Integrate basic dhcpv6 client into OpenVPN with
Posted: Fri Oct 09, 2015 11:05 pm
I stumbled across the following problem when I wanted to provide IPv6 inside the tunnel on my network.
I can request a prefix from my router via prefix delegation with Dibbler, WIDE-dhcpv6 or some other DHCPv6 client and afterwards write it as server-ipv6 into the configuration.
But many ISPs only hand out dynamic IPv6 blocks, resulting in the problem that one has to update the configuration regularly. This is clearly not a good solution.
So either it would be nice if OpenVPN could monitor the assigned prefix from these DHCPv6 clients, or, maybe even easier, include an own DHCPv6 client which does nothing more than requesting a prefix and using it for the tunnel.
So, in the configuration, do something like this:
server-ipv6 ia-pd 64
In this case, OpenVPN would request a 64 bit prefix and use it for the tunnel. No other configuration required, and the home router would automatically change the routing table. Even easier than IPv4 where you need to add a static route to 10.8.0.0/24 to the OpenVPN computer Of course it then also needs to change the prefix in the tunnel if a new prefix is received, all this without doing a restart of the server (I guess by setting the lifetime of the IPs).
One small thing to note though: It would be good if one requested /64 block could be shared between multiple OpenVPN instances. So request a /64 block once, but split it to two /65 for two simultaneously running servers on the same machine.
I can request a prefix from my router via prefix delegation with Dibbler, WIDE-dhcpv6 or some other DHCPv6 client and afterwards write it as server-ipv6 into the configuration.
But many ISPs only hand out dynamic IPv6 blocks, resulting in the problem that one has to update the configuration regularly. This is clearly not a good solution.
So either it would be nice if OpenVPN could monitor the assigned prefix from these DHCPv6 clients, or, maybe even easier, include an own DHCPv6 client which does nothing more than requesting a prefix and using it for the tunnel.
So, in the configuration, do something like this:
server-ipv6 ia-pd 64
In this case, OpenVPN would request a 64 bit prefix and use it for the tunnel. No other configuration required, and the home router would automatically change the routing table. Even easier than IPv4 where you need to add a static route to 10.8.0.0/24 to the OpenVPN computer Of course it then also needs to change the prefix in the tunnel if a new prefix is received, all this without doing a restart of the server (I guess by setting the lifetime of the IPs).
One small thing to note though: It would be good if one requested /64 block could be shared between multiple OpenVPN instances. So request a /64 block once, but split it to two /65 for two simultaneously running servers on the same machine.