Hello all,
Management summary: having trouble being my own IPv6 tunnelbroker. I can ping everything on my local networks, but the /48 gateway or anything else on the internet just can't be reached. Probably a problem with neighbor discovery...
Having used Hurricane Electric as my IPv6 tunnelbroker for some time, I now want to be my own tunnelbroker. Therefor I leased my own VPS and /48 subnet at a provider. They have provided me with a gateway which is in the same /48 subnet. They don't route traffic destined to my subnet to a particular address in this /48.
My VPS has an IPv6 address in the /48. I provided the /48 as subnet mask in its configuration. For security purposes I won't provide my own IPv6 space, but the configuration is like:
interface: ens18
IPv6 address: 2001:0db8:1977::1977/48
IPv6 gateway: 2001:0db8:1977::1 (this device exists on my providers network.
The VPS runs Ubuntu 18.04 by the way. From the ens18 interface I can ping the gateway.
At home I've got my own OpenWRT 18.06.1 router. Between the VPS and home there's a 6in4 tunnel. 2001:0db8:1977:1::a/127 is the VPS tunnel address, the OpenWRT router has 2001:0db8:1977:1::b/127 as its address. The VPS routes 2001:0db8:1977:62::/64 through the tunnel.
On the router, I created the configuration in Luci on the wan6 interface with 6in4 as its protocol. OpenWRT configured by itself 2001:0db8:1977:62::1/64 on the br-lan interface. And the devices in my LAN all got a IPv6 address from this /64 network automagically configured.
From these devices I can ping 2001:0db8:1977:62::1, 2001:0db8:1977:1::b and 2001:0db8:1977:1::a (tunnel IP addresses) and 2001:0db8:1977::1977 (ens18 interface on my VPS). Unfortunately I can't ping anything on the internet and also not my gateway, 2001:0db8:1977::1.
I've tried all kinds of things. For example on the VPS I added this to the routing table:
ip -6 route add local 2001:0db8:1977:62::/64 dev lo
and added ndppd to the mix (network discovery protocol proxy daemon) as per http://forgezilla.com/using-all-64-ipv6-ips-with-ndppd-without-routed-prefix/. It's configuration:
route-ttl 30000
proxy ens18 {
router yes
timeout 500
ttl 30000
rule 2001:0db8:1977:62::/64 {
iface bwplein
}
}
bwplein = 6to4 tunnel interface on VPS.
When I start a ping to my /48 gateway from a device in my local LAN, I see the gateway sends a neighbour sollicitation about my device's IP address. It also get's to my local LAN. I don't see however the device answering back by a advertisement. The same goes for my OpenWRT router: when I ping from there and use for example it's br-lan address, pinging the gateway doesn't work.
At this moment I'm not sure how to troubleshoot this problem. I've read many blogposts, tried to fiddle with all kinds of /proc/sys/net/ipv6/conf settings, but can't seem to solve this. Maybe it's in the firewall settings on my router, no idea anymore.
Has anyone a similar sitution and got this to work? Any good pointers? Any suggestions? Everything is welcome! 
Alexander