summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--networking/ipv6vpn.page23
1 files changed, 23 insertions, 0 deletions
diff --git a/networking/ipv6vpn.page b/networking/ipv6vpn.page
index 4aef252..c9f1ca0 100644
--- a/networking/ipv6vpn.page
+++ b/networking/ipv6vpn.page
@@ -35,6 +35,18 @@ Then copy the following to /etc/openvpn/server.conf:
proto udp
dev tun
tun-ipv6
+ ca ca.crt
+ cert server.crt
+ key server.key
+ dh dh1024.pem
+ keepalive 10 120
+ comp-lzo
+ persist-key
+ persist-tun
+ status openvpn-status.log
+ verb 3
+ ;ifconfig fec0::1 fec0::2
+ ;route 2600:3c03:e001:1301::/64 fec0::2
Add openvpn to the default service group and bring up the daemon:
@@ -88,6 +100,8 @@ and scp credentials to /etc/openvpn:
option verb 3
option mute 20
option comp_lzo 1
+ option ping 10
+ option ping-restart 120
Select "start" in the web interface; for whatever reason this always results in
a new configuration being generated, just ignore it. If the status doesn't
@@ -114,6 +128,15 @@ Restart the whole kit-and-kaboodle, re-enable openvpn, and see if things work!
If it doesn't, try watching syslog on both ends while attempting pings, and
inspect the addresses and routing tables with ``ip -6 route`` and ``ifconfig``.
+## TCP Follow Up
+
+With the above configuration (based on UDP), I would eventually (after a few
+days) get ``TLS Error: local/remote TLS keys are out of sync`` errors and need
+to restart both ends.
+
+I'm now testing with TCP ("option proto tcp-client" on the client and "proto
+tcp-server" on the VPS server).
+
# Lazy plaintext no-config Method (raw, for historical reference)
http://serverfault.com/questions/231950/openvpn-ipv6-tunnel-radvd