OpenWrt 25.x lacks the netifd grev6 protocol handler, so the UCI
vpn_tunnel interface never came up (NO_DEVICE). Now using a dedicated
init script (parahub-vpn-tunnel, START=96) that:
- Creates ip6gre tunnel with encaplimit none (critical: Yggdrasil
drops IPv6 packets with DSTOPT extension headers from encaplimit)
- Waits for Yggdrasil address before creating tunnel
- Adds guest subnet direct route to table 100 (fixes DNS/reply
routing — without it, router replies with source in guest subnet
get routed through GRE instead of back to the client)
- Reloads firewall so vpn_tunnel zone picks up gre6-vpn device
Also updated VPS mesh-gateway.sh with encaplimit none.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Parahub AI
3771521d59