How can I setup OpenVPN with IPv4 and IPv6 using a tap device?

Posted by Lekensteyn on Server Fault See other posts from Server Fault or by Lekensteyn
Published on 2011-02-20T14:14:47Z Indexed on 2011/02/21 23:26 UTC
Read the original article Hit count: 254

Filed under:
|
|

I've managed to setup OpenVPN for full IPv4 connectivity using tap0. Now I want to do the same for IPv6.

Addresses and network setup (note that my real prefix is replaced by 2001:db8):

2001:db8::100:0:0/96    my assigned IPv6 range
2001:db8::100:abc:0/112 OpenVPN IPv6 range
2001:db8::100:abc:1     tap0 (on server) (set as gateway on client)
2001:db8::100:abc:2     tap0 (on client)
2001:db8::1:2:3:4       gateway for server

 Home laptop   (tap0: 2001:db8::100:abc:2/112 gateway 2001:db8::100:abc:1/112)
  |      | |      (running Kubuntu 10.10; OpenVPN 2.1.0-3ubuntu1)
  | wifi | |
   router  |
      |   OpenVPN
  INTERNET |
eth0  |   /tap0
     VPS        (eth0:2001:db8::1:2:3:4/64    gateway 2001:db8::1)
               (tap0: 2001:db8::100:abc:1/112)
                  (running Debian 6; OpenVPN 2.1.3-2)

The server has both native IPv4 and IPv6 connectivity, the client has only IPv4.

I can ping6 to and from my server over OpenVPN, but not to other machines (for example, ipv6.google.com).

net.ipv6.conf.all.forwarding is set to 1, I've tried disabling net.ipv6.conf.all.accept_ra as well, without luck.

Using tcpdump on both the server and client, I can see that packets are actually transferred over tap0 to eth0. The router (2001:db8::1) send a neighbor solicitation for the client (2001:db8::100:abc:2) to eth0 after it receives the ICMP6 echo-request. The server does not respond to that solicitation, which causes the ICMP6 echo-request not be routed to the destination.

How can I make this IPv6 connection work?

© Server Fault or respective owner

Related posts about openvpn

Related posts about IPv6