I'm trying to get an all IPv6 solution set up, with the LAN-box connecting as a vpn-client to the VPS-box, as the vpn-server.
They two boxes' nets are
Code: Select all
SERVER (remote VPC)
one real interface
= eth0
IPv4 = XX.XX.XX.100
IPv6 = 2600::...:35::100 <-- ISP provided
tun1
CLIENT (Home Office Router/Firewall)
two real interfaces
= eth0 (external)
IPv4 = YY.YY.YY.56
IPv6 = 2100::...:13:2 <-- Tunnelbroker IPv6 client endpoint
= eth1
IPv4 = 192.168.1.20
IPv6 = 2100::...:13:20
tun1
I can ping/ping6 all real IPs in both diretions, and can bring up each end's vpn instance with no errors, but -- so far -- I can't get the Client to connect to the Server.
I'd appreciate a look over my configs here, and any specific guidance on what the IPs need to be.
server.conf
Code: Select all
daemon
dev tun1
tun-ipv6
proto tcp6-server
mode server
?? local 2600::...:100
bind
port 1194
?? server ??.??.??.?? 255.255.255.0
?? server-ipv6 2600::...:35::/64
?? push "route ??.??.??.?? 255.255.255.0"
?? push "route-ipv6 ??::...:??::/??"
tls-server
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
tls-auth /etc/openvpn/common.ta.key 0
dh /etc/openvpn/dh2048.pem
user nobody
group nobody
chroot /etc/openvpn
script-security 2
persist-tun
persist-key
keepalive 10 120
resolv-retry infinite
client.conf
Code: Select all
daemon
<connection>
?? remote 2600::...:100 1194 tcp6-client
</connection>
dev tun1
tun-ipv6
proto-force tcp6-client
?? local 2100::...:20
bind
port 1194
tls-client
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client.crt
key /etc/openvpn/client.key
tls-auth /etc/openvpn/common.ta.key 1
dh /etc/openvpn/dh2048.pem
remote-cert-tls server
user nobody
group nobody
chroot /etc/openvpn
script-security 2
comp-lzo
persist-tun
persist-key
keepalive 10 120
resolv-retry infinite