From 56a8e735b6fa5e1163365b6ce62f66016ff5521e Mon Sep 17 00:00:00 2001 From: Kyle Manna Date: Sun, 5 Jul 2015 21:28:44 -0700 Subject: [PATCH] docs: ipv6: Add initial development guide * Work in progress. --- docs/ipv6.md | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 docs/ipv6.md diff --git a/docs/ipv6.md b/docs/ipv6.md new file mode 100644 index 0000000..b015136 --- /dev/null +++ b/docs/ipv6.md @@ -0,0 +1,74 @@ +# IPv6 Support + +This is a work in progress, more polish to follow. Use the `dev` git branch and `dev` docker image tag for testing. + +## Tunnel IPv6 Address To OpenVPN Clients + +This feature is advanced and recommended only for those who already have a functioning IPv4 tunnel and know how IPv6 works. + +Systemd is used to setup a static route and Debian 8.1 or later is recommended as the host distribution. Others probably work, but haven't been tested. + +### Step 1 — Setup IPv6 on the Host Machine + +The tutorial uses a free tunnel from [tunnelbroker.net](https://tunnelbroker.net/) to get a /64 and /48 prefix allocated to me. The tunnel endpoint is less then 3 ms away from Digital Ocean's San Francisco datacenter. + +Place the following in `/etc/network/interfaces`. Relace `PUBLIC_IP` with your host's public IPv4 address and replace 2001:db8::2 and 2001:db8::1 with the corresponding tunnel endpoints: + + auto he-ipv6 + iface he-ipv6 inet6 v4tunnel + address 2001:db8::2 + netmask 64 + endpoint 72.52.104.74 + local PUBLIC_IP + ttl 255 + gateway 2001:db8::1 + +Bring the interface up: + + ifup he-ipv6 + +Test that IPv6 works on the host: + + ping6 google.com + +If this doesn't work, figure it out. It may be necessary to add an firewall rule to allow IP protocol 41 through the firewall. + +### Step 2 — Setup the systemd Unit File + +Copy the systemd init file from the docker-openvpn /init directory of the repository and install into `/etc/systemd/system/docker-openvpn.conf` + +Edit the file, replace `IP6_PREFIX` value with the value of your /64 prefix. + +Finally, reload systemd so the changes take affect: + + systemctl daemon-reload + +### Step 3 — Start OpenVPN + +Ensure that OpenVPN has been initialized and configured as described in the top level `README.md`. + +Start the systemd service file: + + systemctl start docker-openvpn + +Verify logs if needed: + + systemctl status docker-openvpn + docker logs openvpn0 + +### Step 4 — Modify Client Config for IPv6 Default Route + +Append the default route for the public Internet: + + echo "route-ipv6 2000::/3" >> clientname.ovpn + +### Step 5 — Start up Client + +If all went according to plan, then `ping6 2600::` and `ping6 google.com` should work. + +Fire up a web browser and attempt to navigate to [https://ipv6.google.com](https://ipv6.google.com). + + +## Connect to the OpenVPN Server Over IPv6 + +Not implemented, yet.