I've established a fully working IPv4 OpenVPN setup and wanted to go one step further and experiment with setting up IPv6. My VPS server does not get a native IPv6 block but does have a 6in4 tunnel interface setup, which is provided by Hurricane Electric. The IPv6 connectivity of the VPS box itself all works no problem.
Using the /48 provided from Hurricane Electric I created a /64 subnet out of it which the OpenVPN server instance can use no problem.
I set the correct server-ipv6 and route-ipv6 directives to route all IPv6 traffic through my VPS, in the same way IPv4 clients are treated. Upon doing a traceroute, it responds with the server-ipv6 address as the first hop, showing the IPv6 gateway is now the VPS, but after the first hop everything times out.
The problem is external IPv6 traffic is being blocked. I have confirmed its firewall related as dropping the firewall allows the traceroute to complete. I'm using ConfigServer Security and Firewall with both IPv4 and IPv6 parts enabled.
I'm not an expert with iptables but I tried these rules in csfpre.sh without success.
ip6tables -A FORWARD -s ROUTED/64 -i tun+ -o sit1 -j ACCEPT
ip6tables -A FORWARD -s ROUTED/48 -i tun+ -o sit1 -j ACCEPT
The ROUTED placeholders being the subnets provided by my Hurricane Electric tunnel.
I have already enabled IPv6 forwarding with:
net.ipv6.conf.all.forwarding = 1
VPS details:
- CentOS 6.6 (KVM virtualisation)
- 2.6.32 Linux Kernel
- Firewall: CSF (latest version)
The tun interface has already been excluded from CSF via ETH_DEVICE_SKIP
Network interfaces:
- OpenVPN: tun0 (routed)
- IPv6 Tunnel: sit1 (All setup and working)
- WAN: eth0 (Gateway, external interface)
Could anyone help with providing ip6tables rules that will allow IPv6 traffic originating from OpenVPN to flow through?
Aucun commentaire:
Enregistrer un commentaire