GalaxyData Community

IPv6 OpenVPN

«`

echo "net.ipv6.conf.all.forwarding = 1" >> /etc/sysctl.conf
sysctl -p

 

«`
add

nano /etc/openvpn/server.conf

 

 

#IPv6 config
server-ipv6 fd6c:62d9:eb8c::/112
proto udp6
tun-ipv6
push tun-ipv6
push "route-ipv6 2000::/3"
push "redirect-gateway ipv6"

 

 

`systemctl restart openvpn@server.service`

ADD IP6TABLES

rm /etc/sysconfig/ip6tables

 

edit

nano /etc/sysconfig/ip6tables

 

ADD

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:XL-Firewall-1-INPUT - [0:0]
-A INPUT -j XL-Firewall-1-INPUT
-A FORWARD -j XL-Firewall-1-INPUT
-A XL-Firewall-1-INPUT -i lo -j ACCEPT
-A XL-Firewall-1-INPUT -p icmpv6 -j ACCEPT
-A XL-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A XL-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 1194 -j ACCEPT
-A XL-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A XL-Firewall-1-INPUT -i tun+ -j ACCEPT
-A XL-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited
COMMIT
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s fd6c:62d9:eb8c::/112 -j MASQUERADE
COMMIT

 

systemctl restart ip6tables

 

Exit mobile version