For no reason I could see, I had to reboot each router twice after entering the new tunnel, but everything works a little better now.

First I removed the /48 address from the server; it wasn't working anyway. Then I removed IPv6 from the WiFi router and restarted it just fine.

Readdressing the WAN router to use the /64 instead required rebooting it twice before the router could see the Internet. It came up fine the first time, and everything looked configured correctly, but the WAN reported as "disconnected," although the line was "on" in the switch view. Rebooting it the second time and it worked fine. It took a little longer than I thought it should, but maybe it was waiting for the IPv6 tunnel to be right before it reported all was well. Before that router reported it was connected, the WiFi router reported it was using the WAN router connection (it has two to choose from), and traffic flowed.

I created a new tunnel with tunnelbroker.net and configured it on the WiFi connection. This took a couple tweaks of the firewall on both routers, because the WAN router was blocking ping to the WiFi router's static address.

I turned the firewall back on the WAN router, and all seems to still behave.

I then added a static IPv6 address to the server. I tweaked a couple of its services to use the new IP range, and shifted its default gateway to the new network. I went into my CDN and changed the DNS of all the domains and records that point to that server to use the new IP, and added IPv6 AAAA and notes to the necessary TXT records.

The logs show there is inbound e-mail still, and the web traffic hasn't ever stopped (and was one of the things that seemed to work regardless). I still have problems reaching the server using IPv6 from my network, but I think that's because it has a WAN with an IPv6 and LAN with IPv6, now from different networks, but that multi-home is still not configured completely. I tried to tell the network to not put IPv6 on its LAN port (for now), but for whatever reason, "dhcp6: false" isn't doing anything.

Still working on things.

Next I'll test some SMTP outbound stuff. That's usually pretty low since there are only a few people or services (like notifications of comments on this blog), so very few messages actually leave the server. There are plenty of rejected MTA attempts, but I've had relaying locked down for a while; changing the IP address shouldn't change that at all. The trickiest will be to see if the e-mail that gets relayed through my server (some of the domain users don't keep their e-mail on my server) still gets through. The new ISP says they don't block the MTA ports for business-class service, which is part of why I did that shift.

But things are getting better.