Question
Route IPv6 through DigitalOcean VPN Server
I set up a Server, which will I use mostly as “US” gateway ;)
On Server Side, I have two interfaces. eth0 & tapsoft.
eth0 has the given IPv6 address 2604:[…]:8001.
I set manual to tapsoft the address: 2604:[…]:8002.
I also set manual the client-IP to 2604:[…]:8003.
The VPN is Layer2 based and I can ping 2604:[…]:8002 from my client, but ether 2604:[…]:8001 or any public ipv6 addresslike google (tried 8001 and 8002 as gateway)
I have enabled “net.ipv6.conf.all.forwarding=1” in sysctl.conf.
I think the problem is the “step” from the tap-device to eth0. For IPv4 I use iptables and SNAT. But I don’t want to nat ipv6, if I have enough addresses. (and yes, 16 addresses are enough for me^^)
Any Ideas or even better: solutions? Thanks
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
+1 desperate to figure this out, too! i can’t even seem to ping my tap (8002) interface from outside. it is definitely an issue “bridging” the ipv6 traffic that only seems to want to hit eth0!
+1 got the same problem. Any solutions yet? Maybe one has to set a route?
Sounds familiar. I think the problem is that your VPN segment is not bridged with eth0 for NDP to work (which is good and I do not recommend to do such bridging). To overcome that you have to configure NDP proxy for all IPv6 addresses that are used in the VPN segment:
# ip -6 neigh add proxy 2a03:b0c0:2::xxxx dev eth0
with xxxx going from 8002 to 800f, 14 commands total. Update the prefix to suit your assignment.