Routing IPv6 space over OpenVPN client
-
Hello all,
I recently moved and had to switch to AT&T U-verse. Unfortunately, they don't make using native IPv6 easy so I've been thinking about routing a few /64s out of the /48 I have from a colo provider. I got the OpenVPN client working and have the server (on the colo) with its own /64 under server-ipv6. I route the /64 I want for the home-LAN to pfSense's v6 OpenVPN address. Alas, this doesn't seem to work. I can talk IPv6 normally over the client link, but anything involving the routed /64 fails.
I can't see anything obvious. Has anyone tried something like this before?
Thanks!
-
Sure, I've done that before several times.
It works identically to IPv4. So long as you have all of the routing setup properly on both ends, it works fine. You'll probably also have to assign the OpenVPN interface on the client side so you get a gateway there. If you are using SSL/TLS for OpenVPN that also means you need routes in the server config plus iroutes in an override.
-
Is there some specific reason for wanting to route traffic through your vpn to a colo? Wouldn't it just be easier to get /48 from HE via a tunnel and clickity clickity your done ;)
-
Is there some specific reason for wanting to route traffic through your vpn to a colo? Wouldn't it just be easier to get /48 from HE via a tunnel and clickity clickity your done ;)
I had a /48 from HE for awhile. It worked great until I moved where the provider actively blocks 6in4 on their RGs :(
-
"the provider actively blocks 6in4 on their RGs"
So they are blocking protocol 41? You ask them this and they gave you reason why? This is AT&T
http://www.dslreports.com/forum/r30137020-AT-T-U-Verse-Protocol-41-IPv6-Net-Neutrality-Complaint-with-FCC
What equipment do you have from them?
-
"the provider actively blocks 6in4 on their RGs"
So they are blocking protocol 41? You ask them this and they gave you reason why? This is AT&T
http://www.dslreports.com/forum/r30137020-AT-T-U-Verse-Protocol-41-IPv6-Net-Neutrality-Complaint-with-FCC
What equipment do you have from them?
I've got a Pace 5268AC. Disappointingly, there is native v6 available, but it doesn't support the /60 they hand out when you use it in DMZ+ (with pfSense).
I've thought about filing a net neutrality complaint, but I can likely see them citing security issues with allowing 6in4. Based on my research, they either deny or act confounded when asked (or served).
