path: root/networking
diff options
authorbnewbold <>2012-09-10 23:36:17 +0200
committerbnewbold <>2012-09-10 23:36:17 +0200
commit6d7cbbecc893ea725fdd6fc9c54c4f9ac16e647d (patch)
tree664e351807f09468fd5752509b5d57c8b37af28f /networking
parentd3a3d8b63cdeb5d6a8d3a098a1d80e6531d309f3 (diff)
robustness changes
Diffstat (limited to 'networking')
1 files changed, 29 insertions, 10 deletions
diff --git a/networking/ b/networking/
index de33f38..129f15d 100644
--- a/networking/
+++ b/networking/
@@ -14,6 +14,16 @@ ways.
[](linode library)
instructions, but heavily modified)
+First off, make sure you have IPv6 correctly configured on the VPS. I added the
+following to /etc/network/interfaces:
+ # The primary network interface
+ allow-hotplug eth0
+ iface eth0 inet dhcp
+ up /sbin/ip -6 addr add $VPN_IPV6_ADDR/64 dev eth0
+ up /sbin/ip -6 route add default via fe80::1 dev eth0
+ down /sbin/ip -6 addr del $VPN_IPV6_ADDR/64 dev eth0
On the remote host (runing debian wheezy), as root:
apt-get install openvpn udev
@@ -47,8 +57,23 @@ Then copy the following to /etc/openvpn/server.conf:
status openvpn-status.log
verb 3
- ;ifconfig fec0::1 fec0::2
+ ;ifconfig fec0::1 fec0::2 # IPv6 addrs not supported...
;route 2600:3c03:e001:1301::/64 fec0::2
+ script-security 2
+ up-restart
+ up-delay
+ up /usr/local/bin/
+Create /usr/local/bin/
+Then make it executable:
+ chmod +x /usr/local/bin/
+Uncomment (or add) the following line in /etc/sysctl.conf (also execute this
+with ```sysctl -w`` the first time around):
+ net.ipv6.conf.all.forwarding=1
Add openvpn to the default service group and bring up the daemon:
@@ -56,15 +81,6 @@ Add openvpn to the default service group and bring up the daemon:
/etc/init.d/openvpn stop
/etc/init.d/openvpn start
-The tun0 interface comes up "bare" and not active by default; the following
-should be added to a post-init script, but for now just run it by hand:
- sysctl -w net.ipv6.conf.all.forwarding=1
- ip -6 route add default via fe80::1 dev eth0
- ip link set tun0 up
- ip addr add fec0::1/96 dev tun0
- ip route add $SITE_PREFIX::/64 via fec0::2 dev tun0
## On-site OpenWRT router
You'll need to have the certificates generated above available locally.
@@ -175,3 +191,6 @@ The lazy trick was to just use the OpenWRT LuCi interface and set up a wan6
firewall interface (enclosing tun0) instead of trying to do everything with the
``ip`` command.
+# Reference
+After writing this, I found: