Configure IPv6 for OpenVPN?

H

Hu3yP72017-05-03 17:40:49

linux

Hu3yP7, 2017-05-03 17:40:49

Tell me, please, how to configure it correctly so that you can access ipv6 sites through VPN.
/etc/network/interfaces

# The primary network interface
auto ens3
iface ens3 inet static
        address 86.110.xx.xx
        netmask 255.255.252.0
        network 86.110.116.0
        broadcast 86.110.119.255
        gateway 86.110.116.1
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 8.8.8.8
        dns-search tk

iface ens3 inet6 static
        address 2a06:47c6::xxx
        netmask 32
        gateway 2a06:47c6::1

server.conf

# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d

port 1194

# TCP or UDP server?
;proto tcp
proto udp

;dev tap
dev tun
tun-ipv6

;dev-node MyTap

ca ca.crt
cert server.crt
key server.key  # This file should be kept secret

dh dh2048.pem

topology subnet

server 10.8.0.0 255.255.255.0
push "route-ipv6 0::/3"

ifconfig-pool-persist ipp.txt

;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

;server-bridge

;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"

;client-config-dir ccd
;route 192.168.40.128 255.255.255.248

;client-config-dir ccd
;route 10.9.0.0 255.255.255.252

;learn-address ./script

push "redirect-gateway def1"

push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

client-to-client

duplicate-cn

keepalive 10 120

tls-auth ta.key 0 # This file is secret
key-direction 0

;cipher BF-CBC        # Blowfish (default)
cipher AES-128-CBC   # AES
auth SHA256
;cipher DES-EDE3-CBC  # Triple-DES

