HeeroYui/docker-openvpn
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
docker-openvpn/docs/ipv6.md

2.7 KiB
Raw Blame History

IPv6 Support

This is a work in progress, more polish to follow.

Tunnel IPv6 Address To OpenVPN Clients

This feature is advanced and recommended only for those who already have a functioning IPv4 tunnel and know how IPv6 works.

Systemd is used to setup a static route and Debian 8.1 or later is recommended as the host distribution. Others probably work, but haven't been tested.

Step 1 — Setup IPv6 on the Host Machine

The tutorial uses a free tunnel from tunnelbroker.net to get a /64 and /48 prefix allocated to me. The tunnel endpoint is less then 3 ms away from Digital Ocean's San Francisco datacenter.

Place the following in /etc/network/interfaces. Replace PUBLIC_IP with your host's public IPv4 address and replace 2001:db8::2 and 2001:db8::1 with the corresponding tunnel endpoints:

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
    address 2001:db8::2
    netmask 64
    endpoint 72.52.104.74
    local PUBLIC_IP
    ttl 255
    gateway 2001:db8::1

Bring the interface up:

ifup he-ipv6

Test that IPv6 works on the host:

ping6 google.com

If this doesn't work, figure it out. It may be necessary to add an firewall rule to allow IP protocol 41 through the firewall.

Step 2 — Update Docker's Init To Enable IPv6 Support

Append the --ipv6 argument to the DOCKER_OPTS variable in:

/etc/default/docker

Reload the daemon and restart docker so that it takes affect:

systemctl restart docker.service

Step 3 — Setup the systemd Unit File

Copy the systemd init file from the docker-openvpn /init directory of the repository and install into /etc/systemd/system/docker-openvpn.service

curl -o /etc/systemd/system/docker-openvpn.service https://raw.githubusercontent.com/kylemanna/docker-openvpn/dev/init/docker-openvpn.service

Edit the file, replace IP6_PREFIX value with the value of your /64 prefix.

vi /etc/systemd/system/docker-openvpn.service

Finally, reload systemd so the changes take affect:

systemctl daemon-reload

Step 4 — Start OpenVPN

Ensure that OpenVPN has been initialized and configured as described in the top level README.md.

Start the systemd service file:

systemctl start docker-openvpn

Verify logs if needed:

systemctl status docker-openvpn
docker logs openvpn0

Step 4 — Modify Client Config for IPv6 Default Route

Append the default route for the public Internet:

echo "route-ipv6 2000::/3" >> clientname.ovpn

Step 5 — Start up Client

If all went according to plan, then ping6 2600:: and ping6 google.com should work.

Fire up a web browser and attempt to navigate to https://ipv6.google.com.

Connect to the OpenVPN Server Over IPv6

Not implemented, yet.