How to enable IPv6 traffic through the tunnel?

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
ladi1905
OpenVpn Newbie
Posts: 2
Joined: Fri May 19, 2023 8:00 am

How to enable IPv6 traffic through the tunnel?

Post by ladi1905 » Fri May 19, 2023 8:11 am

Hi,

I've created a OpenVPN Access Server virtual machine on GCP to access the virtual machines in the same VPC.
My localhost can access the cloud nodes over IPv4 through the VPN tunnel but not over IPv6.
I've used the following guide: https://openvpn.net/vpn-server-resource ... ss-server/

I'm not sure what parameters are exactly needed to have the same behaviour as IPv4 routing.
I need IPv6 to use SRv6 between the hosts in my local lab and the virtual machines in the cloud.
Which exact configuration is needed and in which files? Are the routes automatically set up like for IPv4?

Thanks in advance.

ladi1905
OpenVpn Newbie
Posts: 2
Joined: Fri May 19, 2023 8:00 am

Re: How to enable IPv6 traffic through the tunnel?

Post by ladi1905 » Tue May 23, 2023 7:18 am

Edit:

I used the following commands.

cd /usr/local/openvpn_as/scripts
sudo ./confdba -mk "vpn.routing6.enable" -v "true"
sudo ./confdba -mk "vpn.client.routing6.reroute_gw" -v "true"
sudo ./confdba -mk "vpn.server.daemon.vpn_network6.0" -v "fd4a:e7ae:b84b:09c2::/112"
sudo ./confdba -mk "ip6tables.vpn.disable.filter" -v "true"
sudo ./confdba -mk "ip6tables.vpn.disable.mangle" -v "true"
sudo ./confdba -mk "vpn.server.nat6" -v "false"

However, I can only ping the IPv6 address of the OpenVPN AS from my client, not the hosts in the same VPC subnet. Pinging from OpenVPN AS VM works fine.

The VPC subet has the prefixes 10.100.100.0/24 and fd20:90b:c34f:7000:0:0:0:0/64

The address fd20:90b:c34f:7000:0:6:0:0 is the one of the OpenVPN AS (Ubuntu 22.04).
The client logged following entries when connecting:

---

2023-05-23 06:39:41 net_route_v4_best_gw query: dst 0.0.0.0

2023-05-23 06:39:41 net_route_v4_best_gw result: via 192.168.250.1 dev ens2

2023-05-23 06:39:41 ROUTE_GATEWAY 192.168.250.1/255.255.255.0 IFACE=ens2 HWADDR=57:54:00:1e:36:06

2023-05-23 06:39:41 GDG6: remote_host_ipv6=n/a

2023-05-23 06:39:41 net_route_v6_best_gw query: dst ::

2023-05-23 06:39:41 sitnl_send: rtnl: generic error (-101): Network is unreachable

2023-05-23 06:39:41 ROUTE6: default_gateway=UNDEF

2023-05-23 06:39:41 TUN/TAP device tun0 opened

2023-05-23 06:39:41 net_iface_mtu_set: mtu 1500 for tun0

2023-05-23 06:39:41 net_iface_up: set tun0 up

2023-05-23 06:39:41 net_addr_v4_add: 172.27.232.2/21 dev tun0

2023-05-23 06:39:41 net_iface_mtu_set: mtu 1500 for tun0

2023-05-23 06:39:41 net_iface_up: set tun0 up

2023-05-23 06:39:41 net_addr_v6_add: fd4a:e7ae:b84b:9c2::8002/113 dev tun0

2023-05-23 06:39:46 ROUTE remote_host is NOT LOCAL

2023-05-23 06:39:46 net_route_v4_add: <Public-IP> via 192.168.250.1 dev [NULL] table 0 metric -1

2023-05-23 06:39:46 net_route_v4_add: 10.100.100.0/24 via 172.27.232.1 dev [NULL] table 0 metric 101

2023-05-23 06:39:46 net_route_v4_add: 172.27.224.0/20 via 172.27.232.1 dev [NULL] table 0 metric 101

2023-05-23 06:39:46 add_route_ipv6(::/1 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0

2023-05-23 06:39:46 net_route_v6_add: ::/1 via :: dev tun0 table 0 metric 101

2023-05-23 06:39:46 add_route_ipv6(8000::/1 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0

2023-05-23 06:39:46 net_route_v6_add: 8000::/1 via :: dev tun0 table 0 metric 101

2023-05-23 06:39:46 add_route_ipv6(2000::/4 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0

2023-05-23 06:39:46 net_route_v6_add: 2000::/4 via :: dev tun0 table 0 metric 101

2023-05-23 06:39:46 add_route_ipv6(3000::/4 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0

2023-05-23 06:39:46 net_route_v6_add: 3000::/4 via :: dev tun0 table 0 metric 101

---

GDG6: remote_host_ipv6=n/a---

sitnl_send: rtnl: generic error (-101): Network is unreachable

ROUTE6: default_gateway=UNDEF

Those entries are very interesting...

maxturns
OpenVpn Newbie
Posts: 2
Joined: Fri Jul 26, 2024 9:12 am

Re: How to enable IPv6 traffic through the tunnel?