comp-lzo

;max-clients 100

user nobody
group nogroup

persist-key
persist-tun

;log         openvpn.log
;log-append  openvpn.log

verb 3

;mute 20

User script

client

;dev tap
dev tun
tun-ipv6

;dev-node MyTap

;proto tcp
proto udp

remote 86.110.xx.xx 1194

;remote-random

resolv-retry infinite

nobind

user nobody
group nogroup

persist-key
persist-tun

;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

;mute-replay-warnings

ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
auth SHA256

remote-cert-tls server

;tls-auth ta.key 1

key-direction 1

# script-security 2
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf

comp-lzo

verb 3

;mute 20

connection log

Wed May 03 21:42:33 2017 NOTE: --user option is not implemented on Windows
Wed May 03 21:42:33 2017 NOTE: --group option is not implemented on Windows
Wed May 03 21:42:33 2017 OpenVPN 2.3.11 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
Wed May 03 21:42:33 2017 Windows version 6.1 (Windows 7) 64bit
Wed May 03 21: 42:33 2017 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09
Enter Management Password:
Wed May 03 21:42:33 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
Wed May 03 21:42 :33 2017 Need hold release from management interface, waiting...
Wed May 03 21:42:34 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
Wed May 03 21:42:34 2017 MANAGEMENT: CMD 'state on'
Wed May 03 21:42:34 2017 MANAGEMENT: CMD 'log all on'
Wed May 03 21:42:34 2017 MANAGEMENT: CMD 'hold off'
Wed May 03 21:42:34 2017 MANAGEMENT: CMD 'hold release'
Wed May 03 21:42:34 2017 Control Channel Authentication: tls-auth using INLINE static key file
Wed May 03 21:42:34 2017 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256'
for HMAC authentication
Wed May 03 21:42:34 2017 Socket Buffers: R= [8192->8192] S=[8192->8192]
Wed May 03 21:42:34 2017 UDPv4 link local: [undef]
Wed May 03 21:42:34 2017 UDPv4 link remote: [AF_INET]86.110.118.54:1194
Wed May 03 21:42:34 2017 MANAGEMENT: >STATE:1493822554,WAIT,,,
Wed May 03 21:42:34 2017 MANAGEMENT: >STATE:1493822554,AUTH,,,
Wed May 03 21:42:34 2017 TLS: Initial packet from [AF_INET]86.110.118.54:1194, sid=358b8f99 d1136c30
Wed May 03 21:42:35 2017 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, [email protected]
Wed May 03 21:42 :35 2017 Validating certificate key usage
Wed May 03 21:42:35 2017 ++ Certificate has key usage 00a0, expects 00a0
Wed May 03 21:42:35 2017 VERIFY KU OK
Wed May 03 21:42:35 2017 Validating certificate extended key usage
Wed May 03 21:42:35 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed May 03 21:42:35 2017 VERIFY EKU OK
Wed May 03 21:42:35 2017 VERIFY OK : depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, [email protected]
Wed May 03 21:42:35 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed May
03 21:42:35 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed May 03 21:42:35 2017 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed May 03 21:42:35 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed May 03 21:42:35 2017 [server] Peer Connection Initiated with [ AF_INET]86.110.118.54:1194
Wed May 03 21:42:36 2017 MANAGEMENT: >STATE:1493822556,GET_CONFIG,,,
Wed May 03 21:42:37 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed May 03 21:42:37 2017 PUSH: Received control message: 'PUSH_REPLY,route-ipv6 0::/3,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route- gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.3 255.255.255.0'
Wed May 03 21:42:37 2017 OPTIONS IMPORT: timers and/or timeouts modified
Wed May 03 21:42:37 2017 OPTIONS IMPORT: --ifconfig/up options modified
Wed May 03 21:42:37 2017 OPTIONS IMPORT: route options modified
Wed May 03 21:42:37 2017 OPTIONS IMPORT: route-related options modified
Wed May 03 21:42:37 2017 OPTIONS IMPORT: --ip-win32 and /or --dhcp-option options modified
Wed May 03 21:42:38 2017 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=19 HWADDR=94:de:80:c5:a4:4a
Wed May 03 21:42:38 2017 ROUTE6: default_gateway=UNDEF
Wed May 03 21:42:38 ipv6 options
Wed May 03 21:42:38 2017 OpenVPN ROUTE: failed to parse/resolve route for host/network: 0::/3
Wed May 03 21:42:38 2017 do_ifconfig, tt->ipv6=1, tt- >did_ifconfig_ipv6_setup=0
Wed May 03 21:42:38 2017 MANAGEMENT: >STATE:1493822558,ASSIGN_IP,,10.8.0.3,
Wed May 03 21:42:38 2017 open_tun, tt->ipv6=1
Wed May 03 21:42:38 2017 TAP -WIN32 device [Local Area Connection 13] opened: \\.\Global\{C7331B05-7852-4B3D-ACE4-F9D109C909F4}.tap
Wed May 03 21:42:38 2017 TAP-Windows Driver Version 9.21
Wed May 03 21 :42:38 2017 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.3/255.255.255.0 [SUCCEEDED]
Wed May 03 21:42:38 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.3/255.255.255.0 on interface {C7331B05-7852-4B3D-ACE4-F9D109C909F4} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
Wed May 03 21:42:38 2017 Successful ARP Flush on interface [28] {C7331B05-7852-4B3D-ACE4-F9D109C909F4}
Wed May 03 21:42:44 2017 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Wed May 03 21:42:44 2017 C:\Windows\system32\route.exe ADD 86.110.xx.xx MASK 255.255.255.255 192.168.1.1
Wed May 03 21:42:44
2017 .0.0 MASK 128.0.0.0 10.8.0.1
Wed May 03 21:42:44 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Wed May 03 21:42:44 2017 Route addition via IPAPI succeeded [adaptive]
Wed May 03 21:42:44 2017 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.1
Wed May 03 21:42:44 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Wed May 03 21:42:44 2017 Route addition via IPAPI succeeded [adaptive]
Wed May 03 21:42:44 2017 Initialization Sequence Completed
Wed May 03 21:42:44 2017 MANAGEMENT: >STATE:1493822564,CONNECTED,SUCCESS,10.8 .0.3,86.110.xx.xx

Ubuntu Server 16.04
Windows Client

Reply

Answer the question

In order to leave comments, you need to log in

0 answer(s)