In 2016 have researched strongswan based ipsec, as it supports ikev2 and allows user to connect a public ipv6 address roaming laptops and even to some Android mobile phones.
The GNUnet VPN plugin and direct IP routing like this are intended to be complementary to each other… Note that Quagga most probably will propagate GNUnet routes without issue, though the reverse would need some code updates…
Recent developments hastened the need for things like this… and caught the attention of our ISP
I want to create a completely distributed Internet experience, and try to avoid hijacking numbering space wherever possible to do this. This means that we want to avoid registries where you lease naming or numbering resources, and have to return them when you cannot pay any more.
This does include Regional Internet Registries, who lease address space, and most regular domain registries, who may lease names. Also, if something wrong happens, the name or numbers can be recalled.
Other name and numberspaces are typically persistently allocated. These are much more acceptable. This would include IEEE802 MAC addresses, and numbers such as OIDS used in LDAP, X509/SSL and SNMP tend to be permanently assigned to a given purpose.
For IP addresses, I choose the RFC 4193 random self-allocation numberspace of fd00::/8. We are going to use a source of random material for the addresses, so this is fine. There is a list of some of the other prefixes in use.
You can create your own VPN using this guide, and experiment with it to become more familiar with it, before deciding to connect with other VPNs, to form part of the collective global vpn, which we can call the GNUbone as a parody on 6bone, or the InterGNU.
Interconnection may be discussed in Main Chat
Firstly, get yourself public IPv6 addresses for your computers. Ensure that packets to fd00::/8 addresses do not escape where they should not, such as by only routing allocated numberspace to the Internet, rather than as a default route.
On Debian GNU/Linux, modprobe ip6_tunnel and add ip6_tunnel to /etc/modules to make it permanent.
Now you can pick some of your computers as VPN nodes. They will be set up essentially the same, as this is a F2F network.
I split this page into parts as it is rather large. Routing and IPsec are the basic essentials, firewalling is recommended, and the other sections are optional.