Help needed with ipv6

Martial · Post by **Martial** » Thu Dec 24, 2020 8:43 am

Hi,
My provider (SFR) switched my box to full ipv6 and cgnat ipv4.
I need to create a vpn tunnel with one of my raspberry and android and windows workstations (it worked very well in full ipv4) and cannot find a tutorial for that.
Can you help me?
Thank's

TinCanTech · Post by **TinCanTech** » Thu Dec 24, 2020 2:17 pm

Is your server behind CG-NAT ?

Martial · Post by **Martial** » Thu Dec 24, 2020 2:38 pm

My server (with openvpn) will be what we want. It is a raspberry on my lan width ipv6 and ipv4 address.

Thank you to look at my problem

TinCanTech · Post by **TinCanTech** » Thu Dec 24, 2020 2:55 pm

I suggest you contact your ISP and ask them what services they can offer you.

Martial · Post by **Martial** » Thu Dec 24, 2020 2:59 pm

i've try that, and no response

Martial · Post by **Martial** » Thu Dec 24, 2020 3:26 pm

Is my question that complicated?
How to create a ipv6 vpn tunnel between 1 server (with openvpn) and stations (W10 or Android) thru an internet modem which is full v6 (and support V4 with cgnat, which is, at my sens, inusable) ?

TinCanTech · Post by **TinCanTech** » Thu Dec 24, 2020 3:48 pm

If your ISP will not help then you are up a certain creek without a paddle.

If you are behind CG-NAT and your ISP will not offer you a public IP then there is nothing you can do except get a better ISP. .. or rent a VPS outside of your ISP control.

If you live in a country where you do not have a choice then leave ...

Martial · Post by **Martial** » Thu Dec 24, 2020 3:54 pm

My box, or modem, has a public ipv6. Can I use this ipv6 address ?
With ipv4 I use my ipv4 public address in order to create/open my vpn. It's not possible to do the same with ipv6?

TinCanTech · Post by **TinCanTech** » Thu Dec 24, 2020 3:56 pm

Martial wrote: ↑
Thu Dec 24, 2020 3:54 pm
My box, or modem, has a public ipv6. Can I use this ipv6 address ?

If your ISP don't block it then yes.

Martial · Post by **Martial** » Thu Dec 24, 2020 4:30 pm

A good point!
How can I do that?

TinCanTech · Post by **TinCanTech** » Thu Dec 24, 2020 4:36 pm

To use IPv6 use --proto udp6

You can still use IPv4 inside the tunnel.

Martial · Post by **Martial** » Thu Dec 24, 2020 4:45 pm

I've try that with no success.
Have you an example of configuration?
Thank you and i miss you a happy christmass ...

TinCanTech · Post by **TinCanTech** » Thu Dec 24, 2020 4:48 pm

Martial wrote: ↑
Thu Dec 24, 2020 4:45 pm
ve try that with no success

Post your log file at verb 4.

Martial wrote: ↑
Thu Dec 24, 2020 4:45 pm
Have you an example of configuration?

All you need is --proto udp6

Seasons greetings.

Martial · Post by **Martial** » Thu Dec 24, 2020 5:24 pm

Code: Select all

Dec 24 18:21:09 raspberrypi ovpn-server[18698]: event_wait : Interrupted system call (code=4)
Dec 24 18:21:09 raspberrypi ovpn-server[18698]: Closing TUN/TAP interface
Dec 24 18:21:09 raspberrypi ovpn-server[18698]: /sbin/ip addr del dev tun0 10.8.0.1/24
Dec 24 18:21:09 raspberrypi ovpn-server[18698]: Linux ip addr del failed: external program exited with error status: 2
Dec 24 18:21:09 raspberrypi ovpn-server[18698]: /sbin/ip -6 addr del 2001:db8:ee00:abcd::1/64 dev tun0
Dec 24 18:21:09 raspberrypi ovpn-server[18698]: Linux ip -6 addr del failed: external program exited with error status: 2
Dec 24 18:21:09 raspberrypi ovpn-server[18698]: SIGTERM[hard,] received, process exiting
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: ECDH curve prime256v1 added
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: TUN/TAP device tun0 opened
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: TUN/TAP TX queue length set to 100
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: /sbin/ip link set dev tun0 up mtu 1500
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: /sbin/ip -6 addr add 2001:db8:ee00:abcd::1/64 dev tun0
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: setsockopt(IPV6_V6ONLY=0)
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: UDPv6 link local (bound): [AF_INET6][undef]:1194
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: UDPv6 link remote: [AF_UNSPEC]
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: GID set to openvpn
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: UID set to openvpn
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: MULTI: multi_init called, r=256 v=256
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: IFCONFIG POOL IPv6: (IPv4) size=252, size_ipv6=65536, netbits=64, base_ipv6=2001:db8:ee00:abcd::1000
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=1
Dec 24 18:21:23 raspberrypi ovpn-server[4675]: Initialization Sequence Completed

TinCanTech · Post by **TinCanTech** » Thu Dec 24, 2020 5:48 pm

That looks ok to me .. now you connect your client to your public IPv6 address and forward port 1194 on your router to your server.

Martial · Post by **Martial** » Thu Dec 24, 2020 6:05 pm

A big Thank, i will generate a client and try that tomorrow.

Martial · Post by **Martial** » Fri Dec 25, 2020 9:50 am

Hi,
I've try in my that lan:
My server has a ipv6 2a02:842a:83b7:xxxx:xxxx:xxxx:xxxx:xxxx
My android phone, connected with wifi on the same lan

No more error!
i have a full ipv6 openvpn tunnel
my box!
Now, i need to do the same thing throught my box

Martial · Post by **Martial** » Sat Dec 26, 2020 8:44 am

Hello,
It's alright It works!
Do not forget to authorize ipv6 on the phone in the network settings.
Many thanks for your help

Martial · Post by **Martial** » Sat Nov 13, 2021 10:50 am

Hi all,
I have an other problem:
All my telephones and laptops, on the same ISP(SFR) as my box, connect well in ipv6 on my openvpn server, but not when they are at another ISP (Orange for example).
An idea?

TinCanTech · Post by **TinCanTech** » Sat Nov 13, 2021 1:10 pm

We would need to see your configs and logs again .. you might prefer to start a new thread.

OpenVPN Support Forum

Help needed with ipv6

Help needed with ipv6

Re: Help needed with ipv6

Re: Help needed with ipv6

Re: Help needed with ipv6

Re: Help needed with ipv6

Re: Help needed with ipv6

Re: Help needed with ipv6

Re: Help needed with ipv6

Re: Help needed with ipv6

Re: Help needed with ipv6

Re: Help needed with ipv6

Re: Help needed with ipv6

Re: Help needed with ipv6

Re: Help needed with ipv6

Re: Help needed with ipv6

Re: Help needed with ipv6

Re: Help needed with ipv6

Re: Help needed with ipv6

Re: Help needed with ipv6

Re: Help needed with ipv6