IPv6 using OpenVPN
This post explains how to add IPv6 to OpenVPN and route to the internet.
Some steps in this post may not be necessary or optimal. This post only contains the steps I took to make IPv6 work: I didn’t do any research.
Environment information
| Name | Value |
|---|---|
| Server IPv6 | 2a00:d880:5:7fe::6ad8 |
| OpenVPN IPv6 pool | 2001:db8:0:123::/64 |
| Server OS | Debian Sid |
| OpenVPN version | OpenVPN 2.4.0 |
Enable IPv6 forwarding
Execute the following command to enable IPv6 forwarding:
sysctl net.ipv6.conf.all.forwarding=1
Add (or uncomment) the following line to /etc/sysctl.conf to auto enable forwarding on next boot as well:
net.ipv6.conf.all.forwarding=1
Enable IPv6 NAT
This requires iptables, so install it:
apt install iptables
Execute the following commands, this will route OpenVPN clients to and from the server’s IPv6 address and open the OpenVPN interface (make sure to replace the server IPv6 address):
ip6tables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -I FORWARD -s 2001:db8:0:123::/64 -j ACCEPT
ip6tables -I INPUT -p udp --dport 1194 -j ACCEPT
ip6tables -t nat -A POSTROUTING -s 2001:db8:0:123::/64 -j SNAT --to 2a00:d880:5:7fe::6ad8
You can add these commands to /etc/rc.local (for example) to apply them on boot as well.
Enable IPv6 in OpenVPN
Add the following lines to the server configuration:
server-ipv6 2001:db8:0:123::/64
push "route-ipv6 2000::/3"
Restart OpenVPN
All required configuration has been completed, restart OpenVPN:
systemctl restart openvpn
Leave a comment