Hi,
I've created a OpenVPN Access Server virtual machine on GCP to access the virtual machines in the same VPC.
My localhost can access the cloud nodes over IPv4 through the VPN tunnel but not over IPv6.
I've used the following guide: https://openvpn.net/vpn-server-resource ... ss-server/
I'm not sure what parameters are exactly needed to have the same behaviour as IPv4 routing.
I need IPv6 to use SRv6 between the hosts in my local lab and the virtual machines in the cloud.
Which exact configuration is needed and in which files? Are the routes automatically set up like for IPv4?
Thanks in advance.
How to enable IPv6 traffic through the tunnel?
-
- OpenVpn Newbie
- Posts: 2
- Joined: Fri May 19, 2023 8:00 am
-
- OpenVpn Newbie
- Posts: 2
- Joined: Fri May 19, 2023 8:00 am
Re: How to enable IPv6 traffic through the tunnel?
Edit:
I used the following commands.
cd /usr/local/openvpn_as/scripts
sudo ./confdba -mk "vpn.routing6.enable" -v "true"
sudo ./confdba -mk "vpn.client.routing6.reroute_gw" -v "true"
sudo ./confdba -mk "vpn.server.daemon.vpn_network6.0" -v "fd4a:e7ae:b84b:/112"
sudo ./confdba -mk "ip6tables.vpn.disable.filter" -v "true"
sudo ./confdba -mk "ip6tables.vpn.disable.mangle" -v "true"
sudo ./confdba -mk "vpn.server.nat6" -v "false"
However, I can only ping the IPv6 address of the OpenVPN AS from my client, not the hosts in the same VPC subnet. Pinging from OpenVPN AS VM works fine.
The VPC subet has the prefixes 10.100.100.0/24 and fd20:90b:c34f:7000:0:0:0:0/64
The address fd20:90b:c34f:7000:0:6:0:0 is the one of the OpenVPN AS (Ubuntu 22.04).
The client logged following entries when connecting:
---
2023-05-23 06:39:41 net_route_v4_best_gw query: dst 0.0.0.0
2023-05-23 06:39:41 net_route_v4_best_gw result: via 192.168.250.1 dev ens2
2023-05-23 06:39:41 ROUTE_GATEWAY 192.168.250.1/255.255.255.0 IFACE=ens2 HWADDR=57:54:00:1e:36:06
2023-05-23 06:39:41 GDG6: remote_host_ipv6=n/a
2023-05-23 06:39:41 net_route_v6_best_gw query: dst ::
2023-05-23 06:39:41 sitnl_send: rtnl: generic error (-101): Network is unreachable
2023-05-23 06:39:41 ROUTE6: default_gateway=UNDEF
2023-05-23 06:39:41 TUN/TAP device tun0 opened
2023-05-23 06:39:41 net_iface_mtu_set: mtu 1500 for tun0
2023-05-23 06:39:41 net_iface_up: set tun0 up
2023-05-23 06:39:41 net_addr_v4_add: 172.27.232.2/21 dev tun0
2023-05-23 06:39:41 net_iface_mtu_set: mtu 1500 for tun0
2023-05-23 06:39:41 net_iface_up: set tun0 up
2023-05-23 06:39:41 net_addr_v6_add: fd4a:e7ae:b84b:9c2::8002/113 dev tun0
2023-05-23 06:39:46 ROUTE remote_host is NOT LOCAL
2023-05-23 06:39:46 net_route_v4_add: <Public-IP> via 192.168.250.1 dev [NULL] table 0 metric -1
2023-05-23 06:39:46 net_route_v4_add: 10.100.100.0/24 via 172.27.232.1 dev [NULL] table 0 metric 101
2023-05-23 06:39:46 net_route_v4_add: 172.27.224.0/20 via 172.27.232.1 dev [NULL] table 0 metric 101
2023-05-23 06:39:46 add_route_ipv6(::/1 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0
2023-05-23 06:39:46 net_route_v6_add: ::/1 via :: dev tun0 table 0 metric 101
2023-05-23 06:39:46 add_route_ipv6(8000::/1 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0
2023-05-23 06:39:46 net_route_v6_add: 8000::/1 via :: dev tun0 table 0 metric 101
2023-05-23 06:39:46 add_route_ipv6(2000::/4 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0
2023-05-23 06:39:46 net_route_v6_add: 2000::/4 via :: dev tun0 table 0 metric 101
2023-05-23 06:39:46 add_route_ipv6(3000::/4 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0
2023-05-23 06:39:46 net_route_v6_add: 3000::/4 via :: dev tun0 table 0 metric 101
---
GDG6: remote_host_ipv6=n/a---
sitnl_send: rtnl: generic error (-101): Network is unreachable
ROUTE6: default_gateway=UNDEF
Those entries are very interesting...
