It works, now!

And it works better here than irl (not implemented yet), lol :-D

machines/loc1xe/setup.sh

@@ -23,13 +23,15 @@ ip link add name wg-vms type wireguard
 wg setconf wg-vms ./machines/$mach/wg-vms.conf
 ip link set wg-vms netns "$vm_netns"
 nsenter --net="$vm_netns" ip link set wg-vms up
-# The netns has *no* means of participating in the traffic, because it has no address to use.
-# FIXME: Apart from possibly a link-local one :-/
 nsenter --net="$vm_netns" ip route add 2a01:4f8:c0c:36b8:ff01:8000:0:0001/128 dev wg-vms onlink
 nsenter --net="$vm_netns" ip route add default via 2a01:4f8:c0c:36b8:ff01:8000:0:0001 dev wg-vms
 nsenter --net="$vm_netns" sysctl net.ipv6.conf.all.forwarding=1
 
 tmux -N new-window -d -n vm1 socat stdio unix-listen:state/$mach/vm1.sock
 nsenter --net="$vm_netns" ./machines/$mach/vm1/start.sh
+# We *do* have an IPv6 address just because the VM simulates ethernet, which is broadcast and runs NDP and so we need to respond.
+# However, we should avoid *any* interaction with the packets, that is, probably just drop everything in input and output chains, TODO
+# FIXME: I think the correct range is fe80::/64, not fe80:whatever::/64… But this works…
+nsenter --net="$vm_netns" ip addr add fe80:ff01:8000::2/64 dev tap-vm1 scope link
 nsenter --net="$vm_netns" ip link set dev tap-vm1 up
 nsenter --net="$vm_netns" ip route add 2a01:4f8:c0c:36b8:ff01:8000:0:0003/128 dev tap-vm1 onlink

machines/loc1xe/vm1/init

@@ -6,7 +6,8 @@
 /busybox insmod /e1000.ko
 /busybox ip link set lo up
 /busybox ip addr add 2a01:4f8:c0c:36b8:ff01:8000:0:3/128 dev eth0
+/busybox ip addr add fe80:ff01:8000::3 dev eth0 scope link
 /busybox ip link set eth0 up
-/busybox ip route add default via 2a01:4f8:c0c:36b8:ff01:8000:0:1 dev eth0 onlink
+/busybox ip route add default via fe80:ff01:8000::2 dev eth0
 
 /busybox ash