Post by maxturns » Fri Jul 26, 2024 9:28 am

Enabling IPv6 traffic over a tunnel entails numerous steps, and the exact procedure varies based on the type of tunnel (e.g., IPv6-in-IPv4 tunnel, GRE tunnel, etc.) and the operating systems used. The following is a general tutorial for enabling IPv6 traffic over an IPv6-over-IPv4 tunnel (which is commonly used to enable IPv6 access over an IPv4 network). You must configure a tunnel endpoint on both the client and the server. This involves specifying the IPv4 address of the tunnel endpoint, the IPv6 addresses of the local and remote ends, as well as the tunnel's IPv4. You must configure a tunnel endpoint on both the client and the server. This involves specifying the IPv4 address of the tunnel endpoint, the IPv6 addresses of the local and remote ends, as well as the tunnel's IPv4. Example Configuration

Code: Select all

interface Tunnel0
ipv6 address 2001:db8:1::1/64
ipv4 address 192.0.2.1 255.255.255.252
tunnel source 192.0.2.1
tunnel destination 198.51.100.1
On your router or firewall, configure IPv6 routing to ensure that IPv6 traffic is routed through the tunnel. This typically involves adding routes for IPv6 networks via the tunnel interface.

SMQS.500
OpenVpn Newbie
Posts: 7
Joined: Sat Jan 21, 2023 9:10 pm

Re: How to enable IPv6 traffic through the tunnel?

Post by SMQS.500 » Tue Nov 12, 2024 5:03 pm

Hi dear manager,
Sorry for post here.
I am not spammer & i am newbie here.
I can not create new topics in here & contact any body.
Please help me about that.

Thanks in advance

sweatytunnel
OpenVpn Newbie
Posts: 2
Joined: Wed Nov 13, 2024 9:56 am

Re: How to enable IPv6 traffic through the tunnel?

Post by sweatytunnel » Wed Nov 13, 2024 10:00 am

maxturns wrote:
Fri Jul 26, 2024 9:28 am
Enabling IPv6 traffic over a tunnel entails numerous steps, and the exact procedure varies based on the type of tunnel (e.g., IPv6-in-IPv4 tunnel, GRE tunnel, etc.) and the operating systems used. The following is a general tutorial for enabling IPv6 traffic over an IPv6-over-IPv4 tunnel (which is commonly used to enable IPv6 access over an IPv4 network). You must configure a tunnel endpoint on both the client and the server. This involves specifying the IPv4 address of the tunnel endpoint, the IPv6 addresses of the local and remote ends, as well as the tunnel's IPv4. You must configure a tunnel endpoint on both the client and the server. This involves specifying the IPv4 address of the tunnel endpoint, the IPv6 addresses of the local and remote ends, as well as the tunnel's IPv4. Example Configuration

Code: Select all

interface Tunnel0
ipv6 address 2001:db8:1::1/64
ipv4 address 192.0.2.1 255.255.255.252
tunnel source 192.0.2.1
tunnel destination 198.51.100.1
On your router or firewall, configure IPv6 routing to ensure that IPv6 traffic is routed through the tunnel. This typically involves adding routes for IPv6 networks via the tunnel interface.
For a connection to be stable, the majority of IP addresses must be consistent. To guarantee that IPv6 traffic is sent over the tunnel, set up IPv6 routing on your router or firewall.

SMQS.500
OpenVpn Newbie
Posts: 7
Joined: Sat Jan 21, 2023 9:10 pm

Re: How to enable IPv6 traffic through the tunnel?

Post by SMQS.500 » Wed Nov 13, 2024 12:21 pm

I just want to create topics here.
After activate it delete this & my previous post.

Thanks for understanding

SMQS.500
OpenVpn Newbie
Posts: 7
Joined: Sat Jan 21, 2023 9:10 pm

Re: How to enable IPv6 traffic through the tunnel?

Post by SMQS.500 » Wed Nov 13, 2024 4:52 pm

No one here to help and answer me???


Post Reply