[[TOC(depth=3)]] = IPv6 in OpenVPN = This page describes IPv6 support in OpenVPN. == Overview == Starting officially in the 2.3.0 release, OpenVPN supports IPv6 inside the tunnel, and can optionally be configured with IPv6 as a transport protocol for the tunneled data. There were some unofficial developer patches for the 2.2.x series that added partial IPv6 support (Debian in particular chose to integrate these patches into some of their builds.) == Providing IPv6 inside the tunnel == This section walks through providing IPv6 connectivity inside the tunnel; this will discuss a routed setup; a bridged (dev tap) setup is not recommended in general, and users doing so are presumably advanced enough to know what they're doing. === Requirements === A few things must be met in order to use IPv6: * An existing and functional OpenVPN configuration (use the official howto if you don't yet have this.) * A routed IPv6 network block that will reach the host configured as the OpenVPN server * Both client and server must support IPv6; most modern systems these-days include this support already === Details: IPv6 routed block === In a routed setup, you cannot use your on-link network; you '''must''' use a unique routed network range, just like when routing with IPv4. Most ISPs should have a facility to obtain a routed block on request, or sometimes provided as part of DHCPv6-PD; these concepts are outside the scope of this document. Speak to your ISP or use other IPv6 learning resources for further information. It is recommended to use a /64 for your OpenVPN subnet. While OpenVPN can happily use smaller networks (such as a /112) this is not compatible with the 2.2.x dev-patches that f.ex Debian uses. Thus a /64 is the preferred choice for an OpenVPN IPv6 allocation. In this document, we'll assume you have the following from the OpenVPN server's viewpoint: * The OpenVPN server has an IPv6 IP of 2001:db8:abc::100/64 on its LAN interface * The following block is routed to the OpenVPN server host: 2001:db8:123::/64 === Additional OpenVPN config === There are 2 ways to add IPv6 addressing and pool options, similar to what OpenVPn supports for IPv4: using a helper-directive, and by expanding the helper-directive. The expansion is required if you do not wish to use the automatic values the helper-directive supplies. ==== Config stanza using the helper ==== Add the following to a functioning OpenVPN config: {{{ server-ipv6 2001:db8:123::/64 }}} ==== Config stanza with expanded directives ==== Add the following to a functioning OpenVPN config: {{{ tun-ipv6 push tun-ipv6 ifconfig-ipv6 2001:db8:123::1/64 2001:db8:123::0/64 ifconfig-ipv6-pool 2001:db8:123::101/64 }}}