4

I'm running OpenVPN on Debian Lenny and Tunnelblick on OSX. my goal is to have a fully routed VPN that supports IPv6. the OpenVPN server has a functional 6to4 device, so now my goal is to get the clients to route their IPv6 traffic over the VPN.

after OpenVPN starts, it runs these commands to configure its tap0 device for IPv6:

ifconfig $dev up
ifconfig $dev add 2001:470:e910:1000::1/64

so far, I've been manually performing the OSX side of things. I've gotten to here:

ifconfig tap0 inet6 2001:470:e910:1000::2
route add -inet6 default 2001:470:e910:1000::1
route add -inet6 2000:: -prefixlen 3 2001:470:e910:1000::1

with these commands, I can ping client.tap0, server.tap0 and server.6to4, but cannot get any traffic beyond the 6to4 device. without BOTH routes, no traffic gets to the server at all. I havent done much routing or IPv6, so I'm stumped.

neoice
  • 884
  • 5
  • 17

1 Answers1

4

Make sure you have IPv6 forwarding enabled (net.ipv6.conf.*.forwarding sysctls) and you aren't accidentally firewalling the traffic away.

Also, have you considered IPv6 Stateless Autoconfiguration instead of manually configuring the clients? Basically, you need to install radvd on the server and have it advertise your prefix (subnet) and the gateway on the tap0 device.

mmarx
  • 126
  • 4
  • I've not considered radvd. I dont think OSX supports it (I saw reports of it not supporting DHCPv6 anyways.) I'm mostly playing around, so its not too bad for me to manually configure one or two clients. OpenVPN can execute scripts when it opens connections too. – neoice Oct 10 '09 at 22:42
  • 1
    DHCPv6 is statefull autoconfiguration, which requires running a DHCPv6 client. Stateless autoconfiguration, however, is implemented in the IP stack. Now, there is no DHCPv6 client available for OSX, but stateless autoconfiguration does work. – mmarx Oct 10 '09 at 23:34