diff --git a/inventory/group_vars/all/vars.yml b/inventory/group_vars/all/vars.yml
index 8db22ca..318f96f 100644
--- a/inventory/group_vars/all/vars.yml
+++ b/inventory/group_vars/all/vars.yml
@@ -18,3 +18,8 @@ system_mail_domain: "{{ vault_system_mail_domain }}"
 system_mail_smtp_server: "{{ vault_system_mail_smtp_server }}"
 system_mail_smtp_port: 465
 system_mail_smtp_user: "{{ vault_system_mail_smtp_user }}"
+
+# --------------------------------------------------------------------------------------------------
+# vpn
+# --------------------------------------------------------------------------------------------------
+vpn_global_inet6_prefix: "fd6f:1af7:ce35"
diff --git a/inventory/group_vars/asgard/vars.yml b/inventory/group_vars/asgard/vars.yml
index be6ac93..e9aaa30 100644
--- a/inventory/group_vars/asgard/vars.yml
+++ b/inventory/group_vars/asgard/vars.yml
@@ -8,18 +8,20 @@ system_var_home_directory: "{{ system_var_root_directory }}/home"
 system_var_data_directory: "{{ system_var_root_directory }}/data"
 system_var_containers_directory: "{{ system_var_root_directory }}/containers"
 
-# --------------------------------------------------------------------------------------------------
-# vpn
-# --------------------------------------------------------------------------------------------------
-vpn_global_inet6_prefix: "fd6f:1af7:ce35"
-
 # --------------------------------------------------------------------------------------------------
 # vpn:wireguard
 # --------------------------------------------------------------------------------------------------
 vpn_wireguard_port: 51820
-vpn_wireguard_address: "10.66.0.{{ vpn_subnet_id }}"
-vpn_wireguard_prefixlen: 30
-vpn_wireguard_subnet: "10.66.0.0/30"
+
+vpn_wireguard_inet_prefix: "10.66.0"
+vpn_wireguard_inet_address: "{{ vpn_wireguard_inet_prefix }}.{{ vpn_subnet_id }}"
+vpn_wireguard_inet_prefixlen: 30
+vpn_wireguard_inet_subnet: "{{ vpn_wireguard_inet_prefix }}.0/{{ vpn_wireguard_inet_prefixlen }}"
+
+vpn_wireguard_inet6_prefix: "{{ vpn_global_inet6_prefix }}:6600"
+vpn_wireguard_inet6_address: "{{ vpn_wireguard_inet6_prefix }}::{{ vpn_subnet_id }}"
+vpn_wireguard_inet6_prefixlen: 64
+vpn_wireguard_inet6_subnet: "{{ vpn_wireguard_inet6_prefix }}::/{{ vpn_wireguard_inet6_prefixlen }}"
 
 # --------------------------------------------------------------------------------------------------
 # vpn:bridge
diff --git a/inventory/group_vars/bifrost/vars.yml b/inventory/group_vars/bifrost/vars.yml
index 9518d9d..ff700be 100644
--- a/inventory/group_vars/bifrost/vars.yml
+++ b/inventory/group_vars/bifrost/vars.yml
@@ -3,5 +3,11 @@
 # vpn:wireguard
 # --------------------------------------------------------------------------------------------------
 vpn_wireguard_port: 53768
-vpn_wireguard_prefixlen: 30
-vpn_wireguard_subnet: "10.68.0.0/30"
+
+vpn_wireguard_inet_prefix: "10.68.0"
+vpn_wireguard_inet_prefixlen: 30
+vpn_wireguard_inet_subnet: "{{ vpn_wireguard_inet_prefix }}.0/{{ vpn_wireguard_inet_prefixlen }}"
+
+vpn_wireguard_inet6_prefix: "{{ vpn_global_inet6_prefix }}:6800"
+vpn_wireguard_inet6_prefixlen: 64
+vpn_wireguard_inet6_subnet: "{{ vpn_wireguard_inet6_prefix }}::/{{ vpn_wireguard_inet6_prefixlen }}"
diff --git a/inventory/host_vars/heimdall/vars.yml b/inventory/host_vars/heimdall/vars.yml
index b342e2a..53ca59d 100644
--- a/inventory/host_vars/heimdall/vars.yml
+++ b/inventory/host_vars/heimdall/vars.yml
@@ -15,7 +15,8 @@ system_base_udp_ports:
 # vpn:wireguard
 # --------------------------------------------------------------------------------------------------
 vpn_wireguard_role: "server"
-vpn_wireguard_address: "10.68.0.1"
+vpn_wireguard_inet_address: "{{ vpn_wireguard_inet_prefix }}.1"
+vpn_wireguard_inet6_address: "{{ vpn_wireguard_inet6_prefix }}::1"
 vpn_wireguard_interface_private_key: "{{ vault_vpn_wireguard_interface_private_key }}"
 vpn_wireguard_routing_table: "{{ vpn_airvpn_routing_table }}"
 vpn_wireguard_clients:
@@ -23,18 +24,18 @@ vpn_wireguard_clients:
     preshared_key: "{{ vault_vpn_wireguard_clients_0_preshared_key }}"
 
