Yeah, you’re stuck with NAT66 with most commercial VPNs that support IPv6. If you’ve got ISP level ipv6 you can still allow inbound connections directly at least.
If you do go the NAT66 route, consider assigning a fake GUA from an unassigned prefix as if you use standard ULAs outbound connections will always prefer ipv4.
None of this is in the spirit of proper ipv6 but it “works”.
I’ve seen the suggestion of buying a GUA subnet, purely to use as a routable-but-unique prefix that will never collide, and will always win over ULA or Legacy IP routes. When I last checked, it was something like €1 for a /48 off of someone’s /32 prefix, complete with a letter of authorization and reverse IP delegation. So it could be routable, if one so chooses.
Yeah, you’re stuck with NAT66 with most commercial VPNs that support IPv6. If you’ve got ISP level ipv6 you can still allow inbound connections directly at least.
If you do go the NAT66 route, consider assigning a fake GUA from an unassigned prefix as if you use standard ULAs outbound connections will always prefer ipv4.
None of this is in the spirit of proper ipv6 but it “works”.
I’ve seen the suggestion of buying a GUA subnet, purely to use as a routable-but-unique prefix that will never collide, and will always win over ULA or Legacy IP routes. When I last checked, it was something like €1 for a /48 off of someone’s /32 prefix, complete with a letter of authorization and reverse IP delegation. So it could be routable, if one so chooses.