Web lists-archives.com

Re: Fwd: openvpn over ipv6 /65




On 26/11/2018 12:48, Reco wrote:
> 	Hi.
> 
> On Mon, Nov 26, 2018 at 11:49:13AM +0100, tony wrote:
>>>>> As for the persistent configuration, that depends on the contents of
>>>>> /etc/network/interfaces. Can be static (it's straightforward then),
>>>>> DHCPv6 (you won't be able to do the split) or RA (ditto).
>>>>>
>>>> No, it's all static:
>>>
>>> That simplifies things greatly.
>>> Replace this:
>>>
>>> iface eth0 inet6 static
>>>            address 2a03:9800:10:54::2
>>>            netmask 64
>>>            gateway 2a03:9800:10:54::1
>>>
>>> with this:
>>>
>>> iface eth0 inet6 static
>>>            address 2a03:9800:10:54::2
>>>            netmask 65
>>>            gateway 2a03:9800:10:54::1
>>>
>>> Leave all the other entries intact.
>>> Then invoke this as root (one-time only):
>>>
>>> ip a d dev eth0 2a03:9800:10:54::2/64
>>> ip a a dev eth0 2a03:9800:10:54::2/65
>>> ip ro d default via 2a03:9800:10:54::1
>>
>> Thanks so much, Reco. This has got me well on the way to setting up a
>> IPv6 VPN. It has also greatly enhanced my unserstanding of OpenVPN.
>>
>> So, I've assigned 2a03:9800:10:54:8000::/65 to the VPN, and this appears
>> to work. The logs are showing the tunnel having been established.
> 
> That's great.
> 
>> However, I can't get any IPv6 connectivity to the internet unless I stop
>> OpenVPN.
> 
> You mean, you lose IPv6 connectivity on the VPS?
> Or your host where OpenVPN client is has some other means of connecting
> via IPv6, and this other host loses IPv6 connectivity once OpenVPN's
> tunnel is up?
> 
Yes, I have here in France an IPv6 connection to the outside world. over
which I successfully run a IPv4 tunnel to my server in the UK. I am
trying to set up a IPV6 VPN tunnel, to avoid various geolocation
hassles. When I activatre OpenVpn, I lose all IPv6 connectivity,
including the native one.
> 
>> Have you any further suggestions as to what I might try?
> 
> I'd like to see your IPv6 routing tables from your VPS and the OpenVPN client.
> Two simple 'ip -6 ro l' will do.
> And, for the sake of the completeness, the same 'ip -6 ro l' once OpenVPN is down.
> 
Thank you.

With the VPN up:
On the host:
13:07:11 tony@tony-fr:~$ ip -6 ro l
2a01:cb19:851f:ea00::/64 dev enp3s0 proto ra metric 100  pref medium



2a03:9800:10:54::2 via fe80::a63e:51ff:fe32:f85d dev enp3s0 metric 1
pref medium
2a03:9800:10:54:8000::/65 dev tun0 proto kernel metric 256  pref medium
2a03:9800:10:54:8000::/65 dev tun0 metric 1024  pref medium
2a03:9800:10:54:8000::/65 dev tun0 metric 1029  pref medium
2000::/3 dev tun0 metric 1024  pref medium
2000::/3 dev tun0 metric 1028  pref medium
fe80::a63e:51ff:fe32:f85d dev enp3s0 proto static metric 100  pref medium
fe80::/64 dev enp3s0 proto kernel metric 256  pref medium
fe80::/64 dev tun0 proto kernel metric 256  pref medium
default via fe80::a63e:51ff:fe32:f85d dev enp3s0 proto static metric 100
 pref medium

on the server:
root@shell:~# ip -6 ro l
2a03:9800:10:54::/65 dev eth0 proto kernel metric 256  pref medium
2a03:9800:10:54:8000::/65 dev tun0 proto kernel metric 256  pref medium
fe80::/64 dev eth0 proto kernel metric 256  pref medium
fe80::/64 dev tun0 proto kernel metric 256  pref medium
default via 2a03:9800:10:54::1 dev eth0 metric 1024  pref medium

Now with OpenVPN down:
on the host:
root@tony-fr:~# ip -6 ro l
2a01:cb19:851f:ea00::/64 dev enp3s0 proto ra metric 100  pref medium
fe80::a63e:51ff:fe32:f85d dev enp3s0 proto static metric 100  pref medium
fe80::/64 dev enp3s0 proto kernel metric 256  pref medium
default via fe80::a63e:51ff:fe32:f85d dev enp3s0 proto static metric 100
 pref medium

On the server:
root@shell:~# ip -6 ro l
2a03:9800:10:54::/65 dev eth0 proto kernel metric 256  pref medium
fe80::/64 dev eth0 proto kernel metric 256  pref medium
default via 2a03:9800:10:54::1 dev eth0 metric 1024  pref medium


I hope that is sufficient information

Cheers, Tony