summaryrefslogtreecommitdiff
path: root/openvpn/README.IPv6
blob: 56c97abba5dca3be46344b9bd70c123076f0f94e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
Since 2.3.0, OpenVPN officially supports IPv6, and all widely used
patches floating around for older versions have been integrated.

IPv6 payload support
--------------------

This is for "IPv6 inside OpenVPN", with server-pushed IPv6 configuration
on the client, and support for IPv6 configuration on the tun/tap interface
from within the openvpn config.

The code in 2.3.0 supersedes the IPv6 payload patches from Gert Doering,
formerly located at http://www.greenie.net/ipv6/openvpn.html


The following options have been added to handle IPv6 configuration,
analogous to their IPv4 counterparts (--server <-> --server-ipv6, etc.)

     - server-ipv6
     - ifconfig-ipv6
     - ifconfig-ipv6-pool
     - ifconfig-ipv6-push
     - route-ipv6
     - iroute-ipv6

see "man openvpn" for details how they are used.



IPv6 transport support
----------------------

This is to enable OpenVPN peers or client/servers to talk to each other
over an IPv6 network ("OpenVPN over IPv6").

The code in 2.3.0 supersedes the IPv6 transport patches from JuanJo Ciarlante,
formerly located at http://github.com/jjo/openvpn-ipv6


Use the following options to select IPv6 transport:

  --proto udp6
  --proto tcp6-client
  --proto tcp6-server
  --proto tcp6 --client / --proto tcp6 --server

On systems that permit IPv4 connections on IPv6 sockets (Linux by
default, FreeBSD and NetBSD if you turn off the "v6only" sysctl by
running "sysctl -w net.inet6.ip6.v6only=0"), an OpenVPN server can
handle IPv4 connections on the IPv6 socket as well, making it a true
dual-stacked server.

On other systems, as of 2.3.0, you need to run separate server instances
for IPv4 and IPv6.

The client side code is not really "dual-stacked" yet, as it does not
automatically try both address families when connecting to a dual-stacked
server.  For now, you can achieve this with <connection> stanzas in your
openvpn config:

  <connection>
     remote my.dual.stack.server 1194 udp6
  </connection>
  <connection>
     remote my.dual.stack.server 1194 udp
  </connection>