 # The AirVPN MTU is 1320 so the combined MTU is 1320 - 80 = 1240.
-vpn_wireguard_mtu: 1240
+vpn_wireguard_mtu: "{{ vpn_airvpn_mtu - 80 | int }}"
 
 # --------------------------------------------------------------------------------------------------
 # vpn:airvpn
 # --------------------------------------------------------------------------------------------------
 vpn_airvpn_role: "client"
 vpn_airvpn_port: 1637
-vpn_airvpn_address: "{{ vault_vpn_airvpn_address }}"
-vpn_airvpn_prefixlen: "{{ vault_vpn_airvpn_prefixlen }}"
-vpn_airvpn_address_v6: "{{ vault_vpn_airvpn_address_v6 }}"
-vpn_airvpn_prefixlen_v6: "{{ vault_vpn_airvpn_prefixlen_v6 }}"
-vpn_airvpn_mtu: 1320
+vpn_airvpn_inet_address: "{{ vault_vpn_airvpn_inet_address }}"
+vpn_airvpn_inet_prefixlen: "{{ vault_vpn_airvpn_inet_prefixlen }}"
+vpn_airvpn_inet6_address: "{{ vault_vpn_airvpn_inet6_address }}"
+vpn_airvpn_inet6_prefixlen: "{{ vault_vpn_airvpn_inet6_prefixlen }}"
+vpn_airvpn_mtu: 1420
 vpn_airvpn_interface_private_key: "{{ vault_vpn_airvpn_interface_private_key }}"
 vpn_airvpn_server_public_key: "{{ vault_vpn_airvpn_server_public_key }}"
 vpn_airvpn_server_preshared_key: "{{ vault_vpn_airvpn_server_preshared_key }}"
diff --git a/inventory/host_vars/valkyrie/vars.yml b/inventory/host_vars/valkyrie/vars.yml
index f0087b7..2747433 100644
--- a/inventory/host_vars/valkyrie/vars.yml
+++ b/inventory/host_vars/valkyrie/vars.yml
@@ -28,7 +28,12 @@ vpn_wireguard_interface_private_key: "{{ vault_vpn_wireguard_interface_private_k
 vpn_wireguard_clients:
   - public_key: "{{ vault_vpn_wireguard_clients_0_public_key }}"
     preshared_key: "{{ vault_vpn_wireguard_clients_0_preshared_key }}"
-    subnet: "{{ hostvars.yggdrasil.vpn_bridge_inet_prefix }}.0/24"
+    inet_subnet: "\
+      {{ hostvars.yggdrasil.vpn_bridge_inet_prefix }}.0/\
+      {{ hostvars.yggdrasil.vpn_bridge_inet_prefixlen }}"
+    inet6_subnet: "\
+      {{ hostvars.yggdrasil.vpn_bridge_inet6_prefix }}::/\
+      {{ hostvars.yggdrasil.vpn_bridge_inet6_prefixlen }}"
 
 # --------------------------------------------------------------------------------------------------
 # services
diff --git a/playbooks/vpn.yml b/playbooks/vpn.yml
index 4aa501b..6314a1f 100644
--- a/playbooks/vpn.yml
+++ b/playbooks/vpn.yml
@@ -22,10 +22,10 @@
         vpn_wireguard_iface: "wg-airvpn"
         vpn_wireguard_role: "{{ vpn_airvpn_role }}"
         vpn_wireguard_port: "{{ vpn_airvpn_port }}"
-        vpn_wireguard_address: "{{ vpn_airvpn_address }}"
-        vpn_wireguard_prefixlen: "{{ vpn_airvpn_prefixlen }}"
-        vpn_wireguard_address_v6: "{{ vpn_airvpn_address_v6 }}"
-        vpn_wireguard_prefixlen_v6: "{{ vpn_airvpn_prefixlen_v6 }}"
+        vpn_wireguard_inet_address: "{{ vpn_airvpn_inet_address }}"
+        vpn_wireguard_inet_prefixlen: "{{ vpn_airvpn_inet_prefixlen }}"
+        vpn_wireguard_inet6_address: "{{ vpn_airvpn_inet6_address }}"
+        vpn_wireguard_inet6_prefixlen: "{{ vpn_airvpn_inet6_prefixlen }}"
         vpn_wireguard_mtu: "{{ vpn_airvpn_mtu }}"
         vpn_wireguard_interface_private_key: "{{ vpn_airvpn_interface_private_key }}"
         vpn_wireguard_server_public_key: "{{ vpn_airvpn_server_public_key }}"
diff --git a/roles b/roles
index bd66dc3..b121894 160000
--- a/roles
+++ b/roles
@@ -1 +1 @@
-Subproject commit bd66dc341e3d3e64111f724651f35b026dc21dd7
+Subproject commit b1218945b64311fa6095a569a6a8cfbc09c7e5cf