sysop84
By:
sysop84

For setting up OpenVPN IPv6 server: requires DHCPv6-PD

April 13, 2017 734 views
IPv6 Ubuntu 16.04

I am trying to determine if my droplet has been assigned an IPv6 'routed block'. The requirement for this is /64 and, all I am able to determine from my configuration is that my range of configurable addresses is from f000 to f00f which seems to be not quite /64. Although, I openly admit that I know hardly anything about IPv6 except that I need this block in order to properly configure an IPv6 OpenVPN server (according to https://community.openvpn.net/openvpn/wiki/IPv6 and http://www.tecmint.com/install-openvpn-in-debian/comment-page-1/#comment-883314). The first page clearly mentions the term "DHCPv6-PD" as though everyone in the world knows it, but I can't find any association with DO on this one.

The problem is, because I am so confused about IPv6, I don't even know how to properly formulate my question. I know that I need this assignment block, but it isn't clear to me if I have been assigned a block that fits this criteria when I enabled the IPv6 on the Droplet nor do I see any references on DO's site on how to request or obtain said block.

Thanks for direction and I apologize for being so clearly vague.

1 Answer

I tried a long time ago to get OpenVPN setup, finally gave up and looked for a easier solution which might not give me so much grief:

https://pritunl.com/

Free, built it out numerous times for myself and others, I don't have a direct need for IPv6, but it supports it, and I know you can check the box for deployment of it on DO, and they have a quick deploy script, may be worth a look. Rock solid and does the job.

  • This is good information and something I'll definitely look into.

    At this point, I have OpenVPN working very well and it has been for a long time. However, any clients whose ISPs support IPv6, these packets, when connected to IPv6-specific websites, do not go through the VPN (and they wouldn't on any VPN not configured to support IPv6). One option is to disable IPv6 on the computer while connected to the VPN. But this is not a long-term solution. My point is this: it doesn't matter what service is used; this will be a problem unless it is specifically dealt with.

    This leads me to this thought: I am baffled that I don't see anything obvious in DO's documentation that discusses how to secure IPv6 routed block services and why aren't people all over this particular VPN leak?

    • Honestly, I couldn't say - have you tried opening a ticket to ask? The community is great and all, but not always closely monitored by staff to cover tech issues/concerns.

Have another answer? Share your knowledge.