Improve IPv6 setup

hwdsl2 · hwdsl2 · commit 5414cdfb71b0 · 2026-03-20T01:42:03.000-05:00
- Use a /116 subnet (4096 addresses) for IPv6.
- Set IPv6 forwarding in rc.local, in addition to sysctl.conf.
  In some cases, setting it in sysctl.conf may not work reliably.
diff --git a/extras/ikev2setup.sh b/extras/ikev2setup.sh
@@ -169,7 +169,7 @@ confirm_or_abort() {
 show_header() {
 cat <<'EOF'
 
-IKEv2 Script   Copyright (c) 2020-2026 Lin Song   16 Mar 2026
+IKEv2 Script   Copyright (c) 2020-2026 Lin Song   20 Mar 2026
 
 EOF
 }
@@ -1178,11 +1178,12 @@ add_ikev2_connection() {
   bigecho2 "Adding a new IKEv2 connection..."
   XAUTH_POOL=${VPN_XAUTH_POOL:-'192.168.43.10-192.168.43.250'}
   IP6_NET=${VPN_IP6_NET:-'fddd:500:500:500::/64'}
+  IP6_PREFIX=$(printf '%s' "$IP6_NET" | sed 's|/[0-9]*$||; s|::$||')
   lsubnet="0.0.0.0/0"
   rpool="$XAUTH_POOL"
   if [ -n "$VPN_PUBLIC_IP6" ]; then
     lsubnet="0.0.0.0/0,::/0"
-    rpool="$XAUTH_POOL,$IP6_NET"
+    rpool="$XAUTH_POOL,${IP6_PREFIX}::1000-${IP6_PREFIX}::1fff"
   fi
   if ! grep -qs '^include /etc/ipsec\.d/\*\.conf$' "$IPSEC_CONF"; then
     echo >> "$IPSEC_CONF"
diff --git a/extras/vpnuninstall.sh b/extras/vpnuninstall.sh
@@ -211,9 +211,9 @@ update_rclocal() {
     bigecho "Updating rc.local..."
     conf_bk "/etc/rc.local"
     if [ "$os_type" = "alpine" ]; then
-      sed -i '/# Added by hwdsl2 VPN script/,+4d' /etc/rc.local
+      sed -i '/# Added by hwdsl2 VPN script/,/)&$/d' /etc/rc.local
     else
-      sed --follow-symlinks -i '/# Added by hwdsl2 VPN script/,+4d' /etc/rc.local
+      sed --follow-symlinks -i '/# Added by hwdsl2 VPN script/,/)&$/d' /etc/rc.local
     fi
   fi
 }
diff --git a/vpnsetup_amzn.sh b/vpnsetup_amzn.sh
@@ -579,13 +579,16 @@ enable_on_boot() {
     else
       echo '#!/bin/sh' > /etc/rc.local
     fi
-cat >> /etc/rc.local <<'EOF'
+    ip6_fwd_rc=""
+    [ -n "$ip6" ] && ip6_fwd_rc='
+echo 1 > /proc/sys/net/ipv6/conf/all/forwarding'
+cat >> /etc/rc.local <<EOF
 
 # Added by hwdsl2 VPN script
 (sleep 15
 service ipsec restart
 service xl2tpd restart
-echo 1 > /proc/sys/net/ipv4/ip_forward)&
+echo 1 > /proc/sys/net/ipv4/ip_forward${ip6_fwd_rc})&
 EOF
   fi
 }
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
@@ -760,13 +760,16 @@ enable_on_boot() {
     else
       echo '#!/bin/sh' > /etc/rc.local
     fi
-cat >> /etc/rc.local <<'EOF'
+    ip6_fwd_rc=""
+    [ -n "$ip6" ] && ip6_fwd_rc='
+echo 1 > /proc/sys/net/ipv6/conf/all/forwarding'
+cat >> /etc/rc.local <<EOF
 
 # Added by hwdsl2 VPN script
 (sleep 15
 service ipsec restart
 service xl2tpd restart
-echo 1 > /proc/sys/net/ipv4/ip_forward)&
+echo 1 > /proc/sys/net/ipv4/ip_forward${ip6_fwd_rc})&
 EOF
   fi
 }
diff --git a/vpnsetup_ubuntu.sh b/vpnsetup_ubuntu.sh
@@ -725,13 +725,16 @@ EOF
     if uname -m | grep -qi '^arm'; then
       rc_delay=60
     fi
+    ip6_fwd_rc=""
+    [ -n "$ip6" ] && ip6_fwd_rc='
+echo 1 > /proc/sys/net/ipv6/conf/all/forwarding'
 cat >> /etc/rc.local <<EOF
 
 # Added by hwdsl2 VPN script
 (sleep $rc_delay
 service ipsec restart
 service xl2tpd restart
-echo 1 > /proc/sys/net/ipv4/ip_forward)&
+echo 1 > /proc/sys/net/ipv4/ip_forward${ip6_fwd_rc})&
 exit 0
 EOF
   fi
