diff options
author | bnewbold <bnewbold@robocracy.org> | 2012-11-13 23:27:23 +0100 |
---|---|---|
committer | bnewbold <bnewbold@robocracy.org> | 2012-11-13 23:27:23 +0100 |
commit | 0d1277144611926e46d09652f42be1de95c75477 (patch) | |
tree | 70b116d4f62e28278acd75c0810feb591c516248 | |
parent | 1a89e4892949246d8ec7e58d7027ad6ac002bce2 (diff) | |
download | rooter_wiki-0d1277144611926e46d09652f42be1de95c75477.tar.gz rooter_wiki-0d1277144611926e46d09652f42be1de95c75477.zip |
ipv6 tunneling update
-rw-r--r-- | vpntunnel.page | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/vpntunnel.page b/vpntunnel.page new file mode 100644 index 0000000..e93619c --- /dev/null +++ b/vpntunnel.page @@ -0,0 +1,85 @@ + +On the server side, install openvpn 2.3 (beta): + + http://repos.openvpn.net/repos/apt/squeeze-snapshots/ + +On the router, install openvpn-devel ipkg. + +## Server Configuration + +/etc/openvpn/server.conf: + + script-security 2 + ;local a.b.c.d + port 1194 + + dev tun0 + tun-ipv6 + tls-server + mode server + proto tcp-server + up-restart + ifconfig-ipv6 fec0::1/64 fec0::1 + route-ipv6 2600:3c03:e001:1300::/56 fec0::1 + ;server-ipv6 2600:3c03:e001:1300::1/64 + server 10.4.0.0 255.255.0.0 + + ;ifconfig-pool-persist ipp.txt 0 + ccd-exclusive + client-config-dir /etc/openvpn/clients + + comp-lzo + persist-key + persist-tun + status openvpn-status.log + log-append openvpn.log + +mkdir /etc/openvpn/clients and add files specifying routed ipv6 prefixes, like +/etc/openvpn/ttt: + + iroute-ipv6 2600:3c03:e001:1302::/64 fec0::1 + +if you must have ipv4 routing with NAT: + + iroute 10.4.0.10 10.4.0.1 + iroute-ipv6 2600:3c03:e001:1303::/64 fec0::1 + +## rooter Configuration + +/etc/openvpn/client.conf: + + verb 3 + mute 20 + + client + pull + dev tun0 + tun-ipv6 1 + proto tcp-client + tls-client + + remote sniffles.rooter.is 1194 + resolv-retry infinite + nobind + persist-key + persist-tun + ca /etc/openvpn/rooter_ca.crt + cert /etc/openvpn/ttt.crt + key /etc/openvpn/ttt.key + + comp-lzo yes + ping 10 + ping-restart 120 + +Go to "Network" tab of web interface and create new "wan6" interface with the +"tun0" OpenVPN adapter selected. Set the IPv6 address to fec0::2 and the IPv6 +gateway to fec0:;1. Go to "Firewall Settings" and create a new wan6 firewall +zone. + +-> static config +-> don't sent RA + +## References + +- http://www.greenie.net/ipv6/openvpn.html +- https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage |