[Babel-users] ipv6 tunnels and babel's source specific routing

Thu Nov 8 23:57:04 GMT 2018

Now that I can use the rfc6126bis version of babel's source specific
routing...

and wireguard is looking stabler and stabler...

I'd like to come up with some reliable subset of the following
idea.

I've had this linode ipv6/56 for ages. I used to use hurricane for
static ipv6's until netflix started blocking that. comcast dynamic ipv6
is a real pita. My hope was, with a whole /56 that I could actually run
a mail server on my side of it (at least), and dole out portions of the
/56 to other boxes both on my campus lan, boat, laptop, etc - any place
I need it....

somewhere along the way I wanted to get a wireguard tunnel with a babel
"from" route up.

My thinking is weird, in that I'd like to run the tunnel/56 to
tun.taht.net from ceres.taht.net (dynamic ipv6 ip)

I'd like to break out individual /60s, so, for example, my boat (running
wireguard over a cell phone, over ipv6!!) would have it's own /60 to
address every router in it... and in that case I do NOT want to touch it
down in the cloud (because my phone is guarunteed to have ipv6), I want
it to go to my dynamic dns ipv6 address for ceres. 

I tried to do this quite some time ago in wireguard's evolution.

Most of the examples out there are for sending *all* your traffic via
wireguard through a default gw, where what I want is just the ipv6/56
addrs I've exported to automagically go through the vpn. e.g. I'd bind
the house mail server to the vpn address of whatever::3/64, campus
server at whatever:20::3/64, boat ssh server at whatever:30::neveryoumind/64

When doing that normally you'd do something like

ip -6 route default from vpn:add:ress::/56 via dev wireguardvpn

If I can possibly make anything more complicated!!! it would be great to
be able always go directly to the ipv6 ceres and fall back to the (ipv4)
cloud... announcing to the rest of my boxes (via babel) where I am...

tun.taht.net has the /56

campus 1 needs at least a 60, maybe even a 58.

lab needs a 60

boat warriors (half dozen boxes, a /62?) (yes, this is excessive but I
can't get dhcpv6-pd out of the phone, and I have multiple routers on
board because that's the work I do)

road warriors
laptop - needs a mobile 128? But I don't want it to try to connect over
the vpn over the vpn....

so that's the crazy question. I don't think I've described it well enough.

so quick and slightly less question - how's android working and does wireguard on
android work over ipv6? Can a android tether at least, export RA?

alternatively anyone know of a good usb stick for cell?

PS I used to do this sort of crazy stuff with tinc, but...

PPS yes, my boat runs babel. It would be awesome if more boats ran adhoc
wifi, babel, and hnetd. VHF sucks compared to wifi. A picostation on the
mast has about 20 mile range. 