1 files changed, 23 insertions, 0 deletions

diff --git a/networking/ipv6vpn.page b/networking/ipv6vpn.page
index 4aef252..c9f1ca0 100644
--- a/networking/ipv6vpn.page
+++ b/networking/ipv6vpn.page
@@ -35,6 +35,18 @@ Then copy the following to /etc/openvpn/server.conf:
     proto udp
     dev tun
     tun-ipv6
+    ca ca.crt
+    cert server.crt
+    key server.key
+    dh dh1024.pem
+    keepalive 10 120
+    comp-lzo
+    persist-key
+    persist-tun
+    status openvpn-status.log
+    verb 3
+    ;ifconfig fec0::1 fec0::2
+    ;route 2600:3c03:e001:1301::/64 fec0::2
 
 Add openvpn to the default service group and bring up the daemon:
 
@@ -88,6 +100,8 @@ and scp credentials to /etc/openvpn:
             option verb 3
             option mute 20
             option comp_lzo 1
+            option ping 10
+            option ping-restart 120
  
 Select "start" in the web interface; for whatever reason this always results in
 a new configuration being generated, just ignore it. If the status doesn't
@@ -114,6 +128,15 @@ Restart the whole kit-and-kaboodle, re-enable openvpn, and see if things work!
 If it doesn't, try watching syslog on both ends while attempting pings, and
 inspect the addresses and routing tables with ``ip -6 route`` and ``ifconfig``.
 
+## TCP Follow Up
+
+With the above configuration (based on UDP), I would eventually (after a few
+days) get ``TLS Error: local/remote TLS keys are out of sync`` errors and need
+to restart both ends. 
+
+I'm now testing with TCP ("option proto tcp-client" on the client and "proto
+tcp-server" on the VPS server).
+
 # Lazy plaintext no-config Method (raw, for historical reference)
 
 http://serverfault.com/questions/231950/openvpn-ipv6-tunnel-radvd