New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
IPv6 tunnel broker with OpenVPN on OpenVZ
Some people asked about setting up OpenVPN to hand out dual stack connectivity, but looks like no one actually wrote about it.
I wanted to set it up on a humble OpenVZ container and a big subnet wasn't available, so I worked around that too.
Even while the setup is pretty hackish, it works great and I'm happy with the result!
Read the guide here: http://wiki.nyr.bz/ipv6_tunnel_broker_openvpn_openvz
Comments
nice
Nyr can you write how you did this with LES VPS and share that with us?
Thanks for share.
Very nice, however...
Can't seem to get the openvpn configuration working. Gives me this error:
Options error: Unrecognized option or missing parameter(s) in /etc/openvpn/server.conf:302: server-ipv6 (2.1.3)
I didn't try on a LES, but it should work. If you want to do it the easy way, just grab my OpenVPN installer and once that's set up, follow the instructions on the wiki.
What's the output of
cat /dev/net/tun
on your container? I assume you are using your assigned addresses instead of 216.66.84.42 and 1.2.3.4, yeah?Don't worry was my mistake trying to run the executable that came in that .tar.gz. Instead I compiled the .c and then the executable I made worked. Having a problem with openvpn now though
Edit. My ramnode vps has debian squeeze, doesn't look like openvpn supports ipv6 on squeeze. Think that's my problem.
Edit again. Upgraded to wheezy, got openvpn working. However, the ipv6 I get assigned doesn't ping externally and I can't access ipv6 sites. I can ping the ipv6 server ip from the client, but ordinary sites like google don't work / time out.
Interestingly I can ping any ipv6 on the vps, but not anything externally on the internet.
Ok thanks i will try for educational purpose because i didn't try something like this in the paste. I don't need script for it, but i will checked as well.
did you use the 2.3 version openvpn?
Yeah, 2.3+ is needed.
https://community.openvpn.net/openvpn/wiki/IPv6
It is recommended to use a /64 for your OpenVPN subnet. While OpenVPN can happily use smaller networks (such as a /112) this is not compatible with the 2.2.x dev-patches that f.ex Debian uses. Thus a /64 is the preferred choice for an OpenVPN IPv6 allocation.
are you sure a /112 won't work?
Well, sorry, my mistake. I was thinking wheezy got OpenVPN 2.3.x on the repos but I was wrong, it's 2.2.1 with patched IPv6 support and that's what I used.
So yeah, a little subnet should work then. You can use the official repos if you are on Debian, no need to compile:
https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos
I can not for the life of me figure this out. Ever since I restarted my VPS, I can no longer access ipv6 sites through openvpn on my VPS (OpenVZ + Tunnelbroker + Debian 7). The VPS itself still has ipv6 access and connectivity through tunnelbroker (pinging ipv6 google and wget v6 stuff all work fine) and I also checked ifconfig on my computer whenever I connect to the openvpn server and i'm still getting assigned proper ipv6 addresses, but trying to access ipv6 sites simply time out on my end. I used the openvpn install script by @Nyr and followed the wiki's instructions so i'm not sure what's going on... it worked before
my openvpn server.conf: http://pastebin.com/wpuhmn6Z
my /etc/rc.local file: http://pastebin.com/hAKpnTr2
@heyits_bob why
topology subnet
? That's nowere on the wiki.The OpenVPN Connect app on the iPhone cries about how my config lacks topology subnet and refuses to connect unless I put it in the configuration. It was in there before I restarted the server, so its likely not the issue.
Apart from the topology directive which I never used, configuration is fine.
Paste the following, please:
ifconfig
route print
ornetstat -nr
(whatever applies to you)Client Connection Log #1 (Tunnelblick + Macbook): http://pastebin.com/W6cpnH1N
Client Connection Log #2 (OpenVPN Connect + iOS): http://pastebin.com/qBg7PGqH
ifconfig (VPS): http://pastebin.com/yLPBqJMn
ifconfig (Macbook): http://pastebin.com/FdY72NkV
netstat -n (VPS): http://pastebin.com/6Tpp0u9W
I'm on my mobile now, but there is no TUN adapter at all on your MacBook.
My mistake, must've missed it when I was copying and pasting it over to paste bin. Here is an updated paste including the tun adapter: http://pastebin.com/FdY72NkV
Looks fine to me. Don't know where your problem could be.
Yeah me neither, but I setup this exact same configuration on a different VPS I had lying around and it works fine (reboots work fine too). Thanks for the help!
@Nyr what do I need to change if I have a /112 or an /64 with my VPS? Start from step 3?
If you got a /112 natively, just the server.conf part, yeah.
Thank you and is it possinle to route only ipv6 traffic over the vpn?
Yes, just don't push the routes for IPv4 (edit server.conf and comment redirect-gateway).
What if I have native /112 IPv6 with my container?
I tried to modify your guide to suite my need but end up not working, I can ping v6 vpn gateway xxxx:1/112 from vpn client xxxx:1000/112 but no route to outside of the subnet.
I tried it with one OpenVZ box and I get IPv6 working with my box, but when I do a restart the thing with locals doesn't work. I don't get an connection over IPv6 anymore. This is my locals file:
exit 0 setsid /root/tb_userspace tb0 [Server IPv4 Address] [Client IPv4 Address] sit > /dev/null sleep 3s #ugly, but doesn't seem to work at startup otherwise ifconfig tb0 up ifconfig tb0 inet6 add [Routed /64 from HE] ifconfig tb0 mtu 1480 route -A inet6 add ::/0 dev tb0 route -A inet6 del ::/0 dev venet0
@trexos put it before exit 0
exit 0 is the end of script
Thanks did rhis as well, but didnt work either
What's your problem with SixXS? I've been running a AYIYA tunnel with one of their POP's since 2010 and it has been down like 2-3 times over the years. It's almost as stable as a Prometeus VPS node, and it works on absolutely anything: NAT, tethered mobile 3G, and the wireless network at my uni.
Try adding an & after the sit > dev/null (I had to do that in order to get it to work)
Thanks man! Works now