OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

How to enable IPv6 traffic through the tunnel?

https://forums.openvpn.net/viewtopic.php?t=35752

Page 1 of 1

How to enable IPv6 traffic through the tunnel?

Posted: Fri May 19, 2023 8:11 am
by ladi1905
Hi,

I've created a OpenVPN Access Server virtual machine on GCP to access the virtual machines in the same VPC.
My localhost can access the cloud nodes over IPv4 through the VPN tunnel but not over IPv6.
I've used the following guide: https://openvpn.net/vpn-server-resource ... ss-server/

I'm not sure what parameters are exactly needed to have the same behaviour as IPv4 routing.
I need IPv6 to use SRv6 between the hosts in my local lab and the virtual machines in the cloud.
Which exact configuration is needed and in which files? Are the routes automatically set up like for IPv4?

Thanks in advance.

Re: How to enable IPv6 traffic through the tunnel?

Posted: Tue May 23, 2023 7:18 am
by ladi1905
Edit:

I used the following commands.

cd /usr/local/openvpn_as/scripts
sudo ./confdba -mk "vpn.routing6.enable" -v "true"
sudo ./confdba -mk "vpn.client.routing6.reroute_gw" -v "true"
sudo ./confdba -mk "vpn.server.daemon.vpn_network6.0" -v "fd4a:e7ae:b84b:09c2::/112"
sudo ./confdba -mk "ip6tables.vpn.disable.filter" -v "true"
sudo ./confdba -mk "ip6tables.vpn.disable.mangle" -v "true"
sudo ./confdba -mk "vpn.server.nat6" -v "false"

However, I can only ping the IPv6 address of the OpenVPN AS from my client, not the hosts in the same VPC subnet. Pinging from OpenVPN AS VM works fine.

The VPC subet has the prefixes 10.100.100.0/24 and fd20:90b:c34f:7000:0:0:0:0/64

The address fd20:90b:c34f:7000:0:6:0:0 is the one of the OpenVPN AS (Ubuntu 22.04).
The client logged following entries when connecting:

---

2023-05-23 06:39:41 net_route_v4_best_gw query: dst 0.0.0.0

2023-05-23 06:39:41 net_route_v4_best_gw result: via 192.168.250.1 dev ens2

2023-05-23 06:39:41 ROUTE_GATEWAY 192.168.250.1/255.255.255.0 IFACE=ens2 HWADDR=57:54:00:1e:36:06

2023-05-23 06:39:41 GDG6: remote_host_ipv6=n/a

2023-05-23 06:39:41 net_route_v6_best_gw query: dst ::

2023-05-23 06:39:41 sitnl_send: rtnl: generic error (-101): Network is unreachable

2023-05-23 06:39:41 ROUTE6: default_gateway=UNDEF

2023-05-23 06:39:41 TUN/TAP device tun0 opened

2023-05-23 06:39:41 net_iface_mtu_set: mtu 1500 for tun0

2023-05-23 06:39:41 net_iface_up: set tun0 up

2023-05-23 06:39:41 net_addr_v4_add: 172.27.232.2/21 dev tun0

2023-05-23 06:39:41 net_iface_mtu_set: mtu 1500 for tun0

2023-05-23 06:39:41 net_iface_up: set tun0 up

2023-05-23 06:39:41 net_addr_v6_add: fd4a:e7ae:b84b:9c2::8002/113 dev tun0

2023-05-23 06:39:46 ROUTE remote_host is NOT LOCAL

2023-05-23 06:39:46 net_route_v4_add: <Public-IP> via 192.168.250.1 dev [NULL] table 0 metric -1

2023-05-23 06:39:46 net_route_v4_add: 10.100.100.0/24 via 172.27.232.1 dev [NULL] table 0 metric 101

2023-05-23 06:39:46 net_route_v4_add: 172.27.224.0/20 via 172.27.232.1 dev [NULL] table 0 metric 101

2023-05-23 06:39:46 add_route_ipv6(::/1 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0

2023-05-23 06:39:46 net_route_v6_add: ::/1 via :: dev tun0 table 0 metric 101

2023-05-23 06:39:46 add_route_ipv6(8000::/1 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0

2023-05-23 06:39:46 net_route_v6_add: 8000::/1 via :: dev tun0 table 0 metric 101

2023-05-23 06:39:46 add_route_ipv6(2000::/4 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0

2023-05-23 06:39:46 net_route_v6_add: 2000::/4 via :: dev tun0 table 0 metric 101

2023-05-23 06:39:46 add_route_ipv6(3000::/4 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0

2023-05-23 06:39:46 net_route_v6_add: 3000::/4 via :: dev tun0 table 0 metric 101

---

GDG6: remote_host_ipv6=n/a---

sitnl_send: rtnl: generic error (-101): Network is unreachable

ROUTE6: default_gateway=UNDEF

Those entries are very interesting...

