From 08b174f09d29fa283ce4046577b1c13a9719fa0c Mon Sep 17 00:00:00 2001
From: bnewbold <bnewbold@robocracy.org>
Date: Fri, 16 Nov 2012 03:36:35 +0100
Subject: fixed ipv6 vpn tunnel directions

---
 vpntunnel.page | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/vpntunnel.page b/vpntunnel.page
index e93619c..f24a012 100644
--- a/vpntunnel.page
+++ b/vpntunnel.page
@@ -72,12 +72,22 @@ if you must have ipv4 routing with NAT:
     ping-restart 120
 
 Go to "Network" tab of web interface and create new "wan6" interface with the
-"tun0" OpenVPN adapter selected. Set the IPv6 address to fec0::2 and the IPv6
-gateway to fec0:;1. Go to "Firewall Settings" and create a new wan6 firewall
-zone.
+"tun0" OpenVPN adapter selected. Set the IPv6 address to fec0::2/64 and the IPv6
+gateway to fec0::1 (also, if not already specified, use static address config
+and disable router advertisements (RA)). go to the firewall tab of "wan6"
+settings and add the wan6 interface to the "wan" firewall zone. edit the "lan"
+interface and add the ::1 address for the delegated /64 as the IPv6 address
+(you don't need to set a gateway).
 
--> static config
--> don't sent RA
+to *allow* inbound ipv6, create a new "wan6" zone, move the wan6 interface into
+it, and create an allow firewall rule from wan6 -> lan. 
+
+## Devices
+
+Linux machines will want to ensure that:
+
+    net.ipv6.conf.all.use_tempaddr = 2
+    net.ipv6.conf.default.use_tempaddr = 2
 
 ## References
 
-- 
cgit v1.2.3