diff options
authorbnewbold <>2012-11-16 03:36:35 +0100
committerbnewbold <>2012-11-16 03:36:35 +0100
commit08b174f09d29fa283ce4046577b1c13a9719fa0c (patch)
parentc4391ddb9afe622a5b8ad4efc62dfdd3b5e301a7 (diff)
fixed ipv6 vpn tunnel directions
1 files changed, 15 insertions, 5 deletions
diff --git a/ b/
index e93619c..f24a012 100644
--- a/
+++ b/
@@ -72,12 +72,22 @@ if you must have ipv4 routing with NAT:
ping-restart 120
Go to "Network" tab of web interface and create new "wan6" interface with the
-"tun0" OpenVPN adapter selected. Set the IPv6 address to fec0::2 and the IPv6
-gateway to fec0:;1. Go to "Firewall Settings" and create a new wan6 firewall
+"tun0" OpenVPN adapter selected. Set the IPv6 address to fec0::2/64 and the IPv6
+gateway to fec0::1 (also, if not already specified, use static address config
+and disable router advertisements (RA)). go to the firewall tab of "wan6"
+settings and add the wan6 interface to the "wan" firewall zone. edit the "lan"
+interface and add the ::1 address for the delegated /64 as the IPv6 address
+(you don't need to set a gateway).
--> static config
--> don't sent RA
+to *allow* inbound ipv6, create a new "wan6" zone, move the wan6 interface into
+it, and create an allow firewall rule from wan6 -> lan.
+## Devices
+Linux machines will want to ensure that:
+ net.ipv6.conf.all.use_tempaddr = 2
+ net.ipv6.conf.default.use_tempaddr = 2
## References