Hallo,
Bekomme beim Versuch einen Openvpn server zu installieren, mit dem ich dann über meinen vserver ins ipv6 netzwerk gelangen kann (Jeder client bekommt eine ipv6 aus meinem subnet). Bekomme es allerdings leider nicht so hin wie gewünscht
Server config:
port 1195
proto udp
dev tun
tun-ipv6
push tun-ipv6
client-to-client
sndbuf 0
client-to-client
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
server-ipv6 2a03:4000:10:50f:80::/112
topology subnet
push "route-ipv6 2a03:4000:10:50f::/64"
push "route-ipv6 2000::/3"
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "redirect-gateway ipv6"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user vpn
group vpn
persist-key
persist-tun
status openvpn-status.log
verb 4
crl-verify crl.pem
script-security 2
client-connect "/usr/bin/sudo -u root /etc/openvpn/server-clientconnect.sh"
client-disconnect "/usr/bin/sudo -u root /etc/openvpn/server-clientdisconnect.sh"
client-config-dir /etc/openvpn/ccd
status openvpn-status.log
client cfg:
ifconfig-push 10.8.0.101 255.255.255.0
ifconfig-ipv6-push 2a03:4000:10:50f:80::1001/112 2a03:4000:10:50f:80::1
client disconnect.sh:
#!/bin/sh
# Check client variables
if [ -z "$ifconfig_pool_remote_ip" ] [ -z "$common_name" ]; then
echo "Missing environment variable."
exit 1
fi
# Load server variables
. /etc/openvpn/variables
ipv6=""
# Find out if there is a specific config with fixed IPv6 for this client
if [ -f "/etc/openvpn/ccd/$common_name" ]; then
# Get fixed IPv6 from client config file
ipv6=$(sed -nr 's/^.*ifconfig-ipv6-push[ \t]+([0-9a-fA-F\\:]+).*$/\1/p' "/etc/openvpn/ccd/$common_name")
fi
# Get IPv6 from IPv4
if [ -z "$ipv6" ]; then
ipp=$(echo "$ifconfig_pool_remote_ip" | cut -d. -f4)
if ! [ "$ipp" -ge 2 -a "$ipp" -le 254 ] 2>/dev/null; then
echo "Invalid IPv4 part."
exit 1
fi
hexipp=$(printf '%x' $ipp)
ipv6="$prefix$hexipp"
fi
# Delete proxy rule
/sbin/ip -6 neigh del proxy $ipv6 dev ens3
client connect.sh:
#!/bin/sh
# Check client variables
if [ -z "$ifconfig_pool_remote_ip" ] [ -z "$common_name" ]; then
echo "Missing environment variable."
exit 1
fi
# Load server variables
. /etc/openvpn/variables
ipv6=""
# Find out if there is a specific config with fixed IPv6 for this client
if [ -f "/etc/openvpn/ccd/$common_name" ]; then
# Get fixed IPv6 from client config file
ipv6=$(sed -nr 's/^.*ifconfig-ipv6-push[ \t]+([0-9a-fA-F\\:]+).*$/\1/p' "/etc/openvpn/ccd/$common_name")
fi
# Get IPv6 from IPv4
if [ -z "$ipv6" ]; then
ipp=$(echo "$ifconfig_pool_remote_ip" | cut -d. -f4)
if ! [ "$ipp" -ge 2 -a "$ipp" -le 254 ] 2>/dev/null; then
echo "Invalid IPv4 part."
exit 1
fi
hexipp=$(printf '%x' $ipp)
ipv6="$prefix$hexipp"
fi
# Create proxy rule
/sbin/ip -6 neigh add proxy $ipv6 dev ens3
trotzdem wird keine Route erstellt, sodass ich nur über ipv4 ins internet komme
Was sagt Openvpn live dazu?:
Tue Jan 2 01:04:16 2018 us=655838 flo/89.15.137.63:48263 Data Channel MTU parms [ L:1550 D:1450 EF:50 EB:406 ET:0 EL:3 ]
Tue Jan 2 01:04:16 2018 us=655910 flo/89.15.137.63:48263 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jan 2 01:04:16 2018 us=655917 flo/89.15.137.63:48263 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jan 2 01:04:16 2018 us=719437 flo/89.15.137.63:48263 MULTI: bad source address from client [::], packet dropped
Tue Jan 2 01:04:17 2018 us=354744 flo/89.15.137.63:48263 MULTI: bad source address from client [::], packet dropped