-
Notifications
You must be signed in to change notification settings - Fork 464
ipv6 VPN
Yancey Wang edited this page Nov 5, 2023
·
4 revisions
tinyfecVPN supports ipv6 inside vpn natively,just it doesnt allocate a ipv6 adress by default.
assume you have already set up a tinyfecVPN connection:
#server side
./tinyvpn -s -l 0.0.0.0:30000 --sub-net 10.0.2.0 --tun-dev tun100
#client side
tinyvpn_mips24kc_be -c -r44.55.66.77:3000 --sub-net 10.0.2.0 --tun-dev tun100
In this article, we will setup an ipv6 nat mode vpn as example, and redirects all ipv6 traffic by defualt. To setup a non-NAT ipv6 VPN, see this article.
ip -6 addr add fd48::1/64 dev tun100
sysctl -w net.ipv6.conf.all.forwarding=1
ip6tables -t nat -A POSTROUTING -s fd48::0/64 ! -d fd48::0/64 -j MASQUERADE #make sure you have ip6tables install and your kernel supports ipv6 nat
ip -6 addr add fd48::2/64 dev tun100
ip -6 route add default via fd48::1
Maybe you also need this at server side or both sides
ip6tables -I INPUT -p ipv6-icmp -j ACCEPT
ip6tables -I OUTPUT -p ipv6-icmp -j ACCEPT
ip6tables -I FORWARD -p ipv6-icmp -j ACCEPT
Now you can get a score of 10/10 from test-ipv6.com
Just use ipv6 addresses,example:
#server side
./tinyvpn -s -l [::]:30000 --sub-net 10.0.2.0 --tun-dev tun100
#client side
tinyvpn_mips24kc_be -c -r[2607:8700:aabb:ccdd::1]:3000 --sub-net 10.0.2.0 --tun-dev tun100
For old version of tinyfecVPN which doesnt support ipv6, with the help of a 6to4/4to6 tunnel you can connect via ipv6 easily, the process is easy but trival to explain. (socat,tinyportMapper,udp2raw and UDPspeeder all support 6to4/4to6 tunnel)