• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Getting IPv6 to work over OpenVPN

Scheduled Pinned Locked Moved OpenVPN
8 Posts 7 Posters 2.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • E
    ericafterdark
    last edited by May 16, 2015, 10:50 AM

    Current IPv4 situation:

    Data center box as OpenVPN server.
    pfSense box at home as OpenVPN client.

    My home connection routes all internet traffic through the data center box. Works.

    The data center box has a public IPv6 subnet and I would like to access the internet at home via IPv6 as well. My connection at home does not have IPv6 so I wonder where to start. I don't have IPv6 on my LAN yet.

    1 Reply Last reply Reply Quote 0
    • D
      divsys
      last edited by May 16, 2015, 3:17 PM

      The general concept is tunneling IPv6 through IPv4.

      I would move this over to the IPv6 forum and ask there.

      -jfp

      1 Reply Last reply Reply Quote 0
      • J
        johnpoz LAYER 8 Global Moderator
        last edited by May 21, 2015, 7:33 PM

        Do you have another /64 at the DC that you can use for the vpn tunnel?

        This is as simple as on your openvpn setup putting in /64 to use for the tunnel, and then if you want to route all your ipv6 traffic thru the vpn connection

        in the advanced section
        push "route-ipv6 2000::/3"

        Just set this up in other direction, don't have ipv6 at work but do at home..  Your other option if you want ipv6 at work is just setup a HE tunnel https://tunnelbroker.net/ you can get a single /64 from them or a /48 if you want to run multiple ipv6 networks at home or wherever.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • J
          jimp Rebel Alliance Developer Netgate
          last edited by May 21, 2015, 7:48 PM

          It all depends on how much address space you have and what the nature of the client is. For what you describe, your server end would need to have a /48 or /56 and then you'd use:

          • One /64 for the tunnel network on OpenVPN
          • One or more /64 networks for use by your home pfSense firewall (LAN, other local interfaces)

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • G
            gbotti
            last edited by Sep 15, 2017, 4:06 PM

            Hi.

            After searching for a while this is one of the Ideas that would help me. I know this Post is quiet old but I didn't find a (better) different solution and won't open another post.

            @johnpoz:

            Do you have another /64 at the DC that you can use for the vpn tunnel?

            This is as simple as on your openvpn setup putting in /64 to use for the tunnel, and then if you want to route all your ipv6 traffic thru the vpn connection

            in the advanced section
            push "route-ipv6 2000::/3"

            Just set this up in other direction, don't have ipv6 at work but do at home..  Your other option if you want ipv6 at work is just setup a HE tunnel https://tunnelbroker.net/ you can get a single /64 from them or a /48 if you want to run multiple ipv6 networks at home or wherever.

            I've got a pfSense in a Datacenter and in a Company LAN, both running 2.3.4_1. The Company-pfSense is behind another firewall system.

            Unfortunately the Network Admin won't provide me with any IPv6. Anyway. I am running some kind of Island in this Network and I have to test IPv6 traffic with Android Apps.

            I've configured an OpenVPN-Tunnel which is working great with forwarding all traffic on IPv4.

            In the Datacenter I've got a /56 network and I want to use those IPs in any way.

            Could you please provide some other details how to configure that or where I could find more information? I am no specialist to IPv6…

            1 Reply Last reply Reply Quote 0
            • J
              johnpoz LAYER 8 Global Moderator
              last edited by Sep 15, 2017, 4:11 PM

              So if you have a /56 that gives you 256 /64s to work with…  So use one for your tunnel network and then how ever many more you need in each site..

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • J
                JKnott
                last edited by Sep 20, 2017, 4:52 PM

                @johnpoz:

                So if you have a /56 that gives you 256 /64s to work with…  So use one for your tunnel network and then how ever many more you need in each site..

                There's an Advanced > Custom options on the Servers page and also Advanced > Additional configuration options on the Client export page.  Which are you referring to?  Does it matter which?

                I'm in the same situation where IPv4 works fine through OpenVPN, but IPv6 doesn't.  Using Packet Capture, I can see IPv6 pings coming in on the OpenVPN Server interface, but no response.  I'm also using one of my 256 /64 prefixes for the VPN.

                PfSense running on Qotom mini PC
                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                UniFi AC-Lite access point

                I haven't lost my mind. It's around here...somewhere...

                1 Reply Last reply Reply Quote 0
                • R
                  rudivd
                  last edited by Dec 18, 2017, 11:22 AM Dec 18, 2017, 11:11 AM

                  Hi,

                  Got this very same issue. Moved a from working with v6 (ovpn) config from 2.2 (yeah, old !)
                  to 2.4.2, and reconfigured openvpn.

                  Before with the same settings in 2.2 I got everything (including openvpn v6) working now,
                  I got in the (same as you) situation where I see packets over v6 coming to the openvpn link,
                  but no reply from the (outside) net, while I set rules on the ovpn interface to allow both v4 and v6.
                  I have the tunnel interface net defined as a /64 from my providers /58.
                  V6 routing on non-openvpn interfaces works great !

                  Do I need a static route to the ovpn interface maybe ?! (not needed before)

                  It might be due to the fact that the prefixes in the /58 that I use in the client subnet have not
                  explicitly been requested by dhcpv6 or so ? where before this just worked..
                  (note, I only changed the version of pfsense, nothing else)

                  Related question, how do I tell the dhcpv6 client to request that specific prefix as well as the others
                  that are distributed through the wired interface (ipv6-follow)

                  Rudi

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received