From 0d1277144611926e46d09652f42be1de95c75477 Mon Sep 17 00:00:00 2001
From: bnewbold <bnewbold@robocracy.org>
Date: Tue, 13 Nov 2012 23:27:23 +0100
Subject: ipv6 tunneling update

---
 vpntunnel.page | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 85 insertions(+)
 create mode 100644 vpntunnel.page

(limited to 'vpntunnel.page')

diff --git a/vpntunnel.page b/vpntunnel.page
new file mode 100644
index 0000000..e93619c
--- /dev/null
+++ b/vpntunnel.page
@@ -0,0 +1,85 @@
+
+On the server side, install openvpn 2.3 (beta):
+
+    http://repos.openvpn.net/repos/apt/squeeze-snapshots/
+
+On the router, install openvpn-devel ipkg.
+
+## Server Configuration
+
+/etc/openvpn/server.conf:
+
+    script-security 2
+    ;local a.b.c.d
+    port 1194
+
+    dev tun0
+    tun-ipv6
+    tls-server
+    mode server
+    proto tcp-server
+    up-restart
+    ifconfig-ipv6 fec0::1/64 fec0::1
+    route-ipv6 2600:3c03:e001:1300::/56 fec0::1
+    ;server-ipv6 2600:3c03:e001:1300::1/64
+    server 10.4.0.0 255.255.0.0
+
+    ;ifconfig-pool-persist ipp.txt 0
+    ccd-exclusive
+    client-config-dir /etc/openvpn/clients
+
+    comp-lzo
+    persist-key
+    persist-tun
+    status openvpn-status.log
+    log-append  openvpn.log
+
+mkdir /etc/openvpn/clients and add files specifying routed ipv6 prefixes, like
+/etc/openvpn/ttt:
+
+    iroute-ipv6 2600:3c03:e001:1302::/64 fec0::1
+
+if you must have ipv4 routing with NAT:
+
+    iroute 10.4.0.10 10.4.0.1
+    iroute-ipv6 2600:3c03:e001:1303::/64 fec0::1
+
+## rooter Configuration
+
+/etc/openvpn/client.conf:
+
+    verb 3
+    mute 20
+
+    client
+    pull
+    dev tun0
+    tun-ipv6 1
+    proto tcp-client
+    tls-client
+
+    remote sniffles.rooter.is 1194
+    resolv-retry infinite
+    nobind
+    persist-key
+    persist-tun
+    ca /etc/openvpn/rooter_ca.crt
+    cert /etc/openvpn/ttt.crt
+    key /etc/openvpn/ttt.key
+
+    comp-lzo yes
+    ping 10
+    ping-restart 120
+
+Go to "Network" tab of web interface and create new "wan6" interface with the
+"tun0" OpenVPN adapter selected. Set the IPv6 address to fec0::2 and the IPv6
+gateway to fec0:;1. Go to "Firewall Settings" and create a new wan6 firewall
+zone.
+
+-> static config
+-> don't sent RA
+
+## References
+
+- http://www.greenie.net/ipv6/openvpn.html
+- https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
-- 
cgit v1.2.3