Oggy512
Posts: 9
Joined: Mon Dec 17, 2012 6:34 am

OpenVPN with IPv6 / IPv4 support

Fri Mar 13, 2015 8:04 am

Dear friends,
unfortunately i got now a DS Lite connection (IPv6) from my ISP. So my old OpenVPN server won't work anymore :-(
That mean i have to upgrade it and make a new setup. The first problem was to connect via an IPv4 connection to my DS Lite. I found a service in the Internet which could ensure this (http://www.feste-ip.net). So now i'm able to connect from an IPv4 (Internet) to my home server, which works proper. I could use for instance port 22 SSH and other services.
unfortunately my vpn doesn't work.
I know, that openVPN supports IPv6 since version 2.3, so i compile an installation of the lastet version 2.3.6 but i have no glue how to configure it.
Has anybody of you made it? Could you give me an example of the configuration that is needed for the server?

Here's my old server.conf:

Code: Select all

# Main Configuration #
port 1194
proto udp
dev tun
server 10.8.0.0 255.255.255.0

# Certificates and Encryption #
ca ca.crt
cert servername.crt
key servername.key
crl-verify crl.pem
dh dh1024.pem
cipher AES-256-CBC
comp-lzo

# Additional Config #
persist-key
persist-tun
status openvpn-status.log
verb 3
tun-mtu 1500
tun-mtu-extra 0
mssfix 1450
route 192.168.0.0 255.255.255.0
push "route 192.168.0.0 255.255.255.0"
keepalive 5 30
user nobody
group nogroup
I prior used udp protocol, but afaik IPv6 won't work with this, so i have to change to tcp, but i can't get it working...
Thank you guys & sorry for my bad english, I'm from germany :|

User avatar
DougieLawson
Posts: 30136
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website

Re: OpenVPN with IPv6 / IPv4 support

Fri Mar 13, 2015 9:16 am

Here's my OpenVPN config

Code: Select all

port 1194
proto udp6
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
server-ipv6 2001:4xxx:6xxx:2001::/64
keepalive 10 120
comp-lzo
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
verb 3
I'm using Hurricane Electric to get my IPv6 service.

And the client

Code: Select all

client
dev tun
proto udp
remote openvpn.example.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert example_user.client.crt
key example_user.client.key
ns-cert-type server
comp-lzo
verb 3
I still need to push a couple of routes but I do get an IPv6 address assigned on the client.
Microprocessor, Raspberry Pi & Arduino Hacker
Mainframe database troubleshooter
MQTT Evangelist
Twitter: @DougieLawson

Since 2012: 1B*5, 2B*2, B+, A+, Zero*2, 3B*3

Please post ALL technical questions on the forum. Do not send private messages.

Oggy512
Posts: 9
Joined: Mon Dec 17, 2012 6:34 am

Re: OpenVPN with IPv6 / IPv4 support

Fri Mar 13, 2015 2:34 pm

Thank you. I guess it's the server-ipv6 parameter that is missing in my config.
But i don't know what address i should write down there? because as i understand in IPv6 the "IP" of the rpi will change often, so which addres should i mention there?
or is it possible to define an address-block? an if yes, how can i find out the right address block?

I really don't understand ths f*** v6 shit ;-P

User avatar
DougieLawson
Posts: 30136
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website

Re: OpenVPN with IPv6 / IPv4 support

Fri Mar 13, 2015 3:26 pm

Oggy512 wrote:Thank you. I guess it's the server-ipv6 parameter that is missing in my config.
You also need to replace

Code: Select all

proto udp
with

Code: Select all

proto udp6
which means do both IPv4 & IPv6.

IPv6 is easier than IPv4 when you get your head round the strange new addressing syntax and that you can compress out blocks of 0000:0000:0000 to :: the underlying way it works, the unique address global unicast for every device and the route advertiser is much better than the IPv4 layer 2 protocols like arp and IPv4 crud like NAT.
Microprocessor, Raspberry Pi & Arduino Hacker
Mainframe database troubleshooter
MQTT Evangelist
Twitter: @DougieLawson

Since 2012: 1B*5, 2B*2, B+, A+, Zero*2, 3B*3

Please post ALL technical questions on the forum. Do not send private messages.

