Documenting settings to get IPv6 setup within the configuration for OpenVPN, plus forwarding all IPv6 traffic through the VPN. This has no explanation of how you obtain IPv6 address prefixes frrom your ISP or how it works differently from IPv4, just simply how to get it working within OpenVPN. Will update if needed.
IPv6 Forwarding setup on Linux server within /etc/sysctl.conf, add the following lines, replace eth0 with your LAN interface: https://www.fmp.com/v6_over_openvpn.html
net.ipv6.conf.eth0.accept_ra=0 net.ipv6.conf.all.forwarding=1
OpenVPN Settings with the configuration file, in addition to the settings that are already there: https://community.hetzner.com/tutorials/install-and-configure-openvpn-on-ubuntu-and-debian | https://openoffice.nl/2018/03/01/ipv6-openvpn-part1/#:~:text=To%20provide%20openvpn%20clients%20with,routed%20through%20the%20OpenVPN%20Tunnel
proto udp6 tun-ipv6 push tun-ipv6 server-ipv6 2800:XXXX:XXX:XXXX:X::/110 ifconfig-ipv6 2800:XXXX:XXX:XXXX:X::1 2800:XXXX:XXX:XXXX:X::2 push "route-ipv6 ::/0" push "route-metric 2000" push "redirect-gateway ipv6"
To allow IPv6 to forward properly across the VPN, these IPv6 firewall rules must be added, I performed this within Webmin: https://unix.stackexchange.com/questions/311699/openvpn-ipv6-route-traffic-through-server
ip6tables -I FORWARD -i tun0 -o eth0 -s 2800:XXXX:XXX:XXXX:X::/110 -m conntrack --ctstate NEW -j ACCEPTip6tables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPTip6tables -t nat -I POSTROUTING -o eth0 -s 2800:XXXX:XXX:XXXX:X::/110 -j MASQUERADE
Leave a Reply