openvpn-install icon indicating copy to clipboard operation
openvpn-install copied to clipboard

Published 20 hours ago verified publisher icon angristan

How to connect to the VPN server via IPv6?

Open laichiaheng opened this issue 4 years ago • 4 comments

Checklist

  • [x] I read the README
  • [x] I read the FAQ
  • [x] I searched the issues
  • [x] My issue is about the script, and not OpenVPN itself

Describe the issue If I chage the IP address in ovpn file to IPv6 address, it fails to connect.

To Reproduce Steps to reproduce the behavior:

  1. Edit the ovpn file.

Expected behavior It connects to my VPN server.

Logs If applicable, add logs or screenshots to help explain your problem.

If you can reproduce the issue, please run the script in debug mode and post the output: bash -x openvpn-install.sh

Server if applicable):

  • OS: Manjaro
  • Hosting provider (if applicable): I don't know.

Client (if applicable):

  • Device: PC
  • OS: Manjaro
  • Client: NetworkManager

Additional context Add any other context about the problem here.

laichiaheng avatar Jul 19 '20 04:07 laichiaheng

If I chage the IP address in ovpn file to IPv6 address, it fails to connect.

You have to edit other things too: set iptables for IPv6, enable IP forwarding for IPv6, change the NIC. I think it would be easier to reinstall with IPv6 support enabled.

randshell avatar Jul 27 '20 02:07 randshell

If I chage the IP address in ovpn file to IPv6 address, it fails to connect.

You have to edit other things too: set iptables for IPv6, enable IP forwarding for IPv6, change the NIC. I think it would be easier to reinstall with IPv6 support enabled.

Could you teach me how to do that?

laichiaheng avatar Jul 27 '20 08:07 laichiaheng

  • Change the remote IP to the IPv6 one in /etc/openvpn/client-template.txt and update the .ovpn files you already generated.
  • Append a 6 to the protocol in /etc/openvpn/server.conf. Example: proto udp6
  • Add to /etc/openvpn/server.conf the lines:
server-ipv6 fd42:42:42:42::/112
tun-ipv6
push tun-ipv6
push "route-ipv6 2000::/3"
push "redirect-gateway ipv6"
  • Add net.ipv6.conf.all.forwarding=1 to /etc/sysctl.d/20-openvpn.conf and run sysctl --system
  • Get the IPv6 interface with ip -6 route show default | sed -ne 's/^default .* dev \([^ ]*\) .*$/\1/p'
  • Add to /etc/iptables/add-openvpn-rules.sh the lines:
ip6tables -t nat -I POSTROUTING 1 -s fd42:42:42:42::/112 -o $NIC -j MASQUERADE
ip6tables -I INPUT 1 -i tun0 -j ACCEPT
ip6tables -I FORWARD 1 -i $NIC -o tun0 -j ACCEPT
ip6tables -I FORWARD 1 -i tun0 -o $NIC -j ACCEPT
ip6tables -I INPUT 1 -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT

$NIC is the the IPv6 interface from the step before, $PORT is the port and $PROTOCOL is the one with the 6 appended.

  • Add to /etc/iptables/rm-openvpn-rules.sh:
ip6tables -t nat -D POSTROUTING -s fd42:42:42:42::/112 -o $NIC -j MASQUERADE
ip6tables -D INPUT -i tun0 -j ACCEPT
ip6tables -D FORWARD -i $NIC -o tun0 -j ACCEPT
ip6tables -D FORWARD -i tun0 -o $NIC -j ACCEPT
ip6tables -D INPUT -i $NIC -p $PROTOCOL --dport $PORT -j ACCEPT
  • You may want to add some IPv6 DNS too. Example: push "dhcp-option DNS 2a00:5a60::ad1:0ff"

Restart the OpenVPN service or reboot and let me know if it worked for you.

I'm sorry for my previous answer suggesting a re-installation.

randshell avatar Jul 29 '20 23:07 randshell

sory if hijack the thread ..i dont want to open new issue as mine morelikely are just feature questions

is it posible to suplied more than 1 port on udp? for example single configuration for port 53 and 9201

antnb avatar Aug 07 '21 14:08 antnb