IPv6 tunnel using SLAAC?

  • I have an OpenVPN roadwarrior setup up and running which allows me to access LAN, etc. and the Internet via pfsense (no split). I have configured both, an IPv4 tunnel and an IPv6 tunnel. The IPv4 traffic uses pfsense’s IPv4 NAT to reach the Internet, while the IPv6 tunnel has a dedicated, routed /64 subnet assigned.

    However, the IPv6 assigned to the clients by OpenVPN are linear starting with ::1000. Is it possible to disable this kind of DHCPv6 and use SLAAC instead?

  • Rebel Alliance Developer Netgate

    Not that I'm aware of. OpenVPN has to manage the addresses it hands out in most cases except, depending on the config, for a bridged tap instance. I know in the case of a bridged tap setup IPv4 can be pulled from the LAN, but I have not tried SLAAC to see if that would come through as well. May all depend on the client in that case.

  • Thanks for the answer. Meanwhile I found the following on in the OpenVPN manual which describes the address assignment pretty well:

    “Specify an IPv6 address pool for dynamic assignment to clients. The pool starts at ipv6addr and increments by +1 for every new client (linear mode).”

    I believe that the linear mode is the only option for address assignment using a tun interface, and only tun is supported by my iOS devices. I’m going to request a feature like "Simulate IPv6 Privacy Extension" from OpenVPN, but I don’t see an straight forward solution for that.

Log in to reply