OpenVPN with IPv6 WAN IP?
-
Hi,
how would I make OpenVPN listen on the external IPv6 IP? My ISP is beginning to switch customers to DS-Lite, so it would be nice if OpenVPN would work when accessed via IPv6.
Many thanks for any hints!
-
There's no reason I know of that it can't do that, but it appears our GUI doesn't list the IPv6 IPs.
In the advanced options, try putting "local x
x::x" (without quotes) where xx::x is your actual IPv6 "wan" address.Also make sure you have a firewall to pass IPv6 tcp or udp to the correct port on there.
-
Actually I can't seem to get it to bind to IPv6 no matter what I do even manually. Might need some more research there, it may not work.
-
I tried to alter the config manually on the console. IIRC the daemon would not start if I used
proto udp6Which seems so be a necessary step to take according to this:
http://blog.cykerway.com/post/250
-
Actually I can't seem to get it to bind to IPv6 no matter what I do even manually. Might need some more research there, it may not work.
Now it's listening, edited the config manually. I tried with TCP though and have yet to see if I can access it from the outside.
You need to setproto tcp6-serverinstead of
proto tcp-serverAnd you have to switch the local entry to your IPv6 IP as it was already mentioned.
-
ok, that should make it a bit easier to tinker with. I wish it could automatically switch between both. I imagine it could on the client side, since you can specify remotes with "remote <server><proto>" and maybe you can do "remote x.x.x.x udp" and "remote x
x::x udp6", but that would need some testing. The server side looks like it will need a master switch of some sort to select between IPv4 and IPv6.</proto></server>
-
I can connect to my server just fine now, had to adapt the client conf:
proto tcp6and change the IP to
remote 2001:xxxx 9443My test server listens on 9443.
-
can you try that with:
remote 2001:xxxx 9443 tcp6All on one line?
-
Works like a charm. I removed the```
proto tcp6
-
ok.
Here is another step forward…
https://github.com/bsdperimeter/pfsense/commit/6714bbdc6573489a25e2b93eeb9e94e2251475b6
-
Great, many many thanks! Tried the new .inc file on my pfSense KVM. The generated server configuration looks good and works fine!
