Stock kernels are built with the option CONFIG_MODULE_SIG_FORCE, an option that forces signature checks on kernel modules before they can be loaded. Stock kernel sources did not fully build, so I just built modules and patched the kernel to work with them.
I do, with USB tethering, were IPv6 NAT is supported. Normally you'd just use physdev to modify those packets on the way out, but that doesn't seem to work with ipv6. You need a NAT on the phone or router. I run the NAT on the phone so it shares the tunnel(and IP) with the phone, effectively hiding behind it just like ipv4.
Deleting it would work just as well. If you look at the example, "pcweb.metropcs.com" is the DUN and it gets deleted. I mark the primary as DUN for good measure, but it is not strictly necessary. If the phone can't find a DUN apn it just uses the primary.