IPv6 traffic through OpenVPN pfSense

Discussion in 'Services - Questions & Answers (Q&A)' started by PP-AtlasRouters, Dec 2, 2017.

  1. PP-AtlasRouters

    PP-AtlasRouters New Member

    Hi All,

    I am using an pfSense router with an OpenVPN tunnel to Perfect-Privacy. The tunnel is setup on the router to tunnel all my internet traffic through this OpenVPN tunnel.

    The IPv4 part of this story this is working fine. (just set-up the tunnel & create an outbound NAT rule)

    I am having problems with the IPv6 part. I tried to setup an NPt construction to translate the internal IPv6 prefix to the Privacy-Perfect Local IPv6 address. But this is sadly not working.
    Example (not my real IP's):

    [​IMG]

    NPt seems only to work if you can translate a whole subnets. Are there any other options to achieve that all IPv6 traffics gets router through the OpenVPN tunnel.

    I would really appreciate any input on my issue.

    J.
     
  2. MixMaster

    MixMaster New Member

    NPt maps IPv6 prefixes. Use the "Outbound NAT" tab to create a rule to translate your internal network to the single address assigned by OpenVPN.
    Unfortunately, I didn't get IPv6 NAT to work properly. In packet captures on the tunnel interface, I see the outgoing address alternating between the tunnel address and the tun device fe80:: address.
    The same behaviour seems to be reported here

    Maybe you could try and report what you see on the tunnel?


    [​IMG]
     
  3. PP-AtlasRouters

    PP-AtlasRouters New Member

    Thanks, that helped a lot!
    I created a NAT rule as you showed in the picture. But I entered the Translation address manually. (entered the IPv6 address on the OpenVPN interface)
    After that it did not work yet. I had to force the LAN (guest) traffic via the OpenVPN gateway by a firewall rule:
    Screenshot from 2017-12-07 01-38-14.png

    After that it started working on my end! Please let me know if you need more information.
     
  4. Gerd

    Gerd Junior Member

    Hi PP-AtlasRouters.

    How did you activate IPV6 for OpenVPN Client and NAT?
    Can you explain that step by step?