Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


IPv6 tunnel broker with OpenVPN on OpenVZ
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

IPv6 tunnel broker with OpenVPN on OpenVZ

NyrNyr Community Contributor, Veteran

Some people asked about setting up OpenVPN to hand out dual stack connectivity, but looks like no one actually wrote about it.

I wanted to set it up on a humble OpenVZ container and a big subnet wasn't available, so I worked around that too.

Even while the setup is pretty hackish, it works great and I'm happy with the result!

Read the guide here: http://wiki.nyr.bz/ipv6_tunnel_broker_openvpn_openvz

«134

Comments

  • nice

  • ZEROFZEROF Member

    Nyr can you write how you did this with LES VPS and share that with us?

    Thanks for share.

  • sc754sc754 Member
    edited May 2014

    Very nice, however...

    Can't seem to get the openvpn configuration working. Gives me this error:

    Options error: Unrecognized option or missing parameter(s) in /etc/openvpn/server.conf:302: server-ipv6 (2.1.3)

  • NyrNyr Community Contributor, Veteran

    ZEROF said: Nyr can you write how you did this with LES VPS and share that with us?

    I didn't try on a LES, but it should work. If you want to do it the easy way, just grab my OpenVPN installer and once that's set up, follow the instructions on the wiki.

    sc754 said: execvp: No such file or directory

    What's the output of cat /dev/net/tun on your container? I assume you are using your assigned addresses instead of 216.66.84.42 and 1.2.3.4, yeah?

  • sc754sc754 Member
    edited May 2014

    @Nyr said:
    What's the output of cat /dev/net/tun on your container? I assume you are using your assigned addresses instead of 216.66.84.42 and 1.2.3.4, yeah?

    Don't worry was my mistake trying to run the executable that came in that .tar.gz. Instead I compiled the .c and then the executable I made worked. Having a problem with openvpn now though

    Edit. My ramnode vps has debian squeeze, doesn't look like openvpn supports ipv6 on squeeze. Think that's my problem.

    Edit again. Upgraded to wheezy, got openvpn working. However, the ipv6 I get assigned doesn't ping externally and I can't access ipv6 sites. I can ping the ipv6 server ip from the client, but ordinary sites like google don't work / time out.
    Interestingly I can ping any ipv6 on the vps, but not anything externally on the internet.

  • ZEROFZEROF Member

    Ok thanks i will try for educational purpose because i didn't try something like this in the paste. I don't need script for it, but i will checked as well.

    Nyr said: I didn't try on a LES, but it should work. If you want to do it the easy way, just grab my OpenVPN installer and once that's set up, follow the instructions on the wiki.

  • did you use the 2.3 version openvpn?

  • NyrNyr Community Contributor, Veteran

    @maoyipeng said:
    did you use the 2.3 version openvpn?

    Yeah, 2.3+ is needed.

  • @Nyr said:
    Yeah, 2.3+ is needed.

    https://community.openvpn.net/openvpn/wiki/IPv6
    It is recommended to use a /64 for your OpenVPN subnet. While OpenVPN can happily use smaller networks (such as a /112) this is not compatible with the 2.2.x dev-patches that f.ex Debian uses. Thus a /64 is the preferred choice for an OpenVPN IPv6 allocation.

    are you sure a /112 won't work?

  • NyrNyr Community Contributor, Veteran

    maoyipeng said: are you sure a /112 won't work?

    Well, sorry, my mistake. I was thinking wheezy got OpenVPN 2.3.x on the repos but I was wrong, it's 2.2.1 with patched IPv6 support and that's what I used.

    So yeah, a little subnet should work then. You can use the official repos if you are on Debian, no need to compile:
    https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos

  • I can not for the life of me figure this out. Ever since I restarted my VPS, I can no longer access ipv6 sites through openvpn on my VPS (OpenVZ + Tunnelbroker + Debian 7). The VPS itself still has ipv6 access and connectivity through tunnelbroker (pinging ipv6 google and wget v6 stuff all work fine) and I also checked ifconfig on my computer whenever I connect to the openvpn server and i'm still getting assigned proper ipv6 addresses, but trying to access ipv6 sites simply time out on my end. I used the openvpn install script by @Nyr and followed the wiki's instructions so i'm not sure what's going on... it worked before :/

    my openvpn server.conf: http://pastebin.com/wpuhmn6Z

    my /etc/rc.local file: http://pastebin.com/hAKpnTr2

  • NyrNyr Community Contributor, Veteran

    @heyits_bob why topology subnet? That's nowere on the wiki.

  • heyits_bobheyits_bob Member
    edited June 2014

    @Nyr said:
    heyits_bob why topology subnet? That's nowere on the wiki.

    The OpenVPN Connect app on the iPhone cries about how my config lacks topology subnet and refuses to connect unless I put it in the configuration. It was in there before I restarted the server, so its likely not the issue.

  • NyrNyr Community Contributor, Veteran

    heyits_bob said: The OpenVPN Connect app on the iPhone cries about how my config lacks topology subnet and refuses to connect unless I put it in the configuration. It was in there before I restarted the server, so its likely not the issue.

