Install OpenVPN with IPv6 on Ubuntu

This article gives out the process of install OpenVPN with IPv6, and to be more specific, it will foucus on the difference with the Ubuntu official document about OpenVPN installation [1]. Before start, You need to check whether your server has IPv6 address. And if you are looking for tips about OpenVPN both with IPv4 and IPv6, you are supposed to read another post about 《OpenVPN both with IPv4 and IPv6》.

Currently the lastest stable version of OpenVPN is 2.2.2 and for Ubuntu repo is still 2.2.1, both of them are only IPv4 supported. But thankfully the 2.3 version which supports IPv6 is already in RC stage and there is an official apt repo [2] so that we can achieve it easily.

Most of commands need superuser privilege, so just use root to make everything easy.

1) Install OpenVPN 2.3_rc1 (Both on server and client)

Note that we install easy-rsa more than openvpn only because easy-rsa examples used to be in OpenVPN doc directory never exist in OpenVPN 2.3_rc1.

2) Generate Certificate Authority

Note that the location of easy-rsa directory has changed.

Edit the “vars” file by vim or nano or something else (I will use vim for following examples), be sure to change following variables:

Note that there are two duplicate KEY_EMAIL, feel free to delete one. All these variables are required when building all crts and keys, make sure to change it which will make them as default value so that you can press Enter all the way.

3) Generate Server Certificates

4) Generate tls auth key (Add more security to OpenVPN port)

5) Server Configuration

Following is the change list by the default configure file. “A -> B # C” meaning change A to B, while C is the comment for more easy reading and you can just ignore it.

6) iptables Configuration

This will be a new file and you should press following in it.

After saving the file you need to make it executeable.

All following listings are commented in default configure file, just uncomment them.

Note that the important difference is here. which make IP forward also work for IPv6. the parameter is different from IPv4, but fortunately it has been already listed in default configure file. At last, just make all related restart.

Now the server side should be working, a simple confirmation is to check whether tun0 or tun1 exists in ifconfig, then let’s go for clients.

7) Generate Client Certificates

8) Client Configuration
Following are needed files for client, be careful to download them by scp or something else from server. And this is the last thing you need to do on the server. all things left should be done on the cliet besides step 1). Make sure to copy all needed files under the /etc/openvpn/ so that you can run it as daemon easily.

Copy the default client configure file to /etc/openvpn/

Following is the change list by the default configure file. Just the same with Server Configuration in step 5)

9) Confirmation
Now you can just start the openvpn by

if you can ping 10.8.0.1 successfully then everything should be ok. after that you can make it working as daemon by

10) Reference:
[1] https://help.ubuntu.com/12.04/serverguide/openvpn.html
[2] https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos
[3] http://www.vpser.net/build/linode-install-openvpn.html

2 thoughts on “Install OpenVPN with IPv6 on Ubuntu”

Leave a Reply