diff options
| -rw-r--r-- | vpntunnel.page | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/vpntunnel.page b/vpntunnel.page index e93619c..f24a012 100644 --- a/vpntunnel.page +++ b/vpntunnel.page @@ -72,12 +72,22 @@ if you must have ipv4 routing with NAT: ping-restart 120 Go to "Network" tab of web interface and create new "wan6" interface with the -"tun0" OpenVPN adapter selected. Set the IPv6 address to fec0::2 and the IPv6 -gateway to fec0:;1. Go to "Firewall Settings" and create a new wan6 firewall -zone. +"tun0" OpenVPN adapter selected. Set the IPv6 address to fec0::2/64 and the IPv6 +gateway to fec0::1 (also, if not already specified, use static address config +and disable router advertisements (RA)). go to the firewall tab of "wan6" +settings and add the wan6 interface to the "wan" firewall zone. edit the "lan" +interface and add the ::1 address for the delegated /64 as the IPv6 address +(you don't need to set a gateway). --> static config --> don't sent RA +to *allow* inbound ipv6, create a new "wan6" zone, move the wan6 interface into +it, and create an allow firewall rule from wan6 -> lan. + +## Devices + +Linux machines will want to ensure that: + + net.ipv6.conf.all.use_tempaddr = 2 + net.ipv6.conf.default.use_tempaddr = 2 ## References |