From e6f79043448a059ac1fe2f0accf5cd71351ad394 Mon Sep 17 00:00:00 2001
From: Kyle Manna <kyle@kylemanna.com>
Date: Sun, 5 Jul 2015 21:07:06 -0700
Subject: [PATCH] run: Add IPv6 forwarding if default route

* Enable IPv6 forwarding if docker daemon provided a default route
* For now this requires the --privileged flag, but this could be hacked
  around using `ip netns` madness.
---
 bin/ovpn_run | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/bin/ovpn_run b/bin/ovpn_run
index 5a2c95a..b58e82e 100755
--- a/bin/ovpn_run
+++ b/bin/ovpn_run
@@ -43,6 +43,16 @@ if [ -r "$EASYRSA_PKI/crl.pem" ]; then
     ARGS=("--crl-verify" "$OPENVPN/crl.pem")
 fi
 
+ip -6 route show default 2>/dev/null
+if [ $? = 0 ]; then
+    echo "Enabling IPv6 Forwarding"
+    # If this fails, ensure the docker container is run with --privileged
+    # Could be side stepped with `ip netns` madness to drop privileged flag
+
+    sysctl net.ipv6.conf.default.forwarding=1
+    sysctl net.ipv6.conf.all.forwarding=1
+fi
+
 if [ "$#" -gt 0 ]; then
     exec openvpn "$@"
 else