summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbnewbold <bnewbold@robocracy.org>2012-11-13 23:27:23 +0100
committerbnewbold <bnewbold@robocracy.org>2012-11-13 23:27:23 +0100
commit0d1277144611926e46d09652f42be1de95c75477 (patch)
tree70b116d4f62e28278acd75c0810feb591c516248
parent1a89e4892949246d8ec7e58d7027ad6ac002bce2 (diff)
downloadrooter_wiki-0d1277144611926e46d09652f42be1de95c75477.tar.gz
rooter_wiki-0d1277144611926e46d09652f42be1de95c75477.zip
ipv6 tunneling update
-rw-r--r--vpntunnel.page85
1 files changed, 85 insertions, 0 deletions
diff --git a/vpntunnel.page b/vpntunnel.page
new file mode 100644
index 0000000..e93619c
--- /dev/null
+++ b/vpntunnel.page
@@ -0,0 +1,85 @@
+
+On the server side, install openvpn 2.3 (beta):
+
+ http://repos.openvpn.net/repos/apt/squeeze-snapshots/
+
+On the router, install openvpn-devel ipkg.
+
+## Server Configuration
+
+/etc/openvpn/server.conf:
+
+ script-security 2
+ ;local a.b.c.d
+ port 1194
+
+ dev tun0
+ tun-ipv6
+ tls-server
+ mode server
+ proto tcp-server
+ up-restart
+ ifconfig-ipv6 fec0::1/64 fec0::1
+ route-ipv6 2600:3c03:e001:1300::/56 fec0::1
+ ;server-ipv6 2600:3c03:e001:1300::1/64
+ server 10.4.0.0 255.255.0.0
+
+ ;ifconfig-pool-persist ipp.txt 0
+ ccd-exclusive
+ client-config-dir /etc/openvpn/clients
+
+ comp-lzo
+ persist-key
+ persist-tun
+ status openvpn-status.log
+ log-append openvpn.log
+
+mkdir /etc/openvpn/clients and add files specifying routed ipv6 prefixes, like
+/etc/openvpn/ttt:
+
+ iroute-ipv6 2600:3c03:e001:1302::/64 fec0::1
+
+if you must have ipv4 routing with NAT:
+
+ iroute 10.4.0.10 10.4.0.1
+ iroute-ipv6 2600:3c03:e001:1303::/64 fec0::1
+
+## rooter Configuration
+
+/etc/openvpn/client.conf:
+
+ verb 3
+ mute 20
+
+ client
+ pull
+ dev tun0
+ tun-ipv6 1
+ proto tcp-client
+ tls-client
+
+ remote sniffles.rooter.is 1194
+ resolv-retry infinite
+ nobind
+ persist-key
+ persist-tun
+ ca /etc/openvpn/rooter_ca.crt
+ cert /etc/openvpn/ttt.crt
+ key /etc/openvpn/ttt.key
+
+ comp-lzo yes
+ ping 10
+ ping-restart 120
+
+Go to "Network" tab of web interface and create new "wan6" interface with the
+"tun0" OpenVPN adapter selected. Set the IPv6 address to fec0::2 and the IPv6
+gateway to fec0:;1. Go to "Firewall Settings" and create a new wan6 firewall
+zone.
+
+-> static config
+-> don't sent RA
+
+## References
+
+- http://www.greenie.net/ipv6/openvpn.html
+- https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage