Based on my experiments with IPv6 prefix delegation and subnetting I determined a prefix to delegate to Steve. Steve has asked for a /64 delegation like the one I would get from him. The prefix became 1011, derived in this manner: My LAN (0019) is actually subnet 0 in the first level (/56), subnet 1 in the next level (/60) and subnet 9 in the third level (/64). So the 1011 is subnet 10 (first level), 1 second level and again 1 third level. The initial 10 could also be interpreted as subnet 1 in a /52 allocation and subnet 0 in the /56 allocation giving a total of four possible subnet levels.

i) on the VPN router

  ip addr add dev br-lan 2a06:4000:8073:1011::2/64
  ip route add default from 2a06:4000:8073:1011::/64 dev tun2 metric 10    ===> for return traffic

ii) on Ictoan

  ip addr add br-lan 2a06:4000:8073:1011:202:12:89:12/64
  ip route add default from 2a06:4000:8073:1011::/64 via 2a06:4000:8073:1011::2  ===> for return traffic

a) on Vultrgate

  ip route add 2a06:4000:8073:1011::/64 via tun0
  ip route add 2001:44b8:5135:7c07::/64 dev wg0
  Add 2001:44b8:5135:7c07::/64 to Bent's peer "allowed-ips"

  i) on gate-rpi
    ip addr add dev eth0 2001:44b8:5135:7c07::44/64
    ip route add default from 2001:44b8:5135:7c07::/64 dev wg0  metric 10    ===> for return traffic
    ip -6 route add 2a06:4000:8073:1011::/64 dev wg0 

  ii) on Spot
    ip addr add dev enp2s0 2001:44b8:5135:7c07::5/64
    ip route add default from 2001:44b8:5135:7c07::/64 via 2001:44b8:5135:7c07::44 metric 10  ==> return traffic

IP numbers and device have been updated. Some firewall additions may be required….. Does this all seem right?????

Steve