Server: Vultr
OS: Ubuntu 18.04
Protocol: TCP
Openvpn: 2.4.6
A lot of time, I struggled with Ipv6. Is it necessary to have it or not really need? After trial and errors, finally, I found the solution. Enjoy ~~
// Edit server.conf with nano
nano /etc/openvpn/server.conf
// Change proto to listen on ipv6 (TCP)
// UDP will change to "proto udp6"
proto tcp6-server
// Put in Ipv6 address and route
server-ipv6 2001:db8:cada::/64
route-ipv6 2001:db8:daca::/64
// Restart Openvpn service
service openvpn restartSecond step
Second
// Edit /etc/sysctl.conf
nano /etc/sysctl.conf
// insert
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.proxy_ndp = 1
// Save and restart
sysctl -pLast step
// Enable ipv6 iptables port
// Manually edit
*filter part
-A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 2001:db8:cada::/64 -j ACCEPT
-A FORWARD -s 2001:db8:daca::/64 -j ACCEPT
*nat part
-A POSTROUTING -s 2001:db8:daca::/64 -o ens3 -j MASQUERADE
-A POSTROUTING -s 2001:db8:cada::/64 -o ens3 -j MASQUERADE
// restore ipv6 rules
ip6tables-restore < /etc/iptables/rules.v6
// with cmd
ip6tables --table nat -A POSTROUTING -s 2001:db8:cada::/64 -o ens3 -j MASQUERADE
ip6tables --table nat -A POSTROUTING -s 2001:db8:daca::/64 -o ens3 -j MASQUERADE
ip6tables -A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
Try to ping google
ping6 ipv6.google.com
References:
- https://community.openvpn.net/openvpn/wiki/GettingStartedwithOVPN
- https://techblog.synagila.com/2016/02/24/build-a-openvpn-server-on-ubuntu-to-provide-a-ipv6-tunnel-over-ipv4/
- http://ipv6friday.org/blog/2012/01/ipv6-and-dns/
- https://feeding.cloud.geek.nz/posts/ipv6-and-openvpn-on-linode/