I have a Ubiquiti EdgeRouter X that works perfectly with both IPv4 and IPv6 from my ISP. Recently I’ve installed an OpenVPN client and I currently have IPv4 traffic going over the VPN.
I’m still wanting to support IPv6 but in a way that allows it to travel over the VPN. The VPN itself only supports connecting via IPv4 but does support IPv6 through the tunnel.
How can I configure the EdgeRouter X to do this?
For what it’s worth, here’s what I used to get IPv4 working:
set interfaces openvpn vtun0 config-file /config/auth/vpn-client.ovpn
set interfaces openvpn vtun0 description 'OpenVPN Client'
set service nat rule 5000 description 'OpenVPN Access'
set service nat rule 5000 log disable
set service nat rule 5000 outbound-interface vtun0
set service nat rule 5000 source address 192.168.143.0/24
set service nat rule 5000 type masquerade
set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0
set firewall modify openvpn_route rule 10 description 'OpenVPN'
set firewall modify openvpn_route rule 10 source address 192.168.143.0/24
set firewall modify openvpn_route rule 10 modify table 1
set interfaces switch switch0 firewall in modify openvpn_route
You must log in or register to comment.
Are you wanting to source an IPv6 address from your ISP to your client through the tunnel? Or are you wanting to set up a private IPv6 subnet that routes to the Internet through your switch? Does IPv6 even support private subnets and NAT?
If the former, it should be doable if you can forward the DHCP to the ISP I would imagine? Or can you request multiple subnets from your ISP and dedicate one to the internal VPN?
I’m not sure which this falls into: instead of LAN clients receiving the IPv6 router advertisement and addresses from the ISP, I’d rather they receive them from inside the VPN tunnel itself.
Sadly the VPN server doesn’t have an IPv6 address to connect to but it does support IPv6 going through the tunnel.
Basically I’m connecting to the VPN server via IPv4 but want to route IPv6 through the tunnel.
- Configure your router to request two IPv6 subnets from ISP.
- Set one subnet for local use, set second subnet for serving to inside VPN tunnel clients
- Configure VPN listening protocol to proto udp to listen on IPv4 and server-ipv6 to assign IPv6 to inside tunnel IPs.
Never done that before but should be possible.
So after working on this for hours and even using ChatGPT to help me out I realized the VPN provider only supports IPv6 over WireGuard.
it does support IPv6 going through the tunnel.
How?
I might be explaining this poorly, so here’s the documentation from the VPN provider. https://www.ivpn.net/knowledgebase/general/do-you-support-ipv6/
the question is which method for getting IPv6 addresses they support. Is it router advertisements / SLAAC or DHCPv6? You can configure your EdgeRouter accordingly.
