Openvpn (IPv4) over IPv6 connection Site to Site

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
dkruempe
OpenVpn Newbie
Posts: 4
Joined: Sat Jul 08, 2017 8:15 am

Openvpn (IPv4) over IPv6 connection Site to Site

Post by dkruempe » Sat Jul 08, 2017 8:51 am

Hello together,

i have successfully created a OpenVPN connection. My Client can reach all subnets from the server. But my server cannot reach the subnet from the client.

OpenVPN Server Config

Code: Select all

port 1194
proto udp6
dev tun0
sndbuf 0
rcvbuf 0
client-to-client
ca /etc/openvpn/main-keys/ca.crt
cert /etc/openvpn/main-keys/server.crt
key /etc/openvpn/main-keys/server.key
dh /etc/openvpn/main-keys/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
push "route 10.0.1.0 255.255.255.0"
route 10.0.0.0 255.255.255.0 10.8.0.4 #(Client Network)
keepalive 10 120
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
status main-status.log
ifconfig-pool-persist /etc/openvpn/main-ipp.txt
iptables Configuration Server

Code: Select all

iptables -A INPUT -i br0 -m state --state NEW -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE
They are also some other forwarding for the other subnets which are reachable for the client

OpenVPN Client configuration

Code: Select all

client
dev tun
proto udp6
auth-nocache
topology subnet
remote <IPv6 ADDRESS OF SERVER> 1194
route 192.168.2.0 255.255.255.0 # all reachable subnets
route 10.242.2.0 255.255.255.0
route 10.9.0.0 255.255.255.0
#resolv-retry infinite
#nobind
cipher AES-128-CBC
comp-lzo
tls-client

persist-key
persist-tun
verb 3
Client iptables

Code: Select all

# Generated by iptables-save v1.4.21 on Sat Jul  8 08:48:41 2017
*filter
:INPUT ACCEPT [8588:4494440]
:FORWARD ACCEPT [25:3068]
:OUTPUT ACCEPT [4606:472037]
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o tun0 -j ACCEPT
COMMIT
# Completed on Sat Jul  8 08:48:41 2017
# Generated by iptables-save v1.4.21 on Sat Jul  8 08:48:41 2017
*nat
:PREROUTING ACCEPT [816:104716]
:INPUT ACCEPT [721:85047]
:OUTPUT ACCEPT [285:21638]
:POSTROUTING ACCEPT [1:60]
-A POSTROUTING -o tun0 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Sat Jul  8 08:48:41 2017
# Generated by ip6tables-save v1.4.21 on Sat Jul  8 08:49:19 2017
*nat
:PREROUTING ACCEPT [4:1004]
:INPUT ACCEPT [4:1004]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -j MASQUERADE
COMMIT
# Completed on Sat Jul  8 08:49:19 2017
# Generated by ip6tables-save v1.4.21 on Sat Jul  8 08:49:19 2017
*filter
:INPUT ACCEPT [3143:2333463]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [10873:1377069]
-A INPUT -p udp -m udp --dport 1194 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Sat Jul  8 08:49:19 2017
Help me. I have no plan why my server cannot reach the client subnet.
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Openvpn (IPv4) over IPv6 connection Site to Site

Post by TinCanTech » Sat Jul 08, 2017 11:30 am

dkruempe wrote:I have no plan why my server cannot reach the client subnet
It is because you did not read the howto ..
Top
dkruempe
OpenVpn Newbie
Posts: 4
Joined: Sat Jul 08, 2017 8:15 am

Re: Openvpn (IPv4) over IPv6 connection Site to Site

Post by dkruempe » Sat Jul 08, 2017 12:00 pm

Thanks for the information. I have updated my post but that still does not help for openvpn problem man ;-), because I cannot edit my first post. Here the updated one.
dkruempe wrote:Hello together,

i have successfully created a OpenVPN connection. My Client can reach all subnets from the server. But my server cannot reach the subnet from the client.
OpenVPN Server Config
port 1194
proto udp6
dev tun0
sndbuf 0
rcvbuf 0
client-to-client
ca /etc/openvpn/main-keys/ca.crt
cert /etc/openvpn/main-keys/server.crt
key /etc/openvpn/main-keys/server.key
dh /etc/openvpn/main-keys/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
push "route 10.0.1.0 255.255.255.0"
route 10.0.0.0 255.255.255.0 10.8.0.4 #(Client Network)
keepalive 10 120
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
status main-status.log
ifconfig-pool-persist /etc/openvpn/main-ipp.txt
iptables Configuration Server
iptables -A INPUT -i br0 -m state --state NEW -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE
They are also some other forwarding for the other subnets which are reachable for the client

OpenVPN Client configuration
client
dev tun
proto udp6
auth-nocache
topology subnet
remote <IPv6 ADDRESS OF SERVER> 1194
route 192.168.2.0 255.255.255.0 # all reachable subnets
route 10.242.2.0 255.255.255.0
route 10.9.0.0 255.255.255.0
#resolv-retry infinite
#nobind
cipher AES-128-CBC
comp-lzo
tls-client

persist-key
persist-tun
verb 3
Client iptables
Client iptables
# Generated by iptables-save v1.4.21 on Sat Jul 8 08:48:41 2017
*filter
:INPUT ACCEPT [8588:4494440]
:FORWARD ACCEPT [25:3068]
:OUTPUT ACCEPT [4606:472037]
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o tun0 -j ACCEPT
COMMIT
# Completed on Sat Jul 8 08:48:41 2017
# Generated by iptables-save v1.4.21 on Sat Jul 8 08:48:41 2017
*nat
:PREROUTING ACCEPT [816:104716]
:INPUT ACCEPT [721:85047]
:OUTPUT ACCEPT [285:21638]
:POSTROUTING ACCEPT [1:60]
-A POSTROUTING -o tun0 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Sat Jul 8 08:48:41 2017
# Generated by ip6tables-save v1.4.21 on Sat Jul 8 08:49:19 2017
*nat
:PREROUTING ACCEPT [4:1004]
:INPUT ACCEPT [4:1004]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -j MASQUERADE
COMMIT
# Completed on Sat Jul 8 08:49:19 2017
# Generated by ip6tables-save v1.4.21 on Sat Jul 8 08:49:19 2017
*filter
:INPUT ACCEPT [3143:2333463]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [10873:1377069]
-A INPUT -p udp -m udp --dport 1194 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Sat Jul 8 08:49:19 2017
Help me. I have no plan why my server cannot reach the client subnet.
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Openvpn (IPv4) over IPv6 connection Site to Site

Post by TinCanTech » Sat Jul 08, 2017 12:11 pm

You still have not read the howto ..
Top
dkruempe
OpenVpn Newbie
Posts: 4
Joined: Sat Jul 08, 2017 8:15 am

Re: Openvpn (IPv4) over IPv6 connection Site to Site

Post by dkruempe » Sat Jul 08, 2017 12:29 pm

Which part of the how do you mean. First i have read the how to in this forum and corrected the post.
Now I read the OpenVPN how to but which part of the how to do you mean man?
Top
dkruempe
OpenVpn Newbie
Posts: 4
Joined: Sat Jul 08, 2017 8:15 am

Re: Openvpn (IPv4) over IPv6 connection Site to Site

Post by dkruempe » Sat Jul 08, 2017 1:15 pm

Thanks for the great help. I have solved it by my self. Just have to add an iroute command.
Topic can be closed.
Top
Post Reply

Return to “Configuration”