NAT-safe IPv6 Tunnel from Mac OS X to Linux Server

Here is how I routed myself a block of IPv6 to my laptop, wherever I am in the world! Note that I deliberately route myself an entire /64, but only allow a /128 through tinc (to reduce the amount of junk I might drown in). It should be relatively trivial to swap addresses if necessary in future.

tinc.conf

Name = laptop
ConnectTo = server
DeviceType = tun
Mode = router

tinc-up

#!/bin/sh
ifconfig $INTERFACE up
ifconfig $INTERFACE inet6 add 2001:0db8:1234:5678:cafe:babe:feed:face prefixlen 64
route add -inet6 2001:0db8:1234:5600::1 -prefixlen 56 -iface $INTERFACE
route add -inet6 :: -prefixlen 0 2001:0db8:1234:5600::1

tinc-down

#!/bin/sh
route delete -inet6 :: -prefixlen 0
route delete -inet6 2001:0db8:1234:5678:: -prefixlen 64
route delete -inet6 2001:0db8:1234:5678:cafe:babe:feed:face
ifconfig $INTERFACE inet6 delete 2001:0db8:1234:5678:cafe:babe:feed:face prefixlen 64
ifconfig $INTERFACE down

~/bin/ipv6

#!/bin/sh
sudo /opt/local/sbin/tincd -D -c ~/.tinc

nets.boot

tunnel-5600

tunnel-5600/tinc.conf

Name = server
DeviceType = tun
Mode = router
Subnet = 0:0:0:0:0:0:0:0/0

tunnel-5600/tinc-up

#!/bin/sh
ip addr add 2001:0db8:1234:5600::1/56 dev $INTERFACE
ip link set $INTERFACE up

tunnel-5600/tinc-down

#!/bin/sh
ip addr del 2001:0db8:1234:5600::1/56 dev $INTERFACE
ip link set $INTERFACE down

hosts/laptop

Subnet = 2001:0db8:1234:5678:cafe:babe:feed:face/128
-----BEGIN RSA PUBLIC KEY-----
SNIP
-----END RSA PUBLIC KEY-----

hosts/server

Address = 192.168.1.1
Subnet = 0:0:0:0:0:0:0:0/0

-----BEGIN RSA PUBLIC KEY-----
SNIP
-----END RSA PUBLIC KEY-----