I had my VPN working for a while when one day I noticed that I didn’t have any connectivity over IPv6 despite being sure I had configured the prefix properly in RRAS. I figured whatever, still have VPN access. But it still felt incomplete without IPv6, and I didn’t want to leave a job half done.
Today I finally set out to troubleshoot the IPv6 issues and for some reason I thought it was because I had a /64 router-side. So I hoarded a /48 to use a /64 prefix on the RRAS server. Surprise surprise things were still not working and I had to spend some time reconfiguring the AAAA records on my DNS since not all of my VMs had an update script (oh hai a new task item for a rainy day).
What turned out to be the issue (and solution)? It was actually stupidly simple. Routes were not configured on the router for the /64 prefix to route to the RRAS. It was literally a one line fix:
ip -6 route add the:ipv6:subnet::/64 via rras:ipv6:dhcp::address dev br0.
Well, at least now I have 65536 /64 subnets?