If you've been allocated a /48, I suggest assigning a /64 to the server side OpenVPN interface.
If you've been allocated a /64, try using a /80 on your server side OpenVPN interface.
As an example, lets say that your provider has allocated
2001:db8:100:222::/64 to you.
For the sake of argument, we'll say this is native IPv6.
On your Ethernet interface, you'll have an IP address in the same range as your carriers IPv6 router...
So for example, their router is
2001:db8:100:111::1/64, you will assign
2001:db8:100:111::2/64 to eth0 (or your tunnel):
ip -6 address add
2001:db8:100:111::2/64 dev eth0
The next thing you need to be sure to do is add a default route back to your provider. To do this, something like the following should suffice:
ip -6 route add 2000::/3 via
2001:db8:100:111::1
At this point you should be able to ping out over IPv6 from the host. Try something like:
ping -6 ipv6.google.com
Since the provider is routing all traffic to your
2001:db8:100:222::/64 subnet to your IP on their subnet (
2001:db8:100:111::2), as long as you have IPv6 routing enabled, any traffic destined to
2001:db8:100:222::/64 will hit your machine and should be forwarded out the correct interface.
The next thing you need to do is pick a subnet for your OpenVPN clients. We'll use
2001:db8:100:222:99::/80. Assuming you're using TAP mode for OpenVPN, you can use a configuration something like this:
# /etc/openvpn/server.conf
mode server
dev tap
secret your.key
up /etc/openvpn/ifup.sh
Code:
#!/bin/sh
# /etc/openvpn/ifup.sh
ip link set dev $dev up
ip -6 address add [color=#0000ff]2001:db8:100:222:[/color][color=#ffa500]99::1/80[/color] dev $dev
On the client side, it should be something like this:
# /etc/openvpn/client.conf
mode client
dev tap
secret your.key
remote your.server.domain.or.ip
up /etc/openvpn/ifup.sh
Code:
#!/bin/sh
# /etc/openvpn/ifup.sh
ip link set dev $dev up
ip -6 address add [color=#0000cd]2001:db8:100:222:[/color][color=#ff8c00]99::2/80[/color] dev $dev
ip -6 route add 2000::/3 via [color=#0000ff]2001:db8:100:222:[/color][color=#ffa500]99::1[/color]
I haven't tested this configuration, and the OpenVPN configurations are obviously incomplete, so I'm not sure if it will work. I believe the concept is correct, though I haven't messed with IPv6 in a while. For those who are curious, I adapted parts of this from the following guide:
http://silmor.de/ipv6.openvpn.php
Also, OpenVPN 2.3 now supports IPv6 in TUN mode. This may be preferable depending on your setup. I'm not exactly sure how that works, so I'm not going to comment on it.
If I have anything incorrect, please feel free to correct me! I hope the color coding helped!
