Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPV6 via a OpenVPN tunnel

    IPv6
    4
    7
    5.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Norbert78
      last edited by

      Dear forum,
      I'm using a pfsense as a VPN gateway for a small network. All devices behind the pfsense tunnel to the IPredator network. The setup is working really well but only for IPV4. Since Yesterday, I'm trying to also make IPV6 working but I have no success :-(
      IPV6 is pretty new for me but I think that it is time to learn it :-)
      I'm starting with the root of the problem. When OpenVPN is connected to the server (which supports IPV6 according to the documentation) I get the following configuration for the virtual NIC:
      ovpnc1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
      options=80000 <linkstate>inet6 fe80::201:2eff:fe6c:7655%ovpnc1 prefixlen 64 scopeid 0x7
      inet 46.246.66.66 –> 46.246.66.1 netmask 0xffffff00
      nd6 options=21 <performnud,auto_linklocal>Opened by PID 65035

      The IPV4 configuration looks fine but the gateway that I bound to the OpenVPNIF does not get any IPV6 address assigned. Looking at that IPV6 address, it seems that this is only a link local address. This would explain why the gateway does not get any IP (as there is none).
      My question is: With this network configuration that I get from the server:  Is it possible to get thru IPV6 traffic at all? Or do I have to look for another VPN provider?

      Thanks in advance
      Norbert</performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast>

      1 Reply Last reply Reply Quote 0
      • I
        Inq
        last edited by

        I managed to enable ipv6 on my ovpn clients after pushing some custom options in the openvpn server. Check this post for details : https://forum.pfsense.org/index.php?topic=70880.0

        The problem with making something idiot proof is that the world keeps making better idiots.

        1 Reply Last reply Reply Quote 0
        • N
          Norbert78
          last edited by

          Unfortunately I don't control the server. So I have to live with its configuration.
          At the moment I'm just trying to understand what it gives me.
          And it seems that it does not really give me an IPV6 address :-(

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            So you have pfsense vpn into some vpn service.  If that service does not give you IPv6 then no your not going to be able use IPv6.. Have you checked with your vpn provider - do they support ipv6.. Most likely not to be honest..

            What I can tell you is if pfsense has IPv6 connectivity, then sure when clients connect to pfsense as their vpn server via openvpn then you can give them a ipv6 tunnel and they can talk ipv6 all they way through the vpn connection to pfsense and then out to the internet, etc.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • N
              Norbert78
              last edited by

              Thats obvious :-)
              In the meantime I managed to get an IPV6 address for the tun-Interface. The VPN server also pushes a route for 2000:/3 and I can do a ping6 to google from the pfsense :-)))
              However,  I did not manage to make IPV6 available to the LAN. For the IPV4 I use  the policy based routing to forward all traffic to the VPN. However pfsense does not seem to recognize the OPENVPN tun-IF as a IPV6 gateway. It does not offer me the tun-if as a gateway option for policy based routing :-(
              I'm also not sure, how I should configure IPV6 on the LAN interface. Should I assign a static IP within the OpenVPN subnet?

              So many questions…..
              Thanks
              Norbert

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                how exactly are you going to make it viable to the lan.. Is this tunnel giving you a /64 you can give to your other clients behind pfsense?  What IP are they going to talk to pfsense on, that knows to come back through the tunnel?

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                1 Reply Last reply Reply Quote 0
                • K
                  kpa
                  last edited by

                  What johnpoz is talking about is that with IPv6 tunnels the traffic is fully routed and the remote end must know which IPv6 prefix (usually a /64) it should route to the client end for two-directional traffic between the LAN network on the client and the IPv6 internet. Also that same prefix must be used on the local LAN for hosts by some method, manual or automatic configuration. OpenVPN as far as I know has no provisions for automatic configuration of IPv6 other than the one client IPv6 address that gets assigned to the local end of the tunnel network.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.