I’m hoping someone here can help me get any further with this problem. I’ve tried a lot myself, asked on various subreddits and tried some other forums. I did make progress but it’s still not functioning, so I thought I’d try here.
I have Pi-hole setup with PiVPN, using the dual setup from the Pi-hole docs where it pushes my home network through when I am at home.
I have IPv6 acces at home on my network and it works flawless without the VPN, but I can’t get IPv6 to work on the VPN.
I forwarded a /64 to my RPi from my router using a static route (like this). The route goes from 2001:xxx:xxxx:xxxx:: (my public IPv6 address with 4 characters added) to the link-local address from the RPi (the address that started with fe80).
Right now my laptop gets an IPv6 address from the range when it’s on the VPN een IPv6, and I can ping6 the RPi from the laptop. I can also ping6 the laptop on that address from the RPi. But the laptop can’t ping6 the router, and online tests tell me IPv6 is not working.
I didn’t edit the client.conf files, because I followed these instructions: https://blog.apnic.net/2017/06/09/using-openvpn-ipv6/ and edited my server.conf file. I believe it’s not needed to edit the client.conf files for that. Please tell me if I’m mistaken.
Here’s my server.conf:
dev tun tun-ipv6 push tun-ipv6 proto tcp port 443 ca /etc/openvpn/easy-rsa/pki/ca.crt cert /etc/openvpn/easy-rsa/pki/issued/server_alI.crt key /etc/openvpn/easy-rsa/pki/private/server_alI.key dh none ecdh-curve secp384r1 topology subnet server 10.8.0.0 255.255.255.0 server-ipv6 2001:xxx:xxxx:xxxx::/64 # Set your primary domain name server address for clients push "route 192.168.178.0 255.255.255.0" push "route-ipv6 2000::/3" push "dhcp-option DNS 192.168.178.20" ifconfig-ipv6 2001:xxx:xxxx:xxxx::1 2001:xxx:xxxx:xxxx::2 # Prevent DNS leaks on Windows push "block-outside-dns" # Override the Client default gateway by using 0.0.0.0/1 and # 18.104.22.168/1 rather than 0.0.0.0/0. This has the benefit of # overriding but not wiping out the original default gateway. push "redirect-gateway def1" client-to-client keepalive 1800 3600 remote-cert-tls client tls-version-min 1.2 tls-crypt /etc/openvpn/easy-rsa/pki/ta.key cipher AES-256-CBC auth SHA256 compress lz4 user nobody group nogroup persist-key persist-tun crl-verify /etc/openvpn/crl.pem status /var/log/openvpn-status.log 20 status-version 3 syslog verb 3 #DuplicateCNs allow access control on a less-granular, per user basis. #Remove # if you will manage access by user instead of device. #duplicate-cn # Generated for use by PiVPN.io
In /etc/sysctl.conf I added the following two lines:
I tried different firewall rules but they don’t seem to make any difference. Currently I don’t have any firewall rules set up, but the PiVPN sets up iptables persistent like this:
# Generated by iptables-save v1.6.0 on Wed Aug 22 10:31:31 2018 *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [1:218] :POSTROUTING ACCEPT [1:218] -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE COMMIT # Completed on Wed Aug 22 10:31:31 2018 # Generated by iptables-save v1.6.0 on Wed Aug 22 10:31:31 2018 *filter :INPUT ACCEPT [749:745386] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [855:85124] COMMIT
The ip6tables are still empty:
# Generated by ip6tables-save v1.6.0 on Wed Aug 22 10:31:31 2018 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT
If anyone has anything that can help me out, please help me!
I think maybe it’s the ip6 firewall settings or something in my server.conf.