Oggy512
Posts: 9
Joined: Mon Dec 17, 2012 6:34 am

Re: OpenVPN with IPv6 / IPv4 support

Sat Mar 14, 2015 6:21 pm

ok, after 3 days with a lot of coffee, a lot of time and a lot of trouble with my girlfriend as well i made it ^^

but i'm still not sure about the ipv6 server address. what should i write there?

my router has the address: 2a02:810c:8000:2:ad24:73fe:7e82:6099 and the prefix: 2a02:810c:813f:f390::/62.
so what should i mention for the "server"?

you mean v6 is easier? mhm... not really, or i'm to involved in ipv4 ^^
do you have a good and understanding explanation (website) of the differences?

User avatar
DougieLawson
Posts: 30136
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website

Re: OpenVPN with IPv6 / IPv4 support

Sat Mar 14, 2015 6:47 pm

Use

Code: Select all

server-ipv6 2a02:810c:813f:f390::/64
or a subnet from that prefix

Code: Select all

server-ipv6 2a02:810c:813f:f390:0001:/72
Microprocessor, Raspberry Pi & Arduino Hacker
Mainframe database troubleshooter
MQTT Evangelist
Twitter: @DougieLawson

Since 2012: 1B*5, 2B*2, B+, A+, Zero*2, 3B*3

Please post ALL technical questions on the forum. Do not send private messages.

degsi
Posts: 2
Joined: Mon May 01, 2017 8:18 pm

Re: OpenVPN with IPv6 / IPv4 support

Sun Oct 15, 2017 2:47 pm

Please, please, please can someone help me figure out how to get my openvpn working again? I too had a working vpn using ipv4 but my ISP has switched to ipv6 and I have followed the above but openvpn does not start on bootup. It seems to be that code line proto udp6 is somehow not valid. I am running on Jessie. I am tearing my hair out. Can someone please help. Thanks

User avatar
DougieLawson
Posts: 30136
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website

Re: OpenVPN with IPv6 / IPv4 support

Sun Oct 15, 2017 5:25 pm

degsi wrote:
Sun Oct 15, 2017 2:47 pm
Please, please, please can someone help me figure out how to get my openvpn working again? I too had a working vpn using ipv4 but my ISP has switched to ipv6 and I have followed the above but openvpn does not start on bootup. It seems to be that code line proto udp6 is somehow not valid. I am running on Jessie. I am tearing my hair out. Can someone please help. Thanks
What part of viewtopic.php?p=1223009#p717852 isn't working for you?
Microprocessor, Raspberry Pi & Arduino Hacker
Mainframe database troubleshooter
MQTT Evangelist
Twitter: @DougieLawson

Since 2012: 1B*5, 2B*2, B+, A+, Zero*2, 3B*3

Please post ALL technical questions on the forum. Do not send private messages.

degsi
Posts: 2
Joined: Mon May 01, 2017 8:18 pm

Re: OpenVPN with IPv6 / IPv4 support

Sat Oct 21, 2017 12:17 pm

A bit of background. I'm relatively new, got first of 2 RPi's in October '15. First RPi has Wheezy, second has Jessie. I set up a VPN on RPi running Wheezy using http://www.bbc.co.uk/news/technology-33548728. Was relatively straightforward. Then a few weeks later got 2nd RPi and set up another VPN. A bit harder as second RPi now running Jessie so had to figure out that now using /etc/dhcpcd.conf instead of /etc/network/interfaces for configuring static IP address for RPi.
I'm running RPis at 2 different locations. At one location where the Jessie RPi's at my ISP has moved to ipv6 and the VPN's stopped working or at least I can't get my clients to connect.
I've been searching around for solutions and found this post with what seems to be same situation. I tried amending /etc/openvpn/server.conf as suggested above putting "proto udp6" instead of "proto udp" and adding something like "server-ipv6 2001:4xxx:6xxx:2001::/64". But the line "proto udp6" seems to stop openvpn service from starting as it now fails to start. When I revert back to "proto udp" openvpn service starts, but again the VPN is not accessible as before. My internal network still seems to be ipv4 so is the code change "proto udp6" for when the internal network is also ipv6, or am I missing something?

Return to “Networking and servers”

Who is online

Users browsing this forum: No registered users and 13 guests