summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbnewbold <bnewbold@robocracy.org>2012-09-10 23:36:17 +0200
committerbnewbold <bnewbold@robocracy.org>2012-09-10 23:36:17 +0200
commit6d7cbbecc893ea725fdd6fc9c54c4f9ac16e647d (patch)
tree664e351807f09468fd5752509b5d57c8b37af28f
parentd3a3d8b63cdeb5d6a8d3a098a1d80e6531d309f3 (diff)
downloadknowledge-6d7cbbecc893ea725fdd6fc9c54c4f9ac16e647d.tar.gz
knowledge-6d7cbbecc893ea725fdd6fc9c54c4f9ac16e647d.zip
robustness changes
-rw-r--r--networking/ipv6vpn.page39
1 files changed, 29 insertions, 10 deletions
diff --git a/networking/ipv6vpn.page b/networking/ipv6vpn.page
index de33f38..129f15d 100644
--- a/networking/ipv6vpn.page
+++ b/networking/ipv6vpn.page
@@ -14,6 +14,16 @@ ways.
[http://library.linode.com/networking/openvpn/debian-6-squeeze](linode library)
instructions, but heavily modified)
+First off, make sure you have IPv6 correctly configured on the VPS. I added the
+following to /etc/network/interfaces:
+
+ # The primary network interface
+ allow-hotplug eth0
+ iface eth0 inet dhcp
+ up /sbin/ip -6 addr add $VPN_IPV6_ADDR/64 dev eth0
+ up /sbin/ip -6 route add default via fe80::1 dev eth0
+ down /sbin/ip -6 addr del $VPN_IPV6_ADDR/64 dev eth0
+
On the remote host (runing debian wheezy), as root:
apt-get install openvpn udev
@@ -47,8 +57,23 @@ Then copy the following to /etc/openvpn/server.conf:
persist-tun
status openvpn-status.log
verb 3
- ;ifconfig fec0::1 fec0::2
+ ;ifconfig fec0::1 fec0::2 # IPv6 addrs not supported...
;route 2600:3c03:e001:1301::/64 fec0::2
+ script-security 2
+ up-restart
+ up-delay
+ up /usr/local/bin/ipv6_tunnel_up.sh
+
+Create /usr/local/bin/ipv6_tunnel_up.sh:
+
+Then make it executable:
+
+ chmod +x /usr/local/bin/ipv6_tunnel_up.sh
+
+Uncomment (or add) the following line in /etc/sysctl.conf (also execute this
+with ```sysctl -w`` the first time around):
+
+ net.ipv6.conf.all.forwarding=1
Add openvpn to the default service group and bring up the daemon:
@@ -56,15 +81,6 @@ Add openvpn to the default service group and bring up the daemon:
/etc/init.d/openvpn stop
/etc/init.d/openvpn start
-The tun0 interface comes up "bare" and not active by default; the following
-should be added to a post-init script, but for now just run it by hand:
-
- sysctl -w net.ipv6.conf.all.forwarding=1
- ip -6 route add default via fe80::1 dev eth0
- ip link set tun0 up
- ip addr add fec0::1/96 dev tun0
- ip route add $SITE_PREFIX::/64 via fec0::2 dev tun0
-
## On-site OpenWRT router
You'll need to have the certificates generated above available locally.
@@ -175,3 +191,6 @@ The lazy trick was to just use the OpenWRT LuCi interface and set up a wan6
firewall interface (enclosing tun0) instead of trying to do everything with the
``ip`` command.
+# Reference
+
+After writing this, I found: https://www.zagbot.com/openvpn_ipv6_tunnel.html