IPv6 using OpenVPN

1 minute read

This post explains how to add IPv6 to OpenVPN and route to the internet.

Some steps in this post may not be necessary or optimal. This post only contains the steps I took to make IPv6 work: I didn’t do any research.

Environment information

Name Value
Server IPv6 2a00:d880:5:7fe::6ad8
OpenVPN IPv6 pool 2001:db8:0:123::/64
Server OS Debian Sid
OpenVPN version OpenVPN 2.4.0

Enable IPv6 forwarding

Execute the following command to enable IPv6 forwarding:

sysctl net.ipv6.conf.all.forwarding=1

Add (or uncomment) the following line to /etc/sysctl.conf to auto enable forwarding on next boot as well:


Enable IPv6 NAT

This requires iptables, so install it:

apt install iptables

Execute the following commands, this will route OpenVPN clients to and from the server’s IPv6 address and open the OpenVPN interface (make sure to replace the server IPv6 address):

ip6tables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -I FORWARD -s 2001:db8:0:123::/64 -j ACCEPT
ip6tables -I INPUT -p udp --dport 1194 -j ACCEPT
ip6tables -t nat -A POSTROUTING -s 2001:db8:0:123::/64 -j SNAT --to 2a00:d880:5:7fe::6ad8

You can add these commands to /etc/rc.local (for example) to apply them on boot as well.

Enable IPv6 in OpenVPN

Add the following lines to the server configuration:

server-ipv6 2001:db8:0:123::/64
push "route-ipv6 2000::/3"

Restart OpenVPN

All required configuration has been completed, restart OpenVPN:

systemctl restart openvpn


Leave a comment