IPv6 routing to frontend shouldn't leave network
With the current lilypad there's a funny routing bug: when connected to the VPN, you can't access internal services (fetch new cert, admin panel..).
The valid use case is when the VPN server is part of an internal network of which you want to route through the tunnel itself. For example: VPN client network: 172.28.128.0/24 VPN server network address: 172.28.128.254 VPN server public address: 18.104.22.168/28, making the server part of network 22.214.171.124-126.96.36.199. In this case it makes sense to push the following routes: push "route 188.8.131.52 255.255.255.240 172.28.128.254" push "route 184.108.40.206 255.255.255.255 net_gateway" That allows VPN clients to communicate with 220.127.116.11/28 through the secure tunnel they've established without accidentally breaking access to the VPN server itself, as VPN clients must always reach this through their default gateway "net_gateway". As mike_SF pointed out the use case with IPv6 is identical. Let's look at an example for IPv6: VPN client network: 2a02:1234:5678:128::/64 VPN server network address: 2a02:1234:5678:128:fff:ffff:ffff:ffff VPN server public address: 2a02:1234:5678:1:fff:ffff:ffff:ffff As with the IPv4 case it makes sense to push the following routes: push "route-ipv6 2a02:1234:5678:1::/64 2a02:1234:5678:128:ffff:ffff:ffff:ffff" push "route-ipv6 2a02:1234:5678:1:fff:ffff:ffff:ffff net_gateway"
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information