    Apart from the topology directive which I never used, configuration is fine.

    Paste the following, please:

    • Client connection log
    • Output of ifconfig
    • Output of route print or netstat -nr (whatever applies to you)
  • heyits_bobheyits_bob Member
    edited June 2014

    @Nyr said:

    • Output of route print or netstat -nr (whatever applies to you)

    Client Connection Log #1 (Tunnelblick + Macbook): http://pastebin.com/W6cpnH1N
    Client Connection Log #2 (OpenVPN Connect + iOS): http://pastebin.com/qBg7PGqH

    ifconfig (VPS): http://pastebin.com/yLPBqJMn
    ifconfig (Macbook): http://pastebin.com/FdY72NkV

    netstat -n (VPS): http://pastebin.com/6Tpp0u9W

  • NyrNyr Community Contributor, Veteran
    edited June 2014

    I'm on my mobile now, but there is no TUN adapter at all on your MacBook.

  • @Nyr said:
    I'm on my mobile now, but there is no TUN adapter at all on your MacBook.

    My mistake, must've missed it when I was copying and pasting it over to paste bin. Here is an updated paste including the tun adapter: http://pastebin.com/FdY72NkV

  • NyrNyr Community Contributor, Veteran

    Looks fine to me. Don't know where your problem could be.

  • @Nyr said:
    Looks fine to me. Don't know where your problem could be.

    Yeah me neither, but I setup this exact same configuration on a different VPS I had lying around and it works fine (reboots work fine too). Thanks for the help! :)

  • trexostrexos Member
    edited June 2014

    @Nyr what do I need to change if I have a /112 or an /64 with my VPS? Start from step 3?

  • NyrNyr Community Contributor, Veteran

    @trexos said:
    Nyr what do I need to change if I have a /112 or an /64 with my VPS? Start from step 3?

    If you got a /112 natively, just the server.conf part, yeah.

    Thanked by 1trexos
  • trexostrexos Member

    @Nyr said:
    If you got a /112 natively, just the server.conf part, yeah.

    Thank you :) and is it possinle to route only ipv6 traffic over the vpn?

  • NyrNyr Community Contributor, Veteran

    @trexos said:
    Thank you :) and is it possinle to route only ipv6 traffic over the vpn?

    Yes, just don't push the routes for IPv4 (edit server.conf and comment redirect-gateway).

    Thanked by 1trexos
  • johnlth93johnlth93 Member
    edited June 2014

    What if I have native /112 IPv6 with my container?

    I tried to modify your guide to suite my need but end up not working, I can ping v6 vpn gateway xxxx:1/112 from vpn client xxxx:1000/112 but no route to outside of the subnet.

  • trexostrexos Member
    edited June 2014

    I tried it with one OpenVZ box and I get IPv6 working with my box, but when I do a restart the thing with locals doesn't work. I don't get an connection over IPv6 anymore. This is my locals file:

    exit 0 setsid /root/tb_userspace tb0 [Server IPv4 Address] [Client IPv4 Address] sit > /dev/null sleep 3s #ugly, but doesn't seem to work at startup otherwise ifconfig tb0 up ifconfig tb0 inet6 add [Routed /64 from HE] ifconfig tb0 mtu 1480 route -A inet6 add ::/0 dev tb0 route -A inet6 del ::/0 dev venet0

  • @trexos put it before exit 0

    exit 0 is the end of script

  • trexostrexos Member

    @johnlth93 said:
    trexos put it before exit 0

    exit 0 is the end of script

    Thanks did rhis as well, but didnt work either :/

  • heiskaheiska Member

    I need IPv6 on my MacBook. No ISP cares about it in Spain and a tunnel from HE is a pain in the ass to set up for any kind of dynamic network. Same happens with AICCU and the guys behind the SixXS project are a bunch of arrogant clowns anyway.

    What's your problem with SixXS? I've been running a AYIYA tunnel with one of their POP's since 2010 and it has been down like 2-3 times over the years. It's almost as stable as a Prometeus VPS node, and it works on absolutely anything: NAT, tethered mobile 3G, and the wireless network at my uni.

  • @trexos said:
    I tried it with one OpenVZ box and I get IPv6 working with my box, but when I do a restart the thing with locals doesn't work. I don't get an connection over IPv6 anymore. This is my locals file:

    exit 0 setsid /root/tb_userspace tb0 [Server IPv4 Address] [Client IPv4 Address] sit > /dev/null sleep 3s #ugly, but doesn't seem to work at startup otherwise ifconfig tb0 up ifconfig tb0 inet6 add [Routed /64 from HE] ifconfig tb0 mtu 1480 route -A inet6 add ::/0 dev tb0 route -A inet6 del ::/0 dev venet0

    Try adding an & after the sit > dev/null (I had to do that in order to get it to work)

    Thanked by 1trexos
  • trexostrexos Member

    @heyits_bob said:
    Try adding an & after the sit > dev/null (I had to do that in order to get it to work)

    Thanks man! Works now :)

Sign In or Register to comment.