IPv6 using public, dynamic range

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
OpenVpn Newbie
Posts: 1
Joined: Sat Sep 26, 2020 6:09 pm

IPv6 using public, dynamic range

Post by NiQ1 » Thu Dec 01, 2022 9:39 am

I would like some insights into the following scenario:

I'm trying to add IPv6 support to an existing site-to-site tunnel (currently using IPv4 only).
All machines on both sides already have public IPv6 addresses but for security reasons firewalls are blocking all incoming connections. I'd like to use the tunnel as a method to securely allow traffic between the two sides to pass through the firewalls. There's no need for dedicated IPv6 addresses for the tunnel, as the public addresses can be used, it just needs to be an alternate route that bypasses the firewall blocks.

One ISP only assigns a single /64 unfortunately. I'm trying to talk to them to see if it can be increased. The other ISP assigns a /60. Both ranges are dynamic but DDNS servers are used to keep track of all addresses.

I'd appreciate any insights as to how to configure this.

EDIT: The tunnel is direct IP over the interface, there's no link layer header.

Post Reply