How to setup OpenVPN?

Discussion:

With No Name

2012-02-14 07:05:07 UTC

Good morning,

for some days I have encountered that i can have an IPv6 range on my
VServer at my Hoster.

Since I am on an FTTH with a fixed IP (v4) and has only IPv4 Support, I
like to do use my IPv6 space on my server at home.

So, now I do not know, how and where to start.

My Setup is:

Intenet -> FTTH -> Media-Converter -> DebianRouter -> InternalNet
(Fiber-> Eth) (Mini-ITX)

So, currently I have NAT'ed my InternelNet and setup some physical servers
using IPv4 private space.

Now I gaved my @home severs a second IP like

192.168.0.11 -> xxxx:xxxx:xxxx:xxxx:::1:11

(while ignoring the alphabetical chars) and installed OpenVPN on my
DebianRouter and on my Server at my Hoster...

OK, but how do I create a IPv6 channel from my ficxed HOME IP To the fixed
Server IP (IPv4 and/or IPv6) and then tell OpenVPN, that ::::::1:x is not
more on the Server but @home?

Question: It is better to ask on <debian-ipv6> ?

Thanks for your Time and Help
Kalhor

Alejandro Malagón Díaz

2012-02-14 13:19:17 UTC

Permalink

***************************************
Alejandro Malagón Díaz
Consultor y Administrador de Red
Casa Consultora DISAIC
Teléfono: 8783583 ext. 133
***************************************
----- Original Message -----
From: "With No Name" <***@tdwave.net>
To: <debian-***@lists.debian.org>
Sent: Tuesday, February 14, 2012 2:05 AM
Subject: [?? Probable Spam] How to setup OpenVPN?

Post by With No Name
Good morning,
for some days I have encountered that i can have an IPv6 range on my
VServer at my Hoster.
Since I am on an FTTH with a fixed IP (v4) and has only IPv4 Support, I
like to do use my IPv6 space on my server at home.
So, now I do not know, how and where to start.
Intenet -> FTTH -> Media-Converter -> DebianRouter -> InternalNet
(Fiber-> Eth) (Mini-ITX)
So, currently I have NAT'ed my InternelNet and setup some physical servers
using IPv4 private space.
192.168.0.11 -> xxxx:xxxx:xxxx:xxxx:::1:11
(while ignoring the alphabetical chars) and installed OpenVPN on my
DebianRouter and on my Server at my Hoster...
OK, but how do I create a IPv6 channel from my ficxed HOME IP To the fixed
Server IP (IPv4 and/or IPv6) and then tell OpenVPN, that ::::::1:x is not
Question: It is better to ask on <debian-ipv6> ?
Thanks for your Time and Help
Kalhor
--
with a subject of "unsubscribe". Trouble? Contact

--
To UNSUBSCRIBE, email to debian-firewall-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Archive: http://lists.debian.org/***@tiamd

Jorge Anton

2012-02-14 14:46:17 UTC

Permalink

Alejandro,

I think you're trying to "unsubscribe", with the "b".

-----Mensaje original-----
De: Alejandro Malagón Díaz [mailto:***@disaic.cu]
Enviado el: Tuesday, February 14, 2012 2:19 PM
Para: debian-***@lists.debian.org
Asunto: unsuscribe

***************************************
Alejandro Malagón Díaz
Consultor y Administrador de Red
Casa Consultora DISAIC
Teléfono: 8783583 ext. 133
***************************************
----- Original Message -----
From: "With No Name" <***@tdwave.net>
To: <debian-***@lists.debian.org>
Sent: Tuesday, February 14, 2012 2:05 AM
Subject: [?? Probable Spam] How to setup OpenVPN?

--
To UNSUBSCRIBE, email to debian-firewall-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Archive: http://lists.debian.org/5290E33BC

Stephan Balmer

2012-02-14 08:44:18 UTC

Permalink

Post by With No Name
for some days I have encountered that i can have an IPv6 range on my
VServer at my Hoster.
Since I am on an FTTH with a fixed IP (v4) and has only IPv4 Support, I
like to do use my IPv6 space on my server at home.
So, now I do not know, how and where to start.

