I am having an IPv6 network with an /64 prefix on my virtual root server so I wanted to use one (or more) of this large amount of IP addresses for my laptop so I have a public IP address I can use to test IPv6. The problem is that I have never learned how to subnet or route it.

So how did I finally got it working?

Step one (enable routing)

Routing of IPv6 must be enabled on the host. For that, I created a small shell command:

echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

You can write this into a script and make it executable with chmod +x scriptfile

Step two (build subnets)

Open the file /etc/systemd/network/name_of_your_configuration_file.network in your favorite and look for the IPv6 configuration:

Address=Your IPv6 Address/Your Subnet Mask

Now you know know the address and the subnet. Now make the subnet smaller. As IPv6 addresses are written in hex, it is easier to use some kind of a subnet mask which makes it easy to calculate. I would recommend to use a multiple of four as this will result in increasing the hex value by one.

If you have changed the file, you need to reload it:

systemctl restart systemd-networkd

Step thee (update the configuration file of OpenVPN)

Now you need to choose a network address of your new pool and assign that to OpenVPN. You just need to add the following line to your configuration:

server-ipv6 ipv6_network_address/netmask

Now restart the OpenVPN server.

Step four (Create a firewall rule to pass traffic)

You need to pass the traffic so it is not blocked by your firewall. For example a single rule in the forward chain can be used to allow IPv4 and IPv6 forwarding at the same time:

iifname tun0 accept

Note: this rule is for nftables.


Now you should get an IPv6 address if you connect to your OpenVPN server.