OpenVPN IPv6 gateway

Loco_roko · September 24, 2021, 9:43pm

Hello

I have Openvpn server installed and use it to connect with my phone/laptop to my network (for homeautomation purpose).
I have done it with this guide : "https://openwrt.org/docs/guide-user/services/vpn/openvpn/server"
Openvpn works quite well with ipv4 connection but problem is that my ISP change ip adress every 5 days.
I have static ipv6 adress but cant find anywhere how to setup my server / client for ipv6
Can someone please help me?

Kind regards

vgaetera · September 25, 2021, 1:02am

Loco_roko · September 25, 2021, 10:53am

thx for fast reply, have done that but it's still not working,

vgaetera · September 25, 2021, 5:10pm

Be sure to configure DDNS client service for both IPv4 and IPv6 on the server side.
Replace the argument for the option remote with your DDNS domain.
Specify multiple entries if domains for IPv4 and IPv6 are different.
In addition, add the option float to the client config.

Loco_roko · September 28, 2021, 7:48pm

Hey

Thx for reply.
Why do I need DDNS? I have static ipv6? I would only like to connect with ipv6

So I have played today with vpn and still can't configure it.

this is my client config

user nobody
group nogroup
dev tun
nobind
client
proto udp6
remote "my ipv6" 1194
auth-nocache
remote-cert-tls server

and this server:

user nobody
group nogroup
dev tun
port 1194
proto udp6
server fdf1:e8a1:8d3f:8::2/64
topology subnet
client-to-client
keepalive 10 60
persist-tun
persist-key
push "dhcp-option DNS fdf1:e8a1:8d3f:8::2/64.1"
push "dhcp-option DOMAIN lan"
push "redirect-gateway def1"
push "persist-tun"
push "persist-key"

Error that I get is " Transport Error: UDP connect error on "myipv6:1194". Network is unreacheble"

vgaetera · September 29, 2021, 1:04am

Your server config is totally wrong.
IPv6 must not replace IPv4, but run in dual-stack.
You can regenerate the proper config with the same keys like this:

URL="https://openwrt.org/_export/code/\
docs/guide-user/services/vpn/openvpn/server"
cat << EOF > openvpn-server.sh
$(wget -U "" -O - "${URL}?codeblock=0" \
| sed -e "/^opkg\s/s/^/#/")
$(wget -U "" -O - "${URL}?codeblock=2")
$(wget -U "" -O - "${URL}?codeblock=3")
$(wget -U "" -O - "${URL}/../extras?codeblock=13")
EOF
sh openvpn-server.sh

Loco_roko · September 30, 2021, 5:00pm

thx man, tried but getting ssh error,
Going to do ddns option.

DonJuane · November 2, 2022, 5:58pm

I have a ISP home connection (Totalplay) I believe that has multiple level or a "cone" NAT and that may be the reason that IP4 inbound port 1194 is not coming through even though I have enabled it on my HG8145V5 ONT (modem/router forward to OpenWRT DMZ) is not working. Just doing reading at an elementary level which I partially understand, someone said that using IPv6 could override that. Is this possible? I am trying to get an open port for my OpenVPN server running on my OpenWRT that is identified as the DMZ address from fiber ISP ONT. The HG8145V5 seems to be really stripped down of function by the ISP, by the way so anything would have to happen in the OpenWRT router that is the DMZ defined. Thank you.

Backstage2539 · June 20, 2023, 4:18pm

Totally solve my problem, openwrt commercial guide is just a shit.

system · September 23, 2023, 1:46am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.