What are your goals? Would you like to have IP6 connectivity to just
your VServer, or to the IP6 Internet? Do you want the servers in your
home network reachable from the IP6 Internet?

I'd say it would be most beneficial for you to just enable IP6 in your home
network by connecting to a tunnel broker, or by using 6to4. Then you can
connect to all IP6 hosts, including your vserver. And those hosts can connect
to your home-servers, depending on your firewall rules, of course.

The rationale for IP6 was to create another unlimited address space, like
IP4 was years ago. Getting an IP6 prefix for your home network is easy.
There's no need to recycle what you got for your vserver.

Post by With No Name
Intenet -> FTTH -> Media-Converter -> DebianRouter -> InternalNet
(Fiber-> Eth) (Mini-ITX)
So, currently I have NAT'ed my InternelNet and setup some physical servers
using IPv4 private space.
192.168.0.11 -> xxxx:xxxx:xxxx:xxxx:::1:11
(while ignoring the alphabetical chars) and installed OpenVPN on my
DebianRouter and on my Server at my Hoster...
OK, but how do I create a IPv6 channel from my ficxed HOME IP To the fixed
Server IP (IPv4 and/or IPv6) and then tell OpenVPN, that ::::::1:x is not

The only reason to do it this way would be if you wanted to have a secure
channel between your home servers and your vserver. I don't know enough
about OpenVPN to give you specific advice on this.

Still, it would be simpler to use a different IP6 prefix for your
home servers, instead of subnetting within your vserver's prefix.

Post by With No Name
Question: It is better to ask on <debian-ipv6> ?

Ask them :-)

Stephan Balmer

2012-02-14 15:55:19 UTC

Permalink

Sorry, forgot to reply to the list.

Post by Stephan Balmer
What are your goals? Would you like to have IP6 connectivity to just
your VServer, or to the IP6 Internet? Do you want the servers in your home
network reachable from the IP6 Internet?

I like to have the Servers reachable from the IPV6 internet

Then it would be inefficient to route all packets through your vserver
first. A tunnel broker will presumably have better IP6 connectivity and be
reachable in fewer hops.

Post by Stephan Balmer
I'd say it would be most beneficial for you to just enable IP6 in your
home network by connecting to a tunnel broker, or by using 6to4. Then you
can connect to all IP6 hosts, including your vserver. And those hosts can
connect to your home-servers, depending on your firewall rules, of course.

private connections over a broker which I do not know and trust.

With private connections you mean connections between your servers at home
and your vserver? That would be the classic use case for a VPN, of course.
If you mean connections between your home servers and other hosts, then
routing through your vserver won't help, assuming you trust or distrust all
network operators equally. If you specifically distrust the ISP connecting
your home network then again tunneling everything over your
vserver will help.

Post by Stephan Balmer
The rationale for IP6 was to create another unlimited address space, like
IP4 was years ago. Getting an IP6 prefix for your home network is easy.
There's no need to recycle what you got for your vserver.

How can I get native IPv6 on my home connection?

Ask your ISP. If they don't want to help you, you won't have native IP6
unless you change your ISP. You don't need native IP6 to have your servers
reachable by IP6, even though native would be the preferred option.

If I must use a broker, I can use my own IPv6 network onmy server too.

When your vserver goes down, your servers at home will not be reachable
either. A tunnel to a network operator is likely a lot more reliable than
one to your vserver.

Post by Stephan Balmer
The only reason to do it this way would be if you wanted to have a secure
channel between your home servers and your vserver. I don't know enough
about OpenVPN to give you specific advice on this.
Still, it would be simpler to use a different IP6 prefix for your
home servers, instead of subnetting within your vserver's prefix.

MAYBE, but I prepare my own enterprise which will be multihomed and I have
to learn, how to use VPN, IPSec and to route between IPv6 subnets.

If the goal is to learn, then my considerations are not all that relevant.
Now, unfortunately I don't know enough about OpenVPN to be of any help
in answering the original question.