VPN Solution for IPv6

Hey guys,

I have been using OpenVPN-AS on my Linode now for awhile. In general, it works very well. A jailbroken iPhone will even connect to it once the appropriate client is installed.

Now I am trying to prepare for the IPv6 apocalypse. The problem with OpenVPN-AS is that it doesn't support IPv6 for the client private tunnels. It is frustrating that the AS paid solution is behind the community "free" version in that respect. It is my understanding that the free version can be patched or manipulated to make it work.

So now I am reevaluating my VPN options, and trying to find something that is better. I have looked at IPSEC, and it is, of course, a royal pain. The primary benefit of that option, to me, is that a stock iPhone, OS X box, Windows box, or Linux box would connect easily. I use all those clients on a daily basis.

Here is a wish list of what I would really like to have:

  • Native IPv6 support on the public side

  • DHCPv6 on the private side, if not DHCP, static IPv6 would work

  • Web management interface

  • x.509 certs for authentication

  • IPSEC preferred since it is "the standard" for the mobile clients

  • Incredible ease of setup/management

It's hard to imagine that there isn't an obvious solution for this in 2012. Maybe I'm just overlooking it.

All thoughts and suggestions are welcome. Thanks in advance.

  • Matt

3 Replies

Seems like this is indeed a wish list. I have decided to pursue IPSEC setup. It is definitely a pain so far. I think I am getting close though. I might post the final config once its running, if anyone is interested.

Going to look into Webmin or something like that, to see if it will cover the web interface part. DHCPv6 is still an unknown. I think I might need some custom script to do that part of it. Something that will run once IPSEC is established.

  • Matt

Hi fuzzman,

I would be interested. I use webmin/virtualmin, and Openvpn-as, but I haven't had a chance to fire up an extra node to test ipv6 with yet. IPSec does look like the only option until Openvpn has better support. SSH tunnels are the only other option on non-rooted mobile devices. I would like to be able to fire up a stock iOS or Android device and connect it with a minimum of fuss. It's just gotten bumped down the "to-do list" for the next few months.

Webmin does have some plugins available for setting up ipv6, but I haven't been able to dig into it yet. My timeline was to get some vacation time in the summer and dive in.

Thanks for trying, and wish I could be more help at this point.

So I have IPSEC set up and running. It seems to be supporting multiple (2) simultaneous iOS device connections. The struggles involved with setup were mostly minor in the end.

The next thing is to try to do automatic IPv6 configuration via 6to4 tunnels. The "radvd" application in Aptitude seems to be a possible solution for that. Preferably, the IPSEC clients would take advantage of IPV6 auto configuration via the radvd daemon. The challenge will be to see if radvd can be configured to advertise on a (private/IPSEC) ip address only, and not on an ethernet device. If the latter is required, then the autoconf stuff will be going out all over the Linode network, which is not preferred.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct