IPv6 Over IPv4, secured with OpenVPN

(Originally posted Mar 13, 2012 4:31 AM by Antti Uitto [ updated Apr 27, 2012 12:37 PM ]

In this lab we create a OpenVPN connection between two routers that are connected to IPv4-only network. We then connect two IPv6 sites via a sit tunnel that goes inside this protected connection.

You can tunnel IPv6 over IPv4 without using encrypted VPN connection (such as OpenVPN), just make the sit tunnel between the router’s public IPv4 addresses.

Network diagram:

INSTALL OPENVPN ON BOTH ROUTERS

sudo apt-get install openvpn

GIVE IPv6 ADDRESSES

example: host1

/etc/network/interfaces

iface eth0 inet6 static
pre-up modprobe ipv6
address 2001:22::2
netmask 64
gateway 2001:22::1

VPNs

Create key on router1

openvpn –genkey –secret router1-router2

Copy the key file to router2Run these from command line and place them in to /etc/rc.local to make persistent.router1
openvpn –remote 2.2.2.2 –port 1199 –dev tun199 –ifconfig 10.4.0.17 10.4.0.18 –verb 5 –secret /home/user/router1-router2

router2
openvpn –remote 1.1.1.1 –port 1199 –dev tun199 –ifconfig 10.4.0.18 10.4.0.17 –verb 5 –secret /home/user/router1-router2

SIT TUNNELS

Run these from command line and place them in to /etc/rc.local to make persistent.

router1
sudo ip tu ad sit199 mode sit local 10.4.0.17 remote 10.4.0.18 ttl 64
sudo ip ad ad dev sit199 2001:acdc::1/64
sudo ip li se dev sit199 up
sudo ip -6 ro ad 2001:33::/64 via 2001:acdc::2

router2
sudo ip tu ad sit199 mode sit local 10.4.0.18 remote 10.4.0.17 ttl 64
sudo ip ad ad dev sit199 2001:acdc::2/64
sudo ip li se dev sit199 up
sudo ip -6 ro ad 2001:22::/64 via 2001:acdc::1

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s