20 Apr 2020
My current ISP doesn't provide native IPv6, even though I do have a static IPv4 address, so as a project to keep me out of trouble, I thought I'd get my Hurricane Internet IPv6 tunnel up and running.  On the main router on the network, I'm using OpenWRT 19, so I figured this ought to be fairly easy.  Infact, there is documentation on OpenWRT on how to do it with the UI, so I thought it would be a 5 minute job.

When I attempted to follow the steps, it didn't seem to show the 6-in-4 network type, I suspect I'd not got all the dependencies so I did some more looking around, and found the command line example on, and tried that, having ssh-ed into my router.

This still didn't work.  It started assigning my block to devices, but there was no routing on IPv6.  This not being my first networking or routing problem, and with tcpdump already on the router, started to get it listen for packets on various interfaces for packets going to the selected IPv4 tunnel endpoint.  I noticed that packets were not getting replies back. Various firewall IP protocol type suggestions of whitelisting were tried, and still nothing seemed to be getting through

With this in mind, I double checked I could get other devices on the LAN to run IPv6 tunnel, and confirm if it was a NAT or routing issue.

These didn't work immediately, but only started to work when static routes were added for traffic to the tunnel endpoint were added with the next hop on the network.
With a standalone device on the LAN working, I then worked to configure the router with similar settings.  

I've not seen this suggested as a requirement anywhere for getting IPv6 tunnels working, but I suspect that is due to how the network is set up.

The WAN connection is provided as part of UK Fibre Terminated to Cabinet (FTtC).  This uses VDSL2, which there appear to be very few devices that support this and OpenWRT.  So I've got a separate VDSL modem in PPPoE mode, and have been using standard router, with its WAN port configured to dial my ISP over PPPoE. Its not that this is causing anything strange like double NAT, but it seems to have introduced some added complexity to the route table that although the IPv6 is in the WAN firewall zone, it was not then routing the encapsulated IPv6 packets to the IPv4 default gateway.

But with that route in place, IPv6 is fully operational