summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbnewbold <bnewbold@robocracy.org>2012-11-16 03:36:35 +0100
committerbnewbold <bnewbold@robocracy.org>2012-11-16 03:36:35 +0100
commit08b174f09d29fa283ce4046577b1c13a9719fa0c (patch)
treef7af7a742fe501b4e23ec1b921234716cd34de70
parentc4391ddb9afe622a5b8ad4efc62dfdd3b5e301a7 (diff)
downloadrooter_wiki-08b174f09d29fa283ce4046577b1c13a9719fa0c.zip
rooter_wiki-08b174f09d29fa283ce4046577b1c13a9719fa0c.tar.gz
fixed ipv6 vpn tunnel directions
-rw-r--r--vpntunnel.page20
1 files changed, 15 insertions, 5 deletions
diff --git a/vpntunnel.page b/vpntunnel.page
index e93619c..f24a012 100644
--- a/vpntunnel.page
+++ b/vpntunnel.page
@@ -72,12 +72,22 @@ if you must have ipv4 routing with NAT:
ping-restart 120
Go to "Network" tab of web interface and create new "wan6" interface with the
-"tun0" OpenVPN adapter selected. Set the IPv6 address to fec0::2 and the IPv6
-gateway to fec0:;1. Go to "Firewall Settings" and create a new wan6 firewall
-zone.
+"tun0" OpenVPN adapter selected. Set the IPv6 address to fec0::2/64 and the IPv6
+gateway to fec0::1 (also, if not already specified, use static address config
+and disable router advertisements (RA)). go to the firewall tab of "wan6"
+settings and add the wan6 interface to the "wan" firewall zone. edit the "lan"
+interface and add the ::1 address for the delegated /64 as the IPv6 address
+(you don't need to set a gateway).
--> static config
--> don't sent RA
+to *allow* inbound ipv6, create a new "wan6" zone, move the wan6 interface into
+it, and create an allow firewall rule from wan6 -> lan.
+
+## Devices
+
+Linux machines will want to ensure that:
+
+ net.ipv6.conf.all.use_tempaddr = 2
+ net.ipv6.conf.default.use_tempaddr = 2
## References