qupfer
By:
qupfer

Route IPv6 through DigitalOcean VPN Server

May 1, 2015 1.9k views
VPN

I set up a Server, which will I use mostly as "US" gateway ;)

On Server Side, I have two interfaces. eth0 & tapsoft.
eth0 has the given IPv6 address 2604:[...]:8001.
I set manual to tap
soft the address: 2604:[...]:8002.

I also set manual the client-IP to 2604:[...]:8003.

The VPN is Layer2 based and I can ping 2604:[...]:8002 from my client, but ether 2604:[...]:8001 or any public ipv6 addresslike google (tried 8001 and 8002 as gateway)
I have enabled "net.ipv6.conf.all.forwarding=1" in sysctl.conf.
I think the problem is the "step" from the tap-device to eth0. For IPv4 I use iptables and SNAT. But I don't want to nat ipv6, if I have enough addresses. (and yes, 16 addresses are enough for me^^)

Any Ideas or even better: solutions? Thanks

3 comments
  • +1 desperate to figure this out, too! i can't even seem to ping my tap (8002) interface from outside. it is definitely an issue "bridging" the ipv6 traffic that only seems to want to hit eth0!

  • +1 got the same problem. Any solutions yet? Maybe one has to set a route?

  • Sounds familiar. I think the problem is that your VPN segment is not bridged with eth0 for NDP to work (which is good and I do not recommend to do such bridging). To overcome that you have to configure NDP proxy for all IPv6 addresses that are used in the VPN segment:
    # ip -6 neigh add proxy 2a03:b0c0:2::xxxx dev eth0
    with xxxx going from 8002 to 800f, 14 commands total. Update the prefix to suit your assignment.

1 Answer

This question was answered by @martinb738fb511:

Sounds familiar. I think the problem is that your VPN segment is not bridged with eth0 for NDP to work (which is good and I do not recommend to do such bridging). To overcome that you have to configure NDP proxy for all IPv6 addresses that are used in the VPN segment:

ip -6 neigh add proxy 2a03:b0c0:2::xxxx dev eth0

with xxxx going from 8002 to 800f, 14 commands total. Update the prefix to suit your assignment.

View the original comment

Have another answer? Share your knowledge.