:7c07::5/64 PreferredLifetime=0 (the PreferredLifetime=0 is there to prevent usein this address as source address for outgoing connections ==== Service script ==== #/etc/systemd/system/return-route.service [Unit] Description=Return route for IPv6 traffic After=network-online.target [Service] ExecStart=/usr/bin/ip -6 route add default from 2001:44b8:5135:7c07::/64 via 2a06:4000:8073:19::44 dev enp2s0 metric 10 ExecStop=/usr/bin/ip -6 route del default from 2001:44b8:5135:7c07::/64 via 2a06:4000:8073:19::44 dev enp2s0 metric 10 Type=oneshot RemainAfterExit=yes [Install] WantedBy=multi-user.target This is the script from Spot. The one on gate-rpi is identical except for the interface name which is eth0 on gate-rpi. It doesn't have the 'via' part either.