I used the following commands.
cd /usr/local/openvpn_as/scripts
sudo ./confdba -mk "vpn.routing6.enable" -v "true"
sudo ./confdba -mk "vpn.client.routing6.reroute_gw" -v "true"
sudo ./confdba -mk "vpn.server.daemon.vpn_network6.0" -v "fd4a:e7ae:b84b:/112"
sudo ./confdba -mk "ip6tables.vpn.disable.filter" -v "true"
sudo ./confdba -mk "ip6tables.vpn.disable.mangle" -v "true"
sudo ./confdba -mk "vpn.server.nat6" -v "false"
However, I can only ping the IPv6 address of the OpenVPN AS from my client, not the hosts in the same VPC subnet. Pinging from OpenVPN AS VM works fine.
The VPC subet has the prefixes 10.100.100.0/24 and fd20:90b:c34f:7000:0:0:0:0/64
The address fd20:90b:c34f:7000:0:6:0:0 is the one of the OpenVPN AS (Ubuntu 22.04).
The client logged following entries when connecting:
---
2023-05-23 06:39:41 net_route_v4_best_gw query: dst 0.0.0.0
2023-05-23 06:39:41 net_route_v4_best_gw result: via 192.168.250.1 dev ens2
2023-05-23 06:39:41 ROUTE_GATEWAY 192.168.250.1/255.255.255.0 IFACE=ens2 HWADDR=57:54:00:1e:36:06
2023-05-23 06:39:41 GDG6: remote_host_ipv6=n/a
2023-05-23 06:39:41 net_route_v6_best_gw query: dst ::
2023-05-23 06:39:41 sitnl_send: rtnl: generic error (-101): Network is unreachable
2023-05-23 06:39:41 ROUTE6: default_gateway=UNDEF
2023-05-23 06:39:41 TUN/TAP device tun0 opened
2023-05-23 06:39:41 net_iface_mtu_set: mtu 1500 for tun0
2023-05-23 06:39:41 net_iface_up: set tun0 up
2023-05-23 06:39:41 net_addr_v4_add: 172.27.232.2/21 dev tun0
2023-05-23 06:39:41 net_iface_mtu_set: mtu 1500 for tun0
2023-05-23 06:39:41 net_iface_up: set tun0 up
2023-05-23 06:39:41 net_addr_v6_add: fd4a:e7ae:b84b:9c2::8002/113 dev tun0
2023-05-23 06:39:46 ROUTE remote_host is NOT LOCAL
2023-05-23 06:39:46 net_route_v4_add: <Public-IP> via 192.168.250.1 dev [NULL] table 0 metric -1
2023-05-23 06:39:46 net_route_v4_add: 10.100.100.0/24 via 172.27.232.1 dev [NULL] table 0 metric 101
2023-05-23 06:39:46 net_route_v4_add: 172.27.224.0/20 via 172.27.232.1 dev [NULL] table 0 metric 101
2023-05-23 06:39:46 add_route_ipv6(::/1 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0
2023-05-23 06:39:46 net_route_v6_add: ::/1 via :: dev tun0 table 0 metric 101
2023-05-23 06:39:46 add_route_ipv6(8000::/1 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0
2023-05-23 06:39:46 net_route_v6_add: 8000::/1 via :: dev tun0 table 0 metric 101
2023-05-23 06:39:46 add_route_ipv6(2000::/4 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0
2023-05-23 06:39:46 net_route_v6_add: 2000::/4 via :: dev tun0 table 0 metric 101
2023-05-23 06:39:46 add_route_ipv6(3000::/4 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0
2023-05-23 06:39:46 net_route_v6_add: 3000::/4 via :: dev tun0 table 0 metric 101
---
GDG6: remote_host_ipv6=n/a---
sitnl_send: rtnl: generic error (-101): Network is unreachable
ROUTE6: default_gateway=UNDEF
Those entries are very interesting...