Re: How to enable IPv6 traffic through the tunnel?

Posted: Fri Jul 26, 2024 9:28 am
by maxturns
Enabling IPv6 traffic over a tunnel entails numerous steps, and the exact procedure varies based on the type of tunnel (e.g., IPv6-in-IPv4 tunnel, GRE tunnel, etc.) and the operating systems used. The following is a general tutorial for enabling IPv6 traffic over an IPv6-over-IPv4 tunnel (which is commonly used to enable IPv6 access over an IPv4 network). You must configure a tunnel endpoint on both the client and the server. This involves specifying the IPv4 address of the tunnel endpoint, the IPv6 addresses of the local and remote ends, as well as the tunnel's IPv4. You must configure a tunnel endpoint on both the client and the server. This involves specifying the IPv4 address of the tunnel endpoint, the IPv6 addresses of the local and remote ends, as well as the tunnel's IPv4. Example Configuration

Code: Select all

interface Tunnel0
ipv6 address 2001:db8:1::1/64
ipv4 address 192.0.2.1 255.255.255.252
tunnel source 192.0.2.1
tunnel destination 198.51.100.1
On your router or firewall, configure IPv6 routing to ensure that IPv6 traffic is routed through the tunnel. This typically involves adding routes for IPv6 networks via the tunnel interface.

Re: How to enable IPv6 traffic through the tunnel?

Posted: Tue Nov 12, 2024 5:03 pm
by SMQS.500
Hi dear manager,
Sorry for post here.
I am not spammer & i am newbie here.
I can not create new topics in here & contact any body.
Please help me about that.

Thanks in advance

Re: How to enable IPv6 traffic through the tunnel?

Posted: Wed Nov 13, 2024 10:00 am
by sweatytunnel
maxturns wrote:
Fri Jul 26, 2024 9:28 am
 Enabling IPv6 traffic over a tunnel entails numerous steps, and the exact procedure varies based on the type of tunnel (e.g., IPv6-in-IPv4 tunnel, GRE tunnel, etc.) and the operating systems used. The following is a general tutorial for enabling IPv6 traffic over an IPv6-over-IPv4 tunnel (which is commonly used to enable IPv6 access over an IPv4 network). You must configure a tunnel endpoint on both the client and the server. This involves specifying the IPv4 address of the tunnel endpoint, the IPv6 addresses of the local and remote ends, as well as the tunnel's IPv4. You must configure a tunnel endpoint on both the client and the server. This involves specifying the IPv4 address of the tunnel endpoint, the IPv6 addresses of the local and remote ends, as well as the tunnel's IPv4. Example Configuration

Code: Select all

interface Tunnel0
ipv6 address 2001:db8:1::1/64
ipv4 address 192.0.2.1 255.255.255.252
tunnel source 192.0.2.1
tunnel destination 198.51.100.1
On your router or firewall, configure IPv6 routing to ensure that IPv6 traffic is routed through the tunnel. This typically involves adding routes for IPv6 networks via the tunnel interface.
For a connection to be stable, the majority of IP addresses must be consistent. To guarantee that IPv6 traffic is sent over the tunnel, set up IPv6 routing on your router or firewall.

Re: How to enable IPv6 traffic through the tunnel?

Posted: Wed Nov 13, 2024 12:21 pm
by SMQS.500
I just want to create topics here.
After activate it delete this & my previous post.

Thanks for understanding

Re: How to enable IPv6 traffic through the tunnel?

Posted: Wed Nov 13, 2024 4:52 pm
by SMQS.500
No one here to help and answer me???

Meet Women Seeking Spontaneity in Your City

Posted: Mon Dec 09, 2024 7:26 pm
by mcdutch
One Night Stands Made Easy in Your City


Pharmaceuticals, wholesale prices, delivery to any location.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/