0

I have a setup of a laptop connected to a cellular IPv4 network (3G usb dongle) and PC connected to another IPv4/IPv6 network. Both have been configured to run as IPv6 routers and each has its IPv6 network.

The laptop connects to the Internet via the 3G network with IPv4 address (private one and it is mostly changing) on one interface and has the other interface on AP mode providing its own private IPv6 network (2001:db8:444::/64). The PC connects to the Internet via the organization network with both public IPv4 and IPv6 addresses on one interface and has the other interface on AP mode providing its own private IPv6 network (2001:db8:222::/64). Both running Linux Ubuntu.

Is it possible to get the two IPv6 network (2001:db8:222::/64 and 2001:db8:444::/64) to communicate over the IPv4 Internet?

Is openvpn of any good in this case to get IPv6 traffic over IPv4-IPv4 tunnel?

Thanks for helping in advance

Improve this question
3
  • Yes it is possible. You will need to encapsulate the IPv6 packets in IPv4 packets in conjuction with a tunnel.
    – Hennes
    Commented Aug 25, 2014 at 5:45
  • Great, so any idea on how to achieve that in Linux
    – user361283
    Commented Aug 25, 2014 at 6:20
  • 1
    Duplicate of serverfault.com/questions/623732/…
    – Hennes
    Commented Aug 25, 2014 at 7:48

1 Answer 1

Reset to default
0

The easiest method would be to set up a VPN over IPv4 – for example, OpenVPN in 'tap' (L2) mode.

  • On site 1 (organization):

    # /etc/openvpn/<site2>.conf
port 22
float

secret /etc/private/openvpn-<site1>-<site2>.key
dev tap-<site2>
route-up /etc/openvpn/<site2>-configure.sh
script-security 2

    # /etc/openvpn/<site2>.sh
ip link set $dev up
ip addr add 2001:db8:111::1/64 dev $dev
ip route add 2001:db8:222::/64 dev $dev
(optional) ip route add ::/0 dev $dev

  • On site 2 (laptop), practically the same:

    # /etc/openvpn/<site1>.conf
remote <site1>-server.example.com 22
nobind

secret /etc/private/openvpn-<site1>-<site2>.key
dev tap-<site1>
route-up /etc/openvpn/<site1>-configure.sh
script-security 2

    # /etc/openvpn/<site1>-configure.sh
ip link set $dev up
ip addr add 2001:db8:222::1/64 dev $dev
ip route add 2001:db8:111::/64 dev $dev

Use openvpn --genkey --secret /etc/private/openvpn-site2.key to create the encryption key on your laptop, then copy it to the org. This setup only works for single-client connections, but is very simple to configure, without having to deal with TLS certificates.

If both peers had static IP addresses, you could use the built-in Linux IP-in-IP tunnel features.

The technically simplest method would be an IPv6-over-v4 tunnel, the exact same type as used by various IPv6 tunnel brokers – just with a more specific route.

ip tunnel add tunnel-site2 mode sit local <local-ipv4> remote <remote-ipv4>

Another type is a GRE tunnel, the kind used by PPTP. The syntax is the same, just with mode gre.

Once you have a tunnel interface, you can assign it an IPv6 address and/or configure routes.

Unfortunately, they have no option to deal with dynamically changing client IP addresses.

Improve this answer
1
  • I have followed the same steps you have explained to create a VPN over ipv4 using OpenVPN tap mode but I could not ping the network connected to the server = 2001:db8:222::1 from the client (the laptop). it reports that address is unreachable as it send neighbour solicitation message but it gets no reply.
    – user361283
    Commented Aug 25, 2014 at 19:56

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .