diff --git a/nicos-ipv6-vpn-routing-issue.dot b/nicos-ipv6-vpn-routing-issue.dot
new file mode 100644
index 0000000..ff51e08
--- /dev/null
+++ b/nicos-ipv6-vpn-routing-issue.dot
@@ -0,0 +1,33 @@
+digraph G {
+    node [ shape=box ]
+    label="Why IPv6 upstream on test devices does not work
+    ICMP works as it's on 1 reply\n
+    SSH does not work\n
+    Testdev only receives first syn, not 2nd ack packet\n
+    Notebook receives duplicated syn-ack packets from testdev\n
+    Likely problem: router does not see return packet and drops the
+    packet, no session entry?
+    It's an outgoing packet, so this should not be a problem\n
+    Router seems only to send first syn packet from the client\n
+    VERIFIED by disabling ip6tables / flushing rules"
+
+    notebook [ label="Notebook: 2a0a:e5c0:13::a/64" ]
+    router  [ label="Router: 2a0a:e5c0:13::42/64" ]
+    testdev [ label="Testdev: 2a0a:e5c0:13::zz/64" ]
+
+    vpnserver [ label="VPN server" ]
+
+    vpnserver->testdev [ label="Route for 2a0a:e5c1:VPN::/48" ]
+
+    notebook->router [ label="1. Connect to 2a0a:e5c1:VPN::42\nWith MAC
+    of router" ]
+    router->vpnserver [ label="2. Forwarding packing for Testdev to
+    router" ]
+    vpnserver->testdev [ label="3. Forwarding packing for Testdev via
+    VPN" ]
+    testdev->notebook [ label="4. Reply directly to notebook\n
+    testdev has same local network as notebook
+    Using a different mac address than the router has" ]
+
+
+}