Tailscale version: 1.22.1
Your operating system & version: Amazon Linux 5.10.102-99.473.amzn2.x86_64
For context, I’m trying to get ipv6 forwarding working for my VPC s.t. I can access hosts over ipv6 even when I’m on an ipv6 only network. I’ve configured one ec2 instance as a subnet router following the guides (enabling ipv4 and ipv6 forwarding) and was able to get private ipv4 addresses working end-to-end. However, I’ve run into some issues with ipv6
-
By default, turning on forwarding for ipv6 disabled accepting router advertisements. This appears to just break ipv6 altogether, and so setting accept_ra=2 seems to fix things.
-
Even then, when trying to connect to any ipv6 host besides the subnet router itself packets never make it back to the original client. running wireshark on the final destination shows that while ipv4 packets are arriving with the forwarding subnet router’s aws ipv4 address, ipv6 packets are arriving with the original client’s tailscale ipv6 address.
My assumption for this last one is that ipv4 forwarding is doing NAT, but that ipv6 doesn’t perform NAT. Am I correct that the only way to solve this is through ip6tables rules, and if so do yall have any recommendations on what configuration to apply before I go remind myself how to configure iptables ?