Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
1 droplets with web app, 2 office building, some phones and VPN? Question Question
Is tun/tap are activated? Question Question

Question

Route IPv6 through DigitalOcean VPN Server

Posted May 1, 2015 5.1k views
VPN

I set up a Server, which will I use mostly as “US” gateway ;)

On Server Side, I have two interfaces. eth0 & tapsoft.
eth0 has the given IPv6 address 2604:[…]:8001.
I set manual to tapsoft the address: 2604:[…]:8002.

I also set manual the client-IP to 2604:[…]:8003.

The VPN is Layer2 based and I can ping 2604:[…]:8002 from my client, but ether 2604:[…]:8001 or any public ipv6 addresslike google (tried 8001 and 8002 as gateway)
I have enabled “net.ipv6.conf.all.forwarding=1” in sysctl.conf.
I think the problem is the “step” from the tap-device to eth0. For IPv4 I use iptables and SNAT. But I don’t want to nat ipv6, if I have enough addresses. (and yes, 16 addresses are enough for me^^)

Any Ideas or even better: solutions? Thanks

Add a comment
qupfer
By:
qupfer

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
1 droplets with web app, 2 office building, some phones and VPN? Question Question
Is tun/tap are activated? Question Question
Add a comment
3 comments
  • mralexgray October 8, 2015
    Reply Report

    +1 desperate to figure this out, too! i can’t even seem to ping my tap (8002) interface from outside. it is definitely an issue “bridging” the ipv6 traffic that only seems to want to hit eth0!

  • tehdartherer November 29, 2015
    Reply Report

    +1 got the same problem. Any solutions yet? Maybe one has to set a route?

  • martinb738fb511 March 11, 2016
    Reply Report

    Sounds familiar. I think the problem is that your VPN segment is not bridged with eth0 for NDP to work (which is good and I do not recommend to do such bridging). To overcome that you have to configure NDP proxy for all IPv6 addresses that are used in the VPN segment:
    # ip -6 neigh add proxy 2a03:b0c0:2::xxxx dev eth0
    with xxxx going from 8002 to 800f, 14 commands total. Update the prefix to suit your assignment.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
ryanpq June 9, 2016

This question was answered by @martinb738fb511:

Sounds familiar. I think the problem is that your VPN segment is not bridged with eth0 for NDP to work (which is good and I do not recommend to do such bridging). To overcome that you have to configure NDP proxy for all IPv6 addresses that are used in the VPN segment:

ip -6 neigh add proxy 2a03:b0c0:2::xxxx dev eth0

with xxxx going from 8002 to 800f, 14 commands total. Update the prefix to suit your assignment.

View the original comment

Reply Report

Related

Looking for something else?

Ask a new question Search for more help