为了玩耍和学习,我设置了一个 OpenVPN 服务器。我目前连接到一个没有 IPv6 的网络。因此,我想通过 VPN 路由所有 IPv6 流量。有了 IPv4 和 iptables-Masquerading,这已经运行得很好了。
现在讨论 IPv6:我在网络内设置了 IPv6。我能够在网络内的客户端和服务器之间建立连接和 ping(ping6)。
服务器内核的转发功能已激活。服务器与外部具有 IPv6 连接。
我尝试过这样的设置:
push "route-ipv6 2000::/3"
和
push "route-ipv6 <my IPv6>"
如果我想 ping“外部”的某个地址:
ping6 ipv6.google.com
connect: Network is unreachable
即使我使用“-I tun2”设置了正确的接口。(只是为了确保它不会尝试使用其他接口)
现在我的配置和设置:
客户端的IP:
inet6 addr: fdee:dead:b0b::1000/64
服务器IP:
inet6 addr: fdee:dead:b0b::1/64
服务器配置:
port 443
proto udp
proto udp6
dev tun
tun-ipv6
ca ca.crt
cert server.crt
key server.key
dh dh4096.pem
auth SHA512
server 10.0.0.0 255.255.255.0
server-ipv6 fdee:dead:b0b::/64
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.0.0.1"
client-to-client
keepalive 10 60
tls-auth ta.key 0
cipher AES-256-CBC
comp-lzo
max-clients 3
user nobody
group nogroup
persist-key
persist-tun
log-append openvpn.log
verb 4
nice -19
这是我的关于转发的内核设置:
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.venet0.forwarding = 1
net.ipv4.conf.venet0.mc_forwarding = 0
net.ipv4.conf.tun0.forwarding = 1
net.ipv4.conf.tun0.mc_forwarding = 0
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.mc_forwarding = 0
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.default.mc_forwarding = 0
net.ipv6.conf.lo.forwarding = 1
net.ipv6.conf.lo.mc_forwarding = 0
net.ipv6.conf.venet0.forwarding = 1
net.ipv6.conf.venet0.mc_forwarding = 0
net.ipv6.conf.tun0.forwarding = 1
net.ipv6.conf.tun0.mc_forwarding = 0
如果有人能给我指明正确的方向我将不胜感激。