Handle split IPv4/IPv6 uplinks in network-tunnel-manager

[p17o]

Summary

This PR fixes network-tunnel-manager.sh for hosts where IPv4 and IPv6 use different uplink interfaces.

Before this change, the script auto-detected a single NETWORK_DEVICE from the IPv4 default route and reused it for both IPv4 and IPv6 iptables/ip6tables setup. On hosts where IPv4 egress is on one interface and IPv6 egress is on another, this caused IPv6 tunnel connectivity checks and forwarding/NAT setup to fail.

What changed

• added separate uplink detection for:
  • NETWORK_DEVICE_V4
  • NETWORK_DEVICE_V6
• kept NETWORK_DEVICE as a backward-compatible override for both families
• updated IPv4 NAT/FORWARD rules to use the IPv4 uplink
• updated IPv6 NAT/FORWARD rules to use the IPv6 uplink
• updated IPv6 display/status paths to use the IPv6 uplink
• updated exit-policy setup and checks so IPv4 and IPv6 hooks use the correct uplink

Why this is needed

Some deployments use:

• one interface for public IPv4 connectivity
• another interface for global IPv6 connectivity

In that setup, reusing the IPv4 uplink for IPv6 breaks the IPv6 path even when the host itself has working IPv6 on a different interface.

Backward compatibility

Existing setups that use a single uplink remain unchanged:

• NETWORK_DEVICE still works as before
• the new variables are optional
• auto-detection now prefers per-family defaults when not explicitly set

Validation

Tested on a host with:

• IPv4 uplink on eth0
• IPv6 uplink on eth2

Results:

• IPv6 connectivity via nymwg and nymtun0 succeeded

Notes

This change is intentionally scoped to uplink selection and rule application only.
It does not change the existing behavior for single-uplink hosts.

---

This change is 

[vercel]

Someone is attempting to deploy a commit to the nyx-network Team on Vercel.

A member of the Team first needs to authorize it.