Subsetting CRXN into the real Internet

Recently I looked into deavmi’s project named CRXN where he’s leveraging yggdrasil’s peer-to-peer VPN routing mechanism to build an overlay network using IPv4. Since several of my online services are not connected to yggdrasil, I was wondering if it’s possible to just NAT64 CRXN into IPv6. Sure it worked quite fine, I’ll show you how we pulled that off.

Shitty pro-tip: You can also use this instruction to expose your super secured enterprise network to the public. Instead of yggdrasil you use your corporate VPN.

UPDATE: I had to setup mss clamping. Check the last paragraph how I did it. I also fixed some errata in my systemd service file.

Continue reading “Subsetting CRXN into the real Internet”