I use my local ISP only for the physical connection to the internet, with fiber. Their modem is plugged in my OpenWrt router in the WAN interface which is configured as a DHCP client and receives a private IPv4. Connection to the internet works. So far so good.
Then I have installed OpenVPN in order to connect to my preferred ISP, which is not physically present in my area, but allows me to connect to their network through OpenVPN. Which allows me to retrieve my public IPv4 and a /64 of public IPv6 which is very convenient for various reasons like fixed IPs, reverse DNS...
OpenVPN runs as a service, installed from opkg. That brings up a TUN interface that gets the IPv4 and the /64.
In order to use the IPv4 I have created a new interface, with protocol set as
unmanaged and in physical settings, the interface is set to
tun0. So I can manage this interface in the firewall and forward traffic from
In my OpenVPN configuration I use
redirect-gateway def1 which according to my understanding sets
tun0 as the default gateway. I use that along with some rules to make sure local traffic does not follow that route:
route 10.0.0.0 255.0.0.0 net_gateway
route 172.16.0.0 255.240.0.0 net_gateway
route 192.168.0.0 255.255.0.0 net_gateway
That works perfectly well, all my IPv4
lan traffic goes through the OpenVPN tunnel through NAT.
Now I would like to do something similar for IPv6. So that the systems on my lan get their own IPv6s, which is not the case at the moment.
In my OpenVPN configuration I have:
When I do a
ip addr on my OpenWrt I can see that the
tun0 interface has received a scope global inet6 and I can ping some IPv6 addresses on the internet and
traceroute shows that this is working perfectly well.
Now what should I do on my OpenWrt in order to distribute my /64 to my lan?
(edit: I remember using an IPv6 tunnel from HE in the past, and while setting up the interface I could chose the 6in4 protocol and the IPs were appearing as linked to this interface. And then it was much easier as OpenWrt took care of everything and the IPs appeared magically all over the lan. But with that unmanaged interface I can't do that.)