It is indeed possible to use OpenVPN for tunnelling IPv6 traffic. OpenVPN’s packets work at the transport layer, while the packets for the traditional 6in4 tunnel work at the Internet layer. OpenVPN works at a higher level. For a 6in4 tunnel to work, your router needs to be able to route IP packet with the IP protocol header of 41. This may not always happen, your router may not support that, or perhaps the administrators have configured the network to drop such packet. However OpenVPN will work as long as you can still send out TCP or UDP packets.
The basic idea is to use OpenVPN in TAP mode, and use that to forward IPv6 packets. TAP mode operates in the link layer (layer 2), so it won’t care about the data that gets transported in (layer 3). IPv6 is a basically a network layer protocol.
So let’s get started. I assume you are using a Debian based distribution.
Setting up the Ethernet Bridge
First you need to install uml-utilities and bridge-utils. Then create a network bridge with a TAP adapter. Of course you can add in more adapters to the bridge if you want. You can do this by configuring your /etc/network/interface, for example:
iface br0 inet static
pre-up /usr/sbin/tunctl -t tap0
iface br0 inet6 static
Note, the bridge’s IPv4 address will be OpenVPN server’s address. You can only configure OpenVPN to assign IPv4 address within the range specify by the network mask of the bridge. Note that you might not need to configure IPv4 settings for this OpenVPN tunnel, however I haven’t tried it yet. Sometimes OpenVPN clients don’t bring up the TAP virtual adapter if you don’t supply IPv4 settings.
Setting up the OpenVPN Server
You can set up OpenVPN by following this tutorial. You need to set up OpenVPN in bridge mode. You need to specify the virtual adapter as the one you use in the bridge, in our case: tap0. You need to use the “server-bridge” directive rather than the “server” directive, as you are creating bridging mode OpenVPN. In our example, the “server-bridge” line looks like this:
server-bridge 10.10.4.1 255.255.255.0 10.10.4.2 10.10.4.254
For more information on OpenVPN’s configuration, please refer to its manual.
Setting up the IPv6 router
Then follow you need to follow this tutorial to get IPv6 connectivity for your server. The interface for LAN adapter is br0, rather than eth-lan in the tutorial.
I haven’t managed to make the whole thing to work purely using stateless autoconfiguration via Neighbour Discovery Protocol with radvd. I use a DHCPv6 server to assign IPv6 addresses and push the DNS server information. You need to add the following flags in the “interface” section of radvd.conf:
More information is available in radvd.conf’s manual page.
For the DHCPv6 server, I use the package wide-dhcpv6-server. It is fairly straightforward to configure. Please refer to its manual page for more information.
More examples of radvd configuration or DHCPv6 server configuration are available at here.
If you have Windows 7, you simply need to use your OpenVPN client to connect to the server. You need to enable IPv6 on the virtual adapter that OpenVPN uses. You simply need to configure the adapter to use DHCP to get its configuration.
If you have Debian-based Linux distribution and you configured .conf files at /etc/openvpn, you need to get the DHCP client to configure IPv6 on the TAP interface. Assuming tap0 is the virtual adapter OpenVPN uses, you can run the following as the root:
dhclient -6 tap0
I suppose you could run this automatically by specifying the “up” directive in your .conf file.