# Any working tutorials for a OpenVPN server with IPv4 & IPv6?



## Gang Starr (Jul 4, 2015)

Hello fellas,

I have a KVM box with DDos protection in France by Verelox and been very happy with their service. Got a single IPv6 address of a /64 recently.

I want to setup a VPN server with OpenVPN. I did it hundreds of time with IPv4 and everything always worked but I never managed to setup one with IPv6 (I have native IPv6).

Do you guys know proper guides that would help me to setup IPv6 on the OpenVPN server? I hate IPv6 leaking VPNs.

According to OpenVPN wiki: 

Requirements
A few things must be met in order to use IPv6:


An existing and functional OpenVPN configuration (use the official howto if you don't yet have this.) - CHECK
Both client and server must support IPv6; most modern systems these-days include this support already - CHECK
Additionally:


*Recommended* A routed IPv6 network block that will reach the host configured as the OpenVPN server - I have 1 address of a /64
alternatively, check section "Splitting a single routable IPv6 netblock" below -


----------



## hxQ&S8ZaVn9e (Jul 4, 2015)

Subscribed 

I am curious too. IPv6 is new to me and I usually disable it on anything that has it since I don't know what to do with it yet.


----------



## drmike (Jul 4, 2015)

I don't mess with IPv6 yet.  But there was a recent study about VPN which had VPNs from commercial providers leaking on the IPv6 and allowing people to be identified.

See: 

https://www.google.com/?gws_rd=ssl#q=vpn+ipv6+leak


----------



## Gang Starr (Jul 4, 2015)

drmike I have read this study and it was one of the reason why I got a IPv6 on my KVM box to make a proper VPN that does not leak IPv6.

I used to use FrootVPN (by some friends of TPB) and they actually did have a proper VPN with IPv6 addresses (no IPv6 leak and no DNS leak), but... they ended their free service.

I wonder how they made it work. I know that OpenVPN supports IPv6 since like 2.3.0. If I really need a routed block I guess I can get Tunnel Broker France tunnel up and simply get my routed /64 instead of 1 IP address out of the providers /64.

Not quite sure about the setup though because it's OVH and... you know.

The wiki entry on OpenVPN for IPv6 explains how to do it but it never worked for me however I recall I never actually really had a routed /64 with all my other VPSs. Only either one or few more IPv6 addresses (SolusVM sucks hard...). Virtualizor supports giving out whole ranges of IPv6 but Verelox only provided me 1 IPv6.


----------



## texteditor (Jul 7, 2015)

I'm running Firefox with shadowsocks over tinc to VPSs with IPv4 & v6 with no leaks

I have *network.dns.disableIPv6* set to false in Firefox's *about:config*, but have *network.dns.disablePrefetch* & *network.proxy.socks_remote_dns *set to true. Seems to do the trick

If you need something more complex, setup a dns server on the VPS


----------



## Gang Starr (Jul 9, 2015)

I don't know if you've even read what I posted...


OpenVPN! I said nothing about any other software.


----------



## drmike (Jul 19, 2015)

Gang Starr said:


> I don't know if you've even read what I posted...
> 
> 
> OpenVPN! I said nothing about any other software.


Well @texteditor 's points will help on a dual IP stack to clean up leaking a bit from the identified areas. 

But such won't address an IPv6-only or dual IPv4 + IPv6 OpenVPN config.


----------



## drmike (Jul 19, 2015)

Try giving this a read for the solution:

http://www.tecmint.com/install-openvpn-in-debian/



> "This article details how to obtain IPv6 connectivity on OpenVPN using Debian Linux. The process has been tested on Debian 7 on a KVM VPS with IPv6 connectivity as the server, and a Debian 7 desktop. The commands are to be run as root."


----------



## Gang Starr (Aug 31, 2015)

drmike said:


> Try giving this a read for the solution:
> 
> http://www.tecmint.com/install-openvpn-in-debian/
> 
> ...


I tried that but to be honest the guide is quite a mess and the VPN isn't working at all. His IPv6 configuration is totally screwed or something. All kind of different IP addresses appearing in the files. A mess. The whole guide is just full of mistakes.


----------



## Nyr (Aug 31, 2015)

The guide linked by @drmike is very outdated and should not be used.

@Gang Starr IPv6 leaks have nothing to do with your server supporting IPv6.

That said, setting up IPv6 for OpenVPN is easy if you have a routed subnet as you should if you provider has any clue about how IPv6 works. This is not exactly what you want, but enough to understand: https://wiki.nyr.es/ipv6_tunnel_broker_openvpn_openvz

If you have a single IPv6 available, you are only left with some nasty workarounds.


----------



## Gang Starr (Aug 31, 2015)

Nyr said:


> The guide linked by @drmike is very outdated and should not be used.
> 
> @Gang Starr IPv6 leaks have nothing to do with your server supporting IPv6.
> 
> ...



Well, IPv6 leaks have a strong relation to a server having IPv6 or not and whether the OpenVPN server is setup for IPv6.

1) The server does not have IPv6 and a IPv4 VPN is running but client has both: client IPv6 leaks on sites that explicit request IPv6. Been there, done that multiple times.

2) The server has IPv6 but is not configured to use it via VPN: client IPv6 also leaks. Also had that because I so far never really managed to setup IPv6 with OpenVPN.

The server I have is KVM though and another one XenHVM. I have got myself a /64 from Tunnel Broker by HE routed to the VPS.


----------



## Nyr (Sep 1, 2015)

Gang Starr said:


> Nyr said:
> 
> 
> > The guide linked by @drmike is very outdated and should not be used.
> ...


No, IPv6 leaks have a strong relation to how your client routes IPv6 (or doesn't) when connected to the VPN. Nothing to do with the server, even if you can avoid them by pushing routes to the client.

Also, nearly no sites will "request" IPv6 by default.. This is again a client side decision if both of them are available for a record.


----------

