VPN Solution for IPv6
I have been using OpenVPN-AS on my Linode now for awhile. In general, it works very well. A jailbroken iPhone will even connect to it once the appropriate client is installed.
Now I am trying to prepare for the IPv6 apocalypse. The problem with OpenVPN-AS is that it doesn't support IPv6 for the client private tunnels. It is frustrating that the AS paid solution is behind the community "free" version in that respect. It is my understanding that the free version can be patched or manipulated to make it work.
So now I am reevaluating my VPN options, and trying to find something that is better. I have looked at IPSEC, and it is, of course, a royal pain. The primary benefit of that option, to me, is that a stock iPhone, OS X box, Windows box, or Linux box would connect easily. I use all those clients on a daily basis.
Here is a wish list of what I would really like to have:
Native IPv6 support on the public side
DHCPv6 on the private side, if not DHCP, static IPv6 would work
Web management interface
x.509 certs for authentication
IPSEC preferred since it is "the standard" for the mobile clients
Incredible ease of setup/management
It's hard to imagine that there isn't an obvious solution for this in 2012. Maybe I'm just overlooking it.
All thoughts and suggestions are welcome. Thanks in advance.
- Matt
3 Replies
Going to look into Webmin or something like that, to see if it will cover the web interface part. DHCPv6 is still an unknown. I think I might need some custom script to do that part of it. Something that will run once IPSEC is established.
- Matt
I would be interested. I use webmin/virtualmin, and Openvpn-as, but I haven't had a chance to fire up an extra node to test ipv6 with yet. IPSec does look like the only option until Openvpn has better support. SSH tunnels are the only other option on non-rooted mobile devices. I would like to be able to fire up a stock iOS or Android device and connect it with a minimum of fuss. It's just gotten bumped down the "to-do list" for the next few months.
Webmin does have some plugins available for setting up ipv6, but I haven't been able to dig into it yet. My timeline was to get some vacation time in the summer and dive in.
Thanks for trying, and wish I could be more help at this point.
The next thing is to try to do automatic IPv6 configuration via 6to4 tunnels. The "radvd" application in Aptitude seems to be a possible solution for that. Preferably, the IPSEC clients would take advantage of IPV6 auto configuration via the radvd daemon. The challenge will be to see if radvd can be configured to advertise on a (private/IPSEC) ip address only, and not on an ethernet device. If the latter is required, then the autoconf stuff will be going out all over the Linode network, which is not preferred.