On the server side, install openvpn 2.3 (beta): http://repos.openvpn.net/repos/apt/squeeze-snapshots/ On the router, install openvpn-devel ipkg. ## Server Configuration /etc/openvpn/server.conf: script-security 2 ;local a.b.c.d port 1194 dev tun0 tun-ipv6 tls-server mode server proto tcp-server up-restart ifconfig-ipv6 fec0::1/64 fec0::1 route-ipv6 2600:3c03:e001:1300::/56 fec0::1 ;server-ipv6 2600:3c03:e001:1300::1/64 server 10.4.0.0 255.255.0.0 ;ifconfig-pool-persist ipp.txt 0 ccd-exclusive client-config-dir /etc/openvpn/clients comp-lzo persist-key persist-tun status openvpn-status.log log-append openvpn.log mkdir /etc/openvpn/clients and add files specifying routed ipv6 prefixes, like /etc/openvpn/ttt: iroute-ipv6 2600:3c03:e001:1302::/64 fec0::1 if you must have ipv4 routing with NAT: iroute 10.4.0.10 10.4.0.1 iroute-ipv6 2600:3c03:e001:1303::/64 fec0::1 ## rooter Configuration /etc/openvpn/client.conf: verb 3 mute 20 client pull dev tun0 tun-ipv6 1 proto tcp-client tls-client remote sniffles.rooter.is 1194 resolv-retry infinite nobind persist-key persist-tun ca /etc/openvpn/rooter_ca.crt cert /etc/openvpn/ttt.crt key /etc/openvpn/ttt.key comp-lzo yes ping 10 ping-restart 120 Go to "Network" tab of web interface and create new "wan6" interface with the "tun0" OpenVPN adapter selected. Set the IPv6 address to fec0::2 and the IPv6 gateway to fec0:;1. Go to "Firewall Settings" and create a new wan6 firewall zone. -> static config -> don't sent RA ## References - http://www.greenie.net/ipv6/openvpn.html - https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage