|
VPN with ipv6 and ipv4 addresses
![[gb]](/s/countries/gb.gif) Shadow Hawkins on Monday, 08 November 2010 14:03:52
Hi there,
I currently run a Linux VPN server using acel-pptp which is a modified version of poptop using a kernel module to boost performance. When a VPN user connects, they will be given a private IP (172.20.0.48/28 or 172.20.2.64/28 depending on if they are allowed internet access via the vpn server or not).
I am now fully ipv6 enabled on my whole network thanks to SixXS, however what I would now like to do is also give/allocate an ipv6 address to each VPN user as they connect as well as still keep the ipv4 private block. This would then allow users to access all ipv6 and ipv4 sites.
However, I cant seem to work out how to accomplish this. So my question is, has anyone had any experience with poptop using ipv6 and ipv4 addresses for clients? And if so do you have any pointers or tips/advise so I can make this happen.
I have done quite a bit of research already and from what I understand pppd needs to be adjusted. I have looked at how but, cant seem to make it work. I just seem to break the whole VPN when I do.
Any help would be extremely grateful,
Kind Regards,
Simon
VPN with ipv6 and ipv4 addresses
![[ie]](/s/countries/ie.gif) Shadow Hawkins on Tuesday, 09 November 2010 23:28:50
Hi Simon,
My setup "slightly" differs from yours mainly because I am using Cisco router as PPTP server. IPv6 problem I had was not however caused by server.. it was client's issue.
All I need to do was to add one additional line in /etc/ppp/options
ipv6 ,
Note the comma - it's required! After putting that in my client started negotiating IPv6 straight away.
Above works in Linux. I know recent Mac OS X works as client without additional configuration. I have also tried with WinXP, but seems like it's not possible in XP.
I don't know if server-side configuration will be of any use, but there it is:
interface Virtual-Template1
bandwidth 512
ip unnumbered Loopback100
ip mtu 1400
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1360
ipv6 unnumbered Loopback100
ipv6 enable
ipv6 mtu 1400
no ipv6 nd ra suppress
ipv6 virtual-reassembly
peer default ip address pool PPTP
peer default ipv6 pool PPTP6
no keepalive
ppp encrypt mppe 128 required
ppp authentication ms-chap-v2 chap ms-chap
ppp ipcp predictive
ppp ipcp address unique
ppp timeout retry 5
ppp timeout ncp 30
ip local pool PPTP 172.24.1.10 172.24.1.30
ipv6 local pool PPTP6 2A01:XXX:XXXX:20::/59 64
Regards,
Sergiusz
VPN with ipv6 and ipv4 addresses
Shadow Hawkins on Tuesday, 07 December 2010 11:32:27
Hiya Sergiusz,
Many thanks for the reply. Sorry its a bit late in replying but I expected SixXS forum to automaticly email/notify me of replys like most other forums. As ive not had any emails, I thought no one replied. Was I wrong! :( Anyway lesson learned now checking daily :)
Thanks again for the config, I do have access to a CISCO router so your config is very useful and I thank you for that. I am also going to play with my existing setup as you may have given me the clue behind it all by adding "ipv6 ," in /etc/ppp/options file. I will update the thread with my prograss as if I can figure out a solution which everyone can use, it will save some people some headake.
Hope to have something to report in a few days time, just about to copy my existing setup to a dev box for testing so it doesnt effect my normal users.
Thanks again and applogies for the LONG delay in replying highly unlike me.
Kind Regards,
Simon
VPN with ipv6 and ipv4 addresses
Shadow Hawkins on Tuesday, 09 November 2010 23:32:52
My virtual-template uses Loopback100 as VPN endpoint.. there it is:
interface Loopback100
description VPN endpoint
ip address 172.24.1.1 255.255.255.255
ipv6 address 2A01:XXX:XXXX:2::1/64
VPN with ipv6 and ipv4 addresses
![[us]](/s/countries/us.gif) Shadow Hawkins on Tuesday, 15 March 2011 07:35:13
Question: what version of IOS are you running, and how are you connecting the Cisco router to Sixxs? I have a 2600 XM, but it was end-of-life'd a while ago, so I don't have access to the latest IOS tree :(
VPN with ipv6 and ipv4 addresses
Shadow Hawkins on Wednesday, 16 March 2011 21:53:11
Hi Bernard,
I have c871 running IOS 12.4(6)T5, so it is definitely much newer then you can get for 2600-series. If I know exact model of your box I can find out what's the newest software for it there..
As for SixXS tunnel on the router I am not running it any more for some year or so as I have native IPv6 on my DSL line now. The config for tunnel is very simple and you should be able to find out straight away if it is going to work on your box. Try this:
interface Tunnel0
description IPv6-in-IPv4 to iedub02
no ip address
ipv6 address 2001:1234:12:1::2/64
ipv6 enable
tunnel source Dialer1
tunnel destination 123.123.123.123
tunnel mode ipv6ip
"ipv6 address" and "tunnel destination" are just examples. change them for your tunnel details.
"tunnel source" will be your WAN interface.
If you are getting nowhere let me know. I can dig out some 2600 router in the office and check it out.. It'll be Friday soonest however as we celebrate St. Patrick's tomorrow.. :)
Regards,
Sergiusz
|
Posting is only allowed when you are