Hey, I'm new to OpenWrt but so far the experience has been really good!
I'm trying to host an oVPN server on my router (bananaPi-R4) to access my homelab from outside without having to open a ton of ports.
The issue is that my internet connection is by DOCSIS so I require the ISP modem in the chain. This modem only allows me to open IPv6 ports.
The openVPN tutorial on openWrt doc only states IPv4 but I was hopping it wouldnt be so different with IPv6...
When I connect my phone to the ISP modem's wifi I can connect to the oVPN server with its "local" IPv4 address, this means that the communication between the BPi-R4 and the ISP modem works and that the oVPN server service works too.
I've opened port 1194 as inbound and outbound (with the IPv6 of the BPi-R4 as source and destination) on the ISP modem and I though I would be good to go.
I've done some research but cannot find anything usefull.
I can find my "external" IPv6 address from the ISP GUI but when I use an online IP finder it only gives me an IPv4 address... Why would there be a missmatch?
I've tried both the IPv4 address and the [IPv6] address in the config.ovpn file without any success...
Any ideas?
Thanks
I assume that your DOCSIS modem is not in bridge mode so it is acting as a router and when connected to your modem by wifi and ethernet you have internet.
First try to find out what the public IP address of your ISP router is, that should be stated on the info page of your modem.
Otherwise from a client connected on the modem use e.g. ipleak.net to see your IPv4 and IPv6 address.
If you do not have a public IPV4 or cannot port forward then IPv4 is not an option.
If you do not have a public IPv6 or cannot port Forward IPv6 (port forward is not the correct term as you open up a port for a specific client on your network but that has to be done and is different then opening up a port on the router itself) of course your local LAN clients must have a working IPv6 with GUA addresses.
If all the above is not present then consider using a third party to get access to your home.
Research things like zerotier, tailscale, cloudfared, ngrok etc
Oh and if you have a public IPv4 or IPv6 address I recommend using WireGuard instead of OpenVPN it is faster and easier to setup 
Yeah no, the docsis modem doesnt have a bridge mode...
My ISP's modem address is IPv6 but if I use ipleak it only gives me an IPv4 address and says:IPv6 test not reachable. (error) -> Oh wait no, thats because my workstation doesnt have ipv6 working (thats a problem for future me).
When I try via wifi I get an IPv6 for IPleak.net. Which corresponds to the ip shown by the ISP GUI of the devie I tested with. Not the one from the modem itself. So I guess in my client.ovpn I should put the router's IPv6 address instead of the ISP's modem. -> when I do this my client openVPN says DNS resolution error. I'll check what this means.
Yeah IPv4 is not an option for me.
I have a public IPv6 although. The GUA thing I think I've seen it somewhere but cant remember where.
I'll consider tailscale if I cant make it work. (Oh and it seems to be open source too, great)
As per wireguard I've heard both good and bad about compatibility and same for ovpn but slightly better for the latter. I'll consider it too. Thanks for the recommandations.
You indeed have to use the IPv6 address of the router the OpenVPN server runs on.
But note that the ISP router must allow traffic for the openvpn port with destination of your router, this is a kind of port forwarding, specific for IPv6
Yep, I've allowed inbound and outbound traffic at my openwrt ipv6 and at the same port as my config (the 1194 from the tutorial: https://openwrt.org/docs/guide-user/services/vpn/openvpn/server) and replaced udp by udp6 everywhere. And used square brackets [ ] around IPv6 addresses
Well I went with the recommandation of tailscale. I dont like the idea of using someone else services but at least I can use this until I get openVPN or wireguard working
With tailscale setup (that was really easy). I can access both Luci and my homelab. Thanks for the help. If you have any idea on how to fix my dns resolution error from openvpn I'd love a hint. I'll do a post later on as to why my workstation (windows) doesnt have IPv6 connectivity...
If it is not necessary to use a third party I would also not use one but sometimes there is no other choice.
Maybe my notes about setting up WireGuard can be helpful:
You need the WireGuard Server Setup guide
Better download it as Github only shows the first 5 pages.
Direct download WireGuard Server Setup guide
Thanks, I'll have a look.
You can also click "More pages" to get more than 5 pages 
I know it and you know it but a lot of people don't 