# OpenVPN IPv6 Tunnel



## nunim (Jan 27, 2014)

Has anyone setup an IPv6 tunnel with OpenVPN?  The tutorials on the internet are outdated and confusing since OVPN did not have official IPv6 support until recently.  I'm trying to use OpensVPN as an IPv6 over IPv4 tunnel with a Debian/Ubuntu host and a Windows client.  I was using TunnelBroker previously, however I recently switched to IPTV and was forced to downgrade my router thus I can no longer use the HE tunnel. 

I've managed to compile the latest version of OpenVPN 2.3, however I'm not familiar with the configuration as I typically use the OpenVPN-AS product which does not yet seem to support IPv6.

My OpenVPN build:


```
OpenVPN 2.3_git [git:master/66ff10ef5197b6c7] i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Jan 27 2014
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <[email protected]>
Compile time defines: enable_comp_stub=no enable_crypto=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_snappy=yes enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_win32_dll=yes enable_x509_alt_username=no with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no
```


----------



## Nyr (Jan 27, 2014)

You can do IPv6 over IPv4 natively with OpenVPN 2.3, as long as you have a little IPv6 subnet available.

I don't know if there is any kind of tutorial available, sorry.


----------



## D. Strout (Jan 27, 2014)

I too would really like a good tutorial on how to do this, since I can't do anything on my college network here without a VPN, and I can't run normal IPv6 tunnels over my OpenVPN config. I'd be willing to pay to commission a good tutorial about this.


----------



## nunim (Jan 28, 2014)

Nyr said:


> You can do IPv6 over IPv4 natively with OpenVPN 2.3, as long as you have a little IPv6 subnet available.
> 
> I don't know if there is any kind of tutorial available, sorry.


Any link to a configuration file?


----------



## Nyr (Jan 28, 2014)

To use IPv6 over v4 natively with OpenVPN 2.3+ you do need:

- An assigned subnet bigger than a /112 (since OpenVPN needs at least one /112 for itself).

- To set "server-ipv6" on server.conf to the subnet you want to use for OpenVPN.

- To push the routes you want for IPv6:

push "route-ipv6 2000::/3"

push "route-ipv6 your-server-subnet"

- tun-ipv6 on client.conf

- Enable net.ipv6.conf.all.forwarding at Sysctl plus maybe other params?

I am missing something for sure. Biggest problem at the moment is you are going to need NAT if you don't have a decent subnet since OpenVPN insists on using at least a /112. And NAT over IPv6 is also in its early stages too.


----------



## mtwiscool (Jan 30, 2014)

/112 is 1 ipv6 address

you can get a /64 as easy as he.net

or even a /48 if your crazy


----------



## Nyr (Jan 30, 2014)

mtwiscool said:


> /112 is 1 ipv6 address


No.



mtwiscool said:


> you can get a /64 as easy as he.net


Possible, but no so easy on OVZ, for example. Also, added latency.



mtwiscool said:


> or even a /48 if your crazy


Isn't crazy, has its applications.


----------



## Nyr (May 30, 2014)

So I ended up testing all this and writing about it. No, D. Strout, I don't want money in exchange


----------

