3.6 KiB
IPv6 Support
This is a work in progress, more polish to follow.
Tunnel IPv6 Address To OpenVPN Clients
This feature is advanced and recommended only for those who already have a functioning IPv4 tunnel and know how IPv6 works.
Systemd is used to setup a static route and Debian 8.1 or later is recommended as the host distribution. Others probably work, but haven't been tested.
Step 1 — Setup IPv6 on the Host Machine
The tutorial uses a free tunnel from tunnelbroker.net to get a /64 and /48 prefix allocated to me. The tunnel endpoint is less then 3 ms away from Digital Ocean's San Francisco datacenter.
Place the following in /etc/network/interfaces. Replace PUBLIC_IP with your host's public IPv4 address and replace 2001:db8::2 and 2001:db8::1 with the corresponding tunnel endpoints:
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
address 2001:db8::2
netmask 64
endpoint 72.52.104.74
local PUBLIC_IP
ttl 255
gateway 2001:db8::1
Bring the interface up:
ifup he-ipv6
Test that IPv6 works on the host:
ping6 google.com
If this doesn't work, figure it out. It may be necessary to add an firewall rule to allow IP protocol 41 through the firewall.
Step 2 — Update Docker's Init To Enable IPv6 Support
Add the --ipv6 to the Docker daemon invocation.
On Ubuntu and old versions of Debian Append the --ipv6 argument to the DOCKER_OPTS variable in:
/etc/default/docker
On modern systemd distributions copy the service file and modify it and reload the service:
sed -e 's:^\(ExecStart.*\):\1 --ipv6:' /lib/systemd/system/docker.service | tee /etc/systemd/system/docker.service
systemctl restart docker.service
Step 3 — Setup the systemd Unit File
Copy the systemd init file from the docker-openvpn /init directory of the repository and install into /etc/systemd/system/docker-openvpn.service
curl -o /etc/systemd/system/docker-openvpn@.service 'https://raw.githubusercontent.com/kylemanna/docker-openvpn/dev/init/docker-openvpn%40.service'
Edit the file, replace IP6_PREFIX value with the value of your /64 prefix.
vi /etc/systemd/system/docker-openvpn@.service
Finally, reload systemd so the changes take affect:
systemctl daemon-reload
Step 4 — Start OpenVPN
Ensure that OpenVPN has been initialized and configured as described in the top level README.md.
Start the systemd service file specifying the volume container suffix as the instance. For example, INSTANCE=test0 has a docker volume container named ovpn-data-test0 and service will create ovpn-test0 container:
systemctl start docker-openvpn@test0
Verify logs if needed:
systemctl status docker-openvpn@test0
docker logs ovpn-test0
Step 4 — Modify Client Config for IPv6 Default Route
Append the default route for the public Internet:
echo "route-ipv6 2000::/3" >> clientname.ovpn
Step 5 — Start up Client
If all went according to plan, then ping6 2600:: and ping6 google.com should work.
Fire up a web browser and attempt to navigate to https://ipv6.google.com.
Connect to the OpenVPN Server Over IPv6
This feature requires a docker daemon with working IPv6 support.
This will allow connections over IPv4 and IPv6.
Generate server configuration with the udp6 or tcp6 protocol:
docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp6://VPN.SERVERNAME.COM
docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u tcp6://VPN.SERVERNAME.COM