2

I have a server that has 1 IPv4 public address and 10 public IPv6 addresses (each one /128, not in the same subnet like a /64 or /48) - I know it sounds strange but I have no control over this, it is how they were assigned by the provider. This is acting as an OpenVPN server, currently running with tun on IPv4 by doing NAT with the single public IPv4. So far so good.

I am trying now to also assign a public IPv6 address to clients. The problem is I am not sure how to do it, because all the documentation I found requires me to have a whole subnet of /64 or at least /112.

Isn't a way available that will allow me out of the 10 IPv6 addresses I have (/128) to keep one for the server, one for the tun device and 8 for clients? does -ifconfig-ipv6-pool take multiple /128 addresses or can it be used more than once in server.conf? What route should it have so client's ipv6 traffic is entirely redirected via the vpn.

skydanc3r
  • 21
  • 2
  • 3
    Get a new VPS. That sort of incompetence is inexcusable. – Michael Hampton Jul 23 '18 at 14:01
  • I suppose you could assign your 8 /128 addresses to clients manually through the client-config-dir directive in the server's config; but since the client's public ipv6 addresses would still be routed over the tunnel, I think you would be better off just creating a local /64 pool (like: server-ipv6 fd00:8000:0000:0000::/64) and then have the client's ipv6 traffic SNATed to the server's public ipv6 address. The routing table on the client would just need a default route over the tunnel: ip -6 route add default dev tun0 – cburn11 Jul 23 '18 at 14:32
  • I recommend you complain to your provider and if they won't fix their addressing you'd be better off choosing another vendor. Here is a couple of earlier questions with more detail: https://serverfault.com/q/714890/214507 and https://serverfault.com/q/684455/214507 – kasperd Jul 23 '18 at 22:04
  • Possible duplicate of [IPv6 subnetting a /64 - what will break, and how to work around it?](https://serverfault.com/questions/714890/ipv6-subnetting-a-64-what-will-break-and-how-to-work-around-it) – kasperd Jul 23 '18 at 22:05

1 Answers1

0

Probably your best bet so far is to write your own client-connect script that pushes ifconfig-ipv6 and ifconfig statement to the client. The normal code in OpenVPN assumes continious IPv4 and IPv6 ranges.

plaisthos
  • 285
  • 2
  • 7