docs: ipv6: Add initial development guide
* Work in progress.
This commit is contained in:
Kyle Manna
parent
9c8d195880
commit
56a8e735b6
74
docs/ipv6.md
Normal file
74
docs/ipv6.md
Normal file
@ -0,0 +1,74 @@
|
|||||||
|
# IPv6 Support
|
||||||
|
|
||||||
|
This is a work in progress, more polish to follow. Use the `dev` git branch and `dev` docker image tag for testing.
|
||||||
|
|
||||||
|
## Tunnel IPv6 Address To OpenVPN Clients
|
||||||
|
|
||||||
|
This feature is advanced and recommended only for those who already have a functioning IPv4 tunnel and know how IPv6 works.
|
||||||
|
|
||||||
|
Systemd is used to setup a static route and Debian 8.1 or later is recommended as the host distribution. Others probably work, but haven't been tested.
|
||||||
|
|
||||||
|
### Step 1 — Setup IPv6 on the Host Machine
|
||||||
|
|
||||||
|
The tutorial uses a free tunnel from [tunnelbroker.net](https://tunnelbroker.net/) to get a /64 and /48 prefix allocated to me. The tunnel endpoint is less then 3 ms away from Digital Ocean's San Francisco datacenter.
|
||||||
|
|
||||||
|
Place the following in `/etc/network/interfaces`. Relace `PUBLIC_IP` with your host's public IPv4 address and replace 2001:db8::2 and 2001:db8::1 with the corresponding tunnel endpoints:
|
||||||
|
|
||||||
|
auto he-ipv6
|
||||||
|
iface he-ipv6 inet6 v4tunnel
|
||||||
|
address 2001:db8::2
|
||||||
|
netmask 64
|
||||||
|
endpoint 72.52.104.74
|
||||||
|
local PUBLIC_IP
|
||||||
|
ttl 255
|
||||||
|
gateway 2001:db8::1
|
||||||
|
|
||||||
|
Bring the interface up:
|
||||||
|
|
||||||
|
ifup he-ipv6
|
||||||
|
|
||||||
|
Test that IPv6 works on the host:
|
||||||
|
|
||||||
|
ping6 google.com
|
||||||
|
|
||||||
|
If this doesn't work, figure it out. It may be necessary to add an firewall rule to allow IP protocol 41 through the firewall.
|
||||||
|
|
||||||
|
### Step 2 — Setup the systemd Unit File
|
||||||
|
|
||||||
|
Copy the systemd init file from the docker-openvpn /init directory of the repository and install into `/etc/systemd/system/docker-openvpn.conf`
|
||||||
|
|
||||||
|
Edit the file, replace `IP6_PREFIX` value with the value of your /64 prefix.
|
||||||
|
|
||||||
|
Finally, reload systemd so the changes take affect:
|
||||||
|
|
||||||
|
systemctl daemon-reload
|
||||||
|
|
||||||
|
### Step 3 — Start OpenVPN
|
||||||
|
|
||||||
|
Ensure that OpenVPN has been initialized and configured as described in the top level `README.md`.
|
||||||
|
|
||||||
|
Start the systemd service file:
|
||||||
|
|
||||||
|
systemctl start docker-openvpn
|
||||||
|
|
||||||
|
Verify logs if needed:
|
||||||
|
|
||||||
|
systemctl status docker-openvpn
|
||||||
|
docker logs openvpn0
|
||||||
|
|
||||||
|
### Step 4 — Modify Client Config for IPv6 Default Route
|
||||||
|
|
||||||
|
Append the default route for the public Internet:
|
||||||
|
|
||||||
|
echo "route-ipv6 2000::/3" >> clientname.ovpn
|
||||||
|
|
||||||
|
### Step 5 — Start up Client
|
||||||
|
|
||||||
|
If all went according to plan, then `ping6 2600::` and `ping6 google.com` should work.
|
||||||
|
|
||||||
|
Fire up a web browser and attempt to navigate to [https://ipv6.google.com](https://ipv6.google.com).
|
||||||
|
|
||||||
|
|
||||||
|
## Connect to the OpenVPN Server Over IPv6
|
||||||
|
|
||||||
|
Not implemented, yet.
|
||||||
Loading…
Reference in New Issue
Block a user