veering slightly from the topic (typical setup for a server host would not be to use DHCPv6 but just statically route another block - usually a /56 or /48), but...
On 2023-07-07, Anthony Coulter <b...@anthonycoulter.name> wrote: > The trouble with subnets is that they have to be configured. I would > have to install a DHCPv6 server to request that subnet. OpenBSD doesn't > have one in base so I have to install the wide-dhcp6 package. (to request a prefix be routed to you, you need a DHCPv6-PD client, not a server) why when people are looking for dhcpv6 software do they always find that unmaintained-for-years run-the-whole-lot-as-root wide-dhcp6 thing? use dhcpcd if you want a client that can do DHCPv6. the most recent release was a couple of months ago, it's sensibly written, uses pledge where possible, and has decent privilege separation for the parts which can't pledge). picking one other bit.. > I would also suggest comparing the "hackiness" of NDP proxying to the > hackiness of NAT, which is how we solve this same problem in IPv4. it might be how some people solve it for v4. others solve it in a non-hacky way which is exactly the same as the non-hacky way for v6; put the vpn clients on a different subnet that's routed to the vpn gateway.
