I understand that the 6in4 support is for sit tunnels - which is mainly used by people who don't have native IPv6 support from their providers, such as with the HE tunnel-broker.
However, I have a different use-case - I already have native IPv6 support, but i need to set up a sit tunnel for a completely other purpose: routing to a private ipv6 network over an ipv4-only transit network. This transit network itself is reached through an openVPN tunnel (on my openwrt router, interface "tun0"). The joys of tunnels-in-tunnels
But I notice however that the 6in4 support seems to always add an ip-route for the peer address over the default egress IP, and this breaks my openvpn tunnel (my peer is reachable via the tun, but now i have a route via my default egress ipv4 address)..
Any objections if i create a pull-request to add the needed support for this extra config parameter (mainly for my albeit, not-very-common use-case)? cc'ing contributes in the affected file: @jow (most commits) @dedeckeh (most recent commit)
Wonderful!! It's so reaffirming to see others are also still using these "legacy" tunnel-protocols, and want to bring them up to an even level of functionality!
Yes i see it requires 6 reviewers (!!).. I've added mine, so we just need four more now.. maybe by 2025?
For some use-cases 6in4 beats Wireguard, it is perfect when lowest possible overhead is needed: it only lowers MTU by 20 bytes and doesn't waste CPU cycles on encryption, allowing to achieve gigabit line speed on potato OpenWRT routers.
6in4/GRE encapsulated in UDP would go further and allow users to run high speed tunnels behind NAT. But OpenWRT github issue on FOU tunnels is 5 years old already, not much hope for now.
oh i actually was curious if FOU was something possible on OpenWRT (beyond just setting up the tunnel up via the CLI which just requires kernel support).
But yah, that's dissappointing rate of development
Agreed re low cpu-cycles, my transit path already is over openvpn so i wanted the lowest possible overhead and hence why using something like wireguard made no sense (it would result in needless double encryption). I would probably opt for FOU if it was available even over the IPIP/SIT combination of tunnels i'm using.