blob: e93619c601a7e97fb5a24958d55dbc00754f84a8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
On the server side, install openvpn 2.3 (beta):
http://repos.openvpn.net/repos/apt/squeeze-snapshots/
On the router, install openvpn-devel ipkg.
## Server Configuration
/etc/openvpn/server.conf:
script-security 2
;local a.b.c.d
port 1194
dev tun0
tun-ipv6
tls-server
mode server
proto tcp-server
up-restart
ifconfig-ipv6 fec0::1/64 fec0::1
route-ipv6 2600:3c03:e001:1300::/56 fec0::1
;server-ipv6 2600:3c03:e001:1300::1/64
server 10.4.0.0 255.255.0.0
;ifconfig-pool-persist ipp.txt 0
ccd-exclusive
client-config-dir /etc/openvpn/clients
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
mkdir /etc/openvpn/clients and add files specifying routed ipv6 prefixes, like
/etc/openvpn/ttt:
iroute-ipv6 2600:3c03:e001:1302::/64 fec0::1
if you must have ipv4 routing with NAT:
iroute 10.4.0.10 10.4.0.1
iroute-ipv6 2600:3c03:e001:1303::/64 fec0::1
## rooter Configuration
/etc/openvpn/client.conf:
verb 3
mute 20
client
pull
dev tun0
tun-ipv6 1
proto tcp-client
tls-client
remote sniffles.rooter.is 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/rooter_ca.crt
cert /etc/openvpn/ttt.crt
key /etc/openvpn/ttt.key
comp-lzo yes
ping 10
ping-restart 120
Go to "Network" tab of web interface and create new "wan6" interface with the
"tun0" OpenVPN adapter selected. Set the IPv6 address to fec0::2 and the IPv6
gateway to fec0:;1. Go to "Firewall Settings" and create a new wan6 firewall
zone.
-> static config
-> don't sent RA
## References
- http://www.greenie.net/ipv6/openvpn.html
- https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
|