I am assuming this is the IP I can use to reach my Turris. Next, use a DDNS service to register an AAAA record to my new IP address. The domain is known (the DNS record is propagated), but the Turris denies the ping.
Next I download the config, move it to my iPhone, and open it with the iOS OpenVPN app. The app refuses to connect to the VPN, and I don’t know why. What should I do to debug the cause? Note: my ISP’s modem/router device is in Bridge mode, and doesn’t block any traffic.
That is unlikely to be true. With IPv6 the ISP will likely assign a /64 prefix to the router as well as a /NN with NN < 64 prefix to deegate addresses from to end hosts. But even if your ISP supplied only a /64 prefix for everything each end-host will generate the lower 64bit part of the IPv6 address itself, so your browser result above will be the IPv6 address from the cimputer on which you ran the browser and not of your turris router.
Just run the foolowing command in a ssh session on your router: ifstatus wan6
to see the router’s IPv6 address.
My bet is, that you have set the DNS records to point to your computer. Remember, you have public IPv6 addresses, no NAT is performed on your router, so the Google shows your IPv6 address and not of the router.
Log in to LuCI to see what is IPv6 address of your router and update the DNS to point to this address.
Thanks @moeller0 and @hagrid for clearing that up. I did not know NAT is no longer a thing with IPv6! I see my IP is regularly changing as well, which turns out is part of the IPv6 spec. Just to be sure, how exactly do I piece together my IP? I can see the IPv6 prefix is the same for my PC and router. But I have multiple DNSv6 values, and a GatewayV6 value. Which is the correct string to use after the prefix?
