Hello Christoph, I am glad, that you discovered the source of the problem!
Am Sat, 4 May 2019 08:30:28 +0200 schrieb "Christopher Klinge" <christ.kli...@web.de>: > The goal was that all connections between my nodes, regardless of whether > they are destined for internal or external ipv6 addresses, end up using the > VPN. This is indeed a bit tricky. I use a setup with a similar goal based on IPv4. I solved it there by using DNAT rules for the traffic to be routed through the VPN (based on destination ports). But DNAT is probably not appropriate in a modern IPv6 world :) In an IPv6 world you may want to use policy routing. Simply add specific rules based on the incoming interface ("iif"), the source address ("from") or ports ("sport" / "dport"). The routes in the target routing table can be filled by your "node-up" scripts. Cheers, Lars _______________________________________________ tinc mailing list tinc@tinc-vpn.org https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc