No internet access with IPv6 prefix delegation to vlan with systemd-networkd

I have a router that gets a /48 prefix from my ISP, and had prefix delegation enabled. I run a (debain)server on the router's main network. I've set up a vlan for my IoT devices on my server, for ipv4 I have set up a NAT to connect the device on the vlan to the internet. I've managed to configure systemd-networkd to request a prefix from the router and apply it on the iot vlan interface. Systemd-networkd also serves as router advertisement for the clients on the vlan. When connecting a device to the iot-vlan it receives a ipv6 address within the prefix. So far so good. However, the addresses within the prefix are not routed to the internet. I seem to be missing the part where the server 'knows' that traffic from the prefix :C001: needs to be forwarded to the router (over eth0). Pinging google.com from the main interface of my server: # ping6 2a00:1450:400e:80f::200e -I eth0 PING 2a00:1450:400e:80f::200e(2a00:1450:400e:80f::200e) from 2a02:a46e:53ea:0:54ce:59ff:fec6:b62d eth0: 56 data bytes 64 bytes from 2a00:1450:400e:80f::200e: icmp_seq=1 ttl=119 time=7.13 ms Pinging from the iot-vlan interface: # ping6 2a00:1450:400e:80f::200e -I iot PING 2a00:1450:400e:80f::200e(2a00:1450:400e:80f::200e) from 2a02:a46e:53ea:c001:54ce:59ff:fec6:b62d iot: 56 data bytes From 2a02:a46e:53ea:c001:54ce:59ff:fec6:b62d icmp_seq=1 Destination unreachable: Address unreachable edit: Pinging from the *address* of the iot interface works (tnx @u1686_grawity) $ ping6 google.com -I "2a02:a46e:53ea:c000:54ce:59ff:fec6:b62d" PING google.com(ams17s12-in-x0e.1e100.net (2a00:1450:400e:810::200e)) from 2a02:a46e:53ea:c000:54ce:59ff:fec6:b62d : 56 data bytes 64 bytes from ams17s12-in-x0e.1e100.net (2a00:1450:400e:810::200e): icmp_seq=1 ttl=60 time=7.64 ms Pinging from a device in the iot-vlan does not work. $ ping6 google.com PING google.com (2a00:1450:400e:803::200e) 56 data bytes --- google.com ping statistics --- 236 packets transmitted, 0 received, 100% packet loss, time 240617ms ip address of device on iot-vlan: $ ip -6 addr show dev wlp1s0 3: wlp1s0: mtu 1500 qdisc noqueue state UP group default qlen 1000 inet6 2a02:a46e:53ea:c001:dc81:6cfc:2115:899/64 scope global temporary dynamic valid_lft 3576sec preferred_lft 1776sec inet6 2a02:a46e:53ea:c001:4f32:ea73:f336:3907/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 3576sec preferred_lft 1776sec inet6 fe80::aff0:9c03:3ce:7601/64 scope link noprefixroute valid_lft forever preferred_lft forever route of device on iot-vlan $ ip -6 route 2a02:a46e:53ea:c001::/64 dev wlp1s0 proto ra metric 600 pref medium fe80::/64 dev veth0ad8518 proto kernel metric 256 pref medium fe80::/64 dev docker0 proto kernel metric 256 pref medium fe80::/64 dev veth998c5e2 proto kernel metric 256 pref medium fe80::/64 dev wlp1s0 proto kernel metric 1024 pref medium default via fe80::54ce:59ff:fec6:b62d dev wlp1s0 proto ra metric 20600 pref medium The systemd .network file for the vlan-interface: [Match] Name=iot Type=vlan [Network] DHCPPrefixDelegation=yes IPv6DuplicateAddressDetection=1 IPv6SendRA=yes LinkLocalAddressing=ipv6 [Address] Address=192.168.100.1/24 [DHCPPrefixDelegation] UplinkInterface=:auto SubnetId=1 Announce=yes #[Route] #Gateway=:: #Table=local #This does not seem to do anything Edit: tcpdump shows my ping request entering the server in interface iot: #tcpdump -eni iot ip6 15:49:12.290030 c0:a5:e8:46:79:31 > 56:ce:59:c6:b6:2d, ethertype IPv6 (0x86dd), length 118: 2a02:a46e:53ea:c001:dc81:6cfc:2115:899 > 2a00:1450:400e:80f::200e: ICMP6, echo request, id 30134, seq 1, length 64 but not being forwarded to eth0 (only the same packet WITH vlan tag): #tcpdump -eni eth0 ip6 15:50:55.083174 c0:a5:e8:46:79:31 > 56:ce:59:c6:b6:2d, ethertype 802.1Q (0x8100), length 122: vlan 2, p 0, ethertype IPv6 (0x86dd), 2a02:a46e:53ea:c001:dc81:6cfc:2115:899 > 2a00:1450:400e:80f::200e: ICMP6, echo request, id 30653, seq 1, length 64