-
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Jul 26, 2024 9:12 am
Re: How to enable IPv6 traffic through the tunnel?
Enabling IPv6 traffic over a tunnel entails numerous steps, and the exact procedure varies based on the type of tunnel (e.g., IPv6-in-IPv4 tunnel, GRE tunnel, etc.) and the operating systems used. The following is a general tutorial for enabling IPv6 traffic over an IPv6-over-IPv4 tunnel (which is commonly used to enable IPv6 access over an IPv4 network). You must configure a tunnel endpoint on both the client and the server. This involves specifying the IPv4 address of the tunnel endpoint, the IPv6 addresses of the local and remote ends, as well as the tunnel's IPv4. You must configure a tunnel endpoint on both the client and the server. This involves specifying the IPv4 address of the tunnel endpoint, the IPv6 addresses of the local and remote ends, as well as the tunnel's IPv4. Example Configuration
On your router or firewall, configure IPv6 routing to ensure that IPv6 traffic is routed through the tunnel. This typically involves adding routes for IPv6 networks via the tunnel interface.
Code: Select all
interface Tunnel0
ipv6 address 2001:db8:1::1/64
ipv4 address 192.0.2.1 255.255.255.252
tunnel source 192.0.2.1
tunnel destination 198.51.100.1
-
- OpenVpn Newbie
- Posts: 7
- Joined: Sat Jan 21, 2023 9:10 pm
Re: How to enable IPv6 traffic through the tunnel?
Hi dear manager,
Sorry for post here.
I am not spammer & i am newbie here.
I can not create new topics in here & contact any body.
Please help me about that.
Thanks in advance
Sorry for post here.
I am not spammer & i am newbie here.
I can not create new topics in here & contact any body.
Please help me about that.
Thanks in advance
-
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Nov 13, 2024 9:56 am
Re: How to enable IPv6 traffic through the tunnel?
For a connection to be stable, the majority of IP addresses must be consistent. To guarantee that IPv6 traffic is sent over the tunnel, set up IPv6 routing on your router or firewall.maxturns wrote: ↑Fri Jul 26, 2024 9:28 amEnabling IPv6 traffic over a tunnel entails numerous steps, and the exact procedure varies based on the type of tunnel (e.g., IPv6-in-IPv4 tunnel, GRE tunnel, etc.) and the operating systems used. The following is a general tutorial for enabling IPv6 traffic over an IPv6-over-IPv4 tunnel (which is commonly used to enable IPv6 access over an IPv4 network). You must configure a tunnel endpoint on both the client and the server. This involves specifying the IPv4 address of the tunnel endpoint, the IPv6 addresses of the local and remote ends, as well as the tunnel's IPv4. You must configure a tunnel endpoint on both the client and the server. This involves specifying the IPv4 address of the tunnel endpoint, the IPv6 addresses of the local and remote ends, as well as the tunnel's IPv4. Example ConfigurationOn your router or firewall, configure IPv6 routing to ensure that IPv6 traffic is routed through the tunnel. This typically involves adding routes for IPv6 networks via the tunnel interface.Code: Select all
interface Tunnel0 ipv6 address 2001:db8:1::1/64 ipv4 address 192.0.2.1 255.255.255.252 tunnel source 192.0.2.1 tunnel destination 198.51.100.1
-
- OpenVpn Newbie
- Posts: 7
- Joined: Sat Jan 21, 2023 9:10 pm
Re: How to enable IPv6 traffic through the tunnel?
I just want to create topics here.
After activate it delete this & my previous post.
Thanks for understanding
After activate it delete this & my previous post.
Thanks for understanding
-
- OpenVpn Newbie
- Posts: 7
- Joined: Sat Jan 21, 2023 9:10 pm
Re: How to enable IPv6 traffic through the tunnel?
No one here to help and answer me???
-
- OpenVpn Newbie
- Posts: 6
- Joined: Tue May 26, 2015 2:51 pm