Based on my experiments with IPv6 prefix delegation and subnetting I determined a prefix to delegate to Steve. Steve has asked for a /64 delegation like the one I would get from him. The prefix became 1011, derived in this manner: My LAN (0019) is actually subnet 0 in the first level (/56), subnet 1 in the next level (/60) and subnet 9 in the third level (/64). So the 1011 is subnet 10 (first level), 1 second level and again 1 third level. The initial 10 could also be interpreted as subnet 1 in a /52 allocation and subnet 0 in the /56 allocation giving a total of four possible subnet levels.
(basically excerpts from an email)
i) on the VPN router
ip addr add dev br-lan 2a06:4000:8073:1011::2/64 ip route add default from 2a06:4000:8073:1011::/64 dev tun2 metric 10 ===> for return traffic
ii) on Ictoan
ip addr add br-lan 2a06:4000:8073:1011:202:12:89:12/64 ip route add default from 2a06:4000:8073:1011::/64 via 2a06:4000:8073:1011::2 ===> for return traffic
a) on Vultrgate
ip route add 2a06:4000:8073:1011::/64 via tun0 ip route add 2001:44b8:5135:7c07::/64 dev wg0 Add 2001:44b8:5135:7c07::/64 to Bent's peer "allowed-ips"
The basic IP commands are:
ip addr add dev eth0 2001:44b8:5135:7c07::44/64
ip route add default from 2001:44b8:5135:7c07::/64 dev wg0 metric 10 ===> for return traffic
ip -6 route add 2a06:4000:8073:1011::/64 dev wg0
Two of the three commands are easily transferred to Networkd configurations files but the one with 'default from' isn't. The solution chosen was to write a systemd service file for this. The service file is listed further down. Here is the configuration file for eth0:
#/etc/systemd/network/eth0.network [Match] Name=eth0 [Network] Address=192.168.19.44/24 DNS=192.168.19.5 IPForward=yes Address=2a06:4000:8073:19::44/64 Address=2001:44b8:5135:7c07::44/64 IPv6AcceptRA=yes
and for the tunnel interface (wg0):
#/etc/systemd/network/wg0.network [Match] Name=wg0 [Network] Address=10.8.3.2/24 IPForward=yes [Route] #Gateway=10.8.3.1 Destination=2a06:4000:8073:1011::/6
Similarly the basic IP commands are:
ip addr add dev enp2s0 2001:44b8:5135:7c07::5/64
ip route add default from 2001:44b8:5135:7c07::/64 via 2001:44b8:5135:7c07::44 metric 10 ==> return traffic
The 'default from' entry is again handled by a service file. Configuration file for enp2s0:
[Match] Name=enp2s0 [Network] Address=192.168.19.5/24 Gateway=192.168.19.254 Address=2a06:4000:8073:19::5/64 DHCP=no IPv6AcceptRA=yes [Address] Address=2001:44b8:5135:7c07::5/64 PreferredLifetime=0
(the PreferredLifetime=0 is there to prevent usein this address as source address for outgoing connections
#/etc/systemd/system/return-route.service [Unit] Description=Return route for IPv6 traffic After=network-online.target [Service] ExecStart=/usr/bin/ip -6 route add default from 2001:44b8:5135:7c07::/64 via 2a06:4000:8073:19::44 dev enp2s0 metric 10 ExecStop=/usr/bin/ip -6 route del default from 2001:44b8:5135:7c07::/64 via 2a06:4000:8073:19::44 dev enp2s0 metric 10 Type=oneshot RemainAfterExit=yes [Install] WantedBy=multi-user.target
This is the script from Spot. The one on gate-rpi is identical except for the interface name which is eth0 on gate-rpi. It doesn't have the 'via' part either.