Posted: Fri Mar 12, 2021 23:11 Post subject: Adding ipv6 tunneling through existing ipv4 openvpn server?
Hi!
I have a functional private OpenVPN server (running on a mini router) that redirect all clients IPv4 internet traffic through it. I am looking to also redirect all internet IPv6 traffic through the same IPv4 connection.
Unfortunately, I need serious help here because the number of options regarding addressing is overwhelming and all the examples I have seen are partial or for a different setup.
Here are more details about the current configuration:
Main router: provided by ISP,fiber and phone service more specifically a Mitrastar GPT-2741GNAC-N2. THe IPv6 info get from the router: delegated Prefix, Link-Local Addres - LAN and Global IPv6 Address - WAN.
The router I configured is a GL.Inet 6416 (basically TP-Link TL-WR710N with more memory and only one lan and one wan) running DD-WRT v3.0-r45219 std (12/31/20). WAN assigned as LAN, DHCP disabled, main router assigns static IPv4 address and opens a port for it. VPN server redirects IP4 traffic.
I just need a bit of guidance on which IPV6 guides are applicable.
You must get a Delegated Prefix that is greater than 64 from the ISP where the VPN Server is located.
Break up the Delegated Prefix up into 64 sub-nets and use one for the VPN clients.
Thanks but It is precisely the address range that I should use for VPN clients that is a total confusion for me. I have to take into consideration that the dd-wrt router in my scenario is basically just a small linux like server on an existing network. The main router and allocation of a second 64 sub-net from the ISP is not an option from what I understand (but I could be totally wrong).
In that context I do not understand which "IPV6 type" I should use on the IPV6 page since the router's is inside a LAN.
Joined: 13 Aug 2013 Posts: 6870 Location: Romerike, Norway
Posted: Sun Mar 14, 2021 8:58 Post subject: Re: Adding ipv6 tunneling through existing ipv4 openvpn serv
papagirafe wrote:
Main router: provided by ISP,fiber and phone service more specifically a Mitrastar GPT-2741GNAC-N2. THe IPv6 info get from the router: delegated Prefix, Link-Local Addres - LAN and Global IPv6 Address - WAN.
Can you set the Delegated Prefix Size to 48, 56 or 60?
So far I have been able to make my 6416 router work with the ipv6 protocol basically by enabling ipv6 with prefix delegation/64 and disabling all the other options. I have seen this solution in other forums when searching for WAP (wireless access point with ethernet link).
I forgot to mention that, in the target environment where I want to install the 6416/openvpn server, I do not have control of the main router (I do not even have the pw!) so I everything has to be contained in my little box. The only thing that was provided to me is a static ipv4 address. I currently have a very similar router (AR150) working over there with an IPv4 only vpn. (My assumption is that the router over there will give me an prefix delegation/64.) As a reminder, I am trying to tunnel IPv6 through/inside this IPv4 opnvpn server.
So my problem now is to discover how to get a new block of adresses from th ISP (at no cost $$$) like suggested before or to use the singlepublic address of the 6416 with devious IPv6 NATing for internal VPN ipv6 adresses like I am doing in IPv4.
You must get a Delegated Prefix that is greater than 64 from the ISP where the VPN Server is located.
Break up the Delegated Prefix up into 64 sub-nets and use one for the VPN clients.
Update: after further investigation, I have confirmed that I receive a /48 delegated prefix from the ISP which make this solution possible. What I am unclear about is how and where the delegated breakup has to occur. In the main ISP router or my little 6416 box? I would prefer the second choice. Do you have any more details on this process (or a reference) ty in advance
sla-id can be from 0 to 32000 with a 16 bit sub-netting. sla-len=128-48-64=16
Thanks for the insight, it make things a lot clearer! Unfortunately in the target environment I have virtually no control over the ISP provided router. I might be able to restrict the range of DCHPv6 adresses like on my ISP's router but that is pushing my luck. I could flash "openwrt" on my box and add the NAT6 package to share a single IPV6 but I would still prefer DD-WRT.