Geekery of all stripes

Ipv6 Over Openvpn

· David Bishop

Get an IPV6 tunnel https://www.tunnelbroker.net

It’s 5 euro for a /80 instead of a single IP (/128), so why not get that?

Install openvpn on a linux server, not necessarily one acting as your ipv4 gateway

Modify the .ovpn file to add tls-version-min 1.0 which makes me sad but fixed the “TLS Error: TLS handshake failed” errors

WARNING! When using TLS 1.0 you should regard the “VPN tunnel” as you would a normal, unencrypted ISP connection. Always use encrypted transport protocols for anything you care about, and don’t think your traffic is private at all.

At this point, the server should have ipv6 connectivity. Verify with ping6 google.com

Calculate out what your interfaces and addresses will be. Example

Device Local Address Remote Address enp3s0 192.168.1.254 N/A tun0 2a07:1c44:212:c0ca:eb31::0 N/A

Install radvd

cp /usr/share/doc/radvd/examples/radvd.conf.example to /etc/radvd.conf

Uncomment the “IgnoreIfMissing on;” as you want this to work even if radvd starts before openvpn

Change the prefix section to match what you’re getting from your upstream.

Comment out the 6to4 section, as going IPv6-only for your local network is out-of-scope for this tutorial.

Comment out the rest of the file (making sure not to comment the closing };) for now.

Run sysctl -w net.ipv6.conf.all.forwarding=1 and then add /etc/sysctl.d/01-route-ipv6.conf with:

# Turn on routing for ipv6
net.ipv6.conf.all.forwarding = 1

to make that persist over reboots

Delete the route for your subnet that goes out over the tun0 interface, otherwise you can’t route traffic from your LAN: sudo ip -6 route del 2a07:1c44:212:c0ca:eb31::/80 dev tun0

Make it permanent by creating this script as /etc/openvpn/client/del-route.sh:

#!/bin/sh

/sbin/ip -6 route del ${ifconfig_ipv6_local}/${ifconfig_ipv6_netbits} dev tun0

And in your config file:

script-security 2
route-up /etc/openvpn/client/